7d15aa16f2
Adds support for configuring firewalld for CentOS hosts managed by Kayobe. * create zones * set default zone * set zone for interfaces * define rules Change-Id: Id60e25e129e323f3c07e702bb81a11efc530fb3e Story: 2008991 Task: 42644
34 lines
1.2 KiB
Plaintext
34 lines
1.2 KiB
Plaintext
---
|
|
###############################################################################
|
|
# Monitoring node firewalld configuration.
|
|
|
|
# Whether to install and enable firewalld.
|
|
firewalld_enabled: >-
|
|
{{ controller_firewalld_enabled
|
|
if inventory_hostname in groups['controllers'] else
|
|
monitoring_firewalld_enabled }}
|
|
|
|
# A list of zones to create. Each item is a dict containing a 'zone' item.
|
|
firewalld_zones: >
|
|
{{ controller_firewalld_zones
|
|
if inventory_hostname in groups['controllers'] else
|
|
monitoring_firewalld_zones }}
|
|
|
|
# A firewalld zone to set as the default. Default is unset, in which case the
|
|
# default zone will not be changed.
|
|
firewalld_default_zone: >-
|
|
{{ controller_firewalld_default_zone
|
|
if inventory_hostname in groups['controllers'] else
|
|
monitoring_firewalld_default_zone }}"
|
|
|
|
# A list of firewall rules to apply. Each item is a dict containing arguments
|
|
# to pass to the firewalld module. Arguments are omitted if not provided, with
|
|
# the following exceptions:
|
|
# - offline: true
|
|
# - permanent: true
|
|
# - state: enabled
|
|
firewalld_rules: >
|
|
{{ controller_firewalld_rules
|
|
if inventory_hostname in groups['controllers'] else
|
|
monitoring_firewalld_rules }}"
|