Add disable_firewall variable
Adds a new variable, 'disable_firewall', which defaults to true. If set to false, then the host firewall will not be disabled during kolla-ansible bootstrap-servers. Change-Id: Ie5131013012f89c8c3b91ca359ad17d9cb77efc8
This commit is contained in:
Mark Goddard
parent
e63d985ccb
commit
9fffc7bc52
|
|
@ -32,6 +32,9 @@ change_selinux: True
|
||||||
|
|
||||||
selinux_state: "permissive"
|
selinux_state: "permissive"
|
||||||
|
|
||||||
|
# If true, the host firewall service (firewalld or ufw) will be disabled.
|
||||||
|
disable_firewall: True
|
||||||
|
|
||||||
docker_storage_driver: ""
|
docker_storage_driver: ""
|
||||||
docker_custom_option: ""
|
docker_custom_option: ""
|
||||||
docker_custom_config: {}
|
docker_custom_config: {}
|
||||||
|
|
|
||||||
|
|
@ -6,34 +6,36 @@
|
||||||
when: ansible_facts.os_family == 'Debian'
|
when: ansible_facts.os_family == 'Debian'
|
||||||
|
|
||||||
# TODO(inc0): Gates don't seem to have ufw executable, check for it instead of ignore errors
|
# TODO(inc0): Gates don't seem to have ufw executable, check for it instead of ignore errors
|
||||||
- name: Set firewall default policy
|
- block:
|
||||||
become: True
|
- name: Set firewall default policy
|
||||||
ufw:
|
become: True
|
||||||
state: disabled
|
ufw:
|
||||||
policy: allow
|
state: disabled
|
||||||
when: ansible_facts.os_family == 'Debian'
|
policy: allow
|
||||||
ignore_errors: yes
|
when: ansible_facts.os_family == 'Debian'
|
||||||
|
ignore_errors: yes
|
||||||
|
|
||||||
- name: Check if firewalld is installed
|
- name: Check if firewalld is installed
|
||||||
command: rpm -q firewalld
|
command: rpm -q firewalld
|
||||||
register: firewalld_check
|
register: firewalld_check
|
||||||
changed_when: false
|
changed_when: false
|
||||||
failed_when: firewalld_check.rc > 1
|
failed_when: firewalld_check.rc > 1
|
||||||
args:
|
args:
|
||||||
warn: false
|
warn: false
|
||||||
when: ansible_facts.os_family == 'RedHat'
|
when: ansible_facts.os_family == 'RedHat'
|
||||||
|
|
||||||
- name: Disable firewalld
|
- name: Disable firewalld
|
||||||
become: True
|
become: True
|
||||||
service:
|
service:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
enabled: false
|
enabled: false
|
||||||
state: stopped
|
state: stopped
|
||||||
with_items:
|
with_items:
|
||||||
- firewalld
|
- firewalld
|
||||||
when:
|
when:
|
||||||
- ansible_facts.os_family == 'RedHat'
|
- ansible_facts.os_family == 'RedHat'
|
||||||
- firewalld_check.rc == 0
|
- firewalld_check.rc == 0
|
||||||
|
when: disable_firewall | bool
|
||||||
|
|
||||||
# Upgrading docker engine may cause containers to stop. Take a snapshot of the
|
# Upgrading docker engine may cause containers to stop. Take a snapshot of the
|
||||||
# running containers prior to a potential upgrade of Docker.
|
# running containers prior to a potential upgrade of Docker.
|
||||||
|
|
|
||||||
|
|
@ -204,6 +204,8 @@ will be added to allow all traffic.
|
||||||
|
|
||||||
On Red Hat family systems where firewalld is installed, it will be disabled.
|
On Red Hat family systems where firewalld is installed, it will be disabled.
|
||||||
|
|
||||||
|
This behaviour can be avoided by setting ``disable_firewall`` to ``false``.
|
||||||
|
|
||||||
Creation of Python virtual environment
|
Creation of Python virtual environment
|
||||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Adds a new variable, ``disable_firewall``, which defaults to ``true``. If
|
||||||
|
set to ``false``, then the host firewall will not be disabled during
|
||||||
|
``kolla-ansible bootstrap-servers``.
|
||||||
Loading…
Reference in New Issue