You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by di...@apache.org on 2020/11/21 06:57:53 UTC
[airavata] branch firewall-fixes updated: Making firewall rules to
apply immediately
This is an automated email from the ASF dual-hosted git repository.
dimuthuupe pushed a commit to branch firewall-fixes
in repository https://gitbox.apache.org/repos/asf/airavata.git
The following commit(s) were added to refs/heads/firewall-fixes by this push:
new 8337e85 Making firewall rules to apply immediately
8337e85 is described below
commit 8337e851b2c9e9d8c9d2fe23749b1bfdc405bfd6
Author: Dimuthu Wannipurage <di...@gmail.com>
AuthorDate: Sat Nov 21 01:57:42 2020 -0500
Making firewall rules to apply immediately
---
dev-tools/ansible/roles/api-orch/tasks/main.yml | 5 +++++
dev-tools/ansible/roles/database/tasks/main.yml | 17 +++++++++--------
dev-tools/ansible/roles/env_setup/tasks/main.yml | 1 +
dev-tools/ansible/roles/kafka/tasks/main.yml | 1 +
dev-tools/ansible/roles/rabbitmq/tasks/main.yml | 2 ++
dev-tools/ansible/roles/zookeeper/tasks/main.yml | 1 +
6 files changed, 19 insertions(+), 8 deletions(-)
diff --git a/dev-tools/ansible/roles/api-orch/tasks/main.yml b/dev-tools/ansible/roles/api-orch/tasks/main.yml
index 8692c19..55a69c4 100644
--- a/dev-tools/ansible/roles/api-orch/tasks/main.yml
+++ b/dev-tools/ansible/roles/api-orch/tasks/main.yml
@@ -86,6 +86,7 @@
zone: public
permanent: yes
state: enabled
+ immediate: yes
rich_rule: rule family=ipv4 source address="{{ item }}" port port="{{ sharing_registry_port }}" protocol=tcp accept
with_items:
- "{{ sharing_subnets }}"
@@ -96,6 +97,7 @@
zone: public
permanent: yes
state: enabled
+ immediate: yes
rich_rule: rule family=ipv4 source address="{{ item }}" port port="{{ registry_port }}" protocol=tcp accept
with_items:
- "{{ registry_subnets }}"
@@ -106,6 +108,7 @@
zone: public
permanent: yes
state: enabled
+ immediate: yes
rich_rule: rule family=ipv4 source address="{{ item }}" port port="{{ cred_store_port }}" protocol=tcp accept
with_items:
- "{{ credential_store_subnets }}"
@@ -116,6 +119,7 @@
zone: public
permanent: yes
state: enabled
+ immediate: yes
port: "{{ api_server_tls_port }}/tcp"
become_user: root
@@ -124,6 +128,7 @@
zone: public
permanent: yes
state: enabled
+ immediate: yes
port: "{{ profile_service_port }}/tcp"
become_user: root
diff --git a/dev-tools/ansible/roles/database/tasks/main.yml b/dev-tools/ansible/roles/database/tasks/main.yml
index a0b5016..b781968 100644
--- a/dev-tools/ansible/roles/database/tasks/main.yml
+++ b/dev-tools/ansible/roles/database/tasks/main.yml
@@ -143,11 +143,12 @@
when: "'keycloak' in groups"
- name: allow only selected networks to access DB
- firewalld:
- zone: public
- permanent: yes
- state: enabled
- rich_rule: rule family=ipv4 source address="{{ item }}" port port="{{ db_server_port }}" protocol=tcp accept
- with_items:
- - "{{ db_subnets }}"
- become_user: root
+ firewalld:
+ zone: public
+ permanent: yes
+ state: enabled
+ immediate: yes
+ rich_rule: rule family=ipv4 source address="{{ item }}" port port="{{ db_server_port }}" protocol=tcp accept
+ with_items:
+ - "{{ db_subnets }}"
+ become_user: root
diff --git a/dev-tools/ansible/roles/env_setup/tasks/main.yml b/dev-tools/ansible/roles/env_setup/tasks/main.yml
index 5123fa8..20f872f 100644
--- a/dev-tools/ansible/roles/env_setup/tasks/main.yml
+++ b/dev-tools/ansible/roles/env_setup/tasks/main.yml
@@ -77,5 +77,6 @@
permanent: yes
state: enabled
port: 10050/tcp
+ immediate: yes
become: yes
...
diff --git a/dev-tools/ansible/roles/kafka/tasks/main.yml b/dev-tools/ansible/roles/kafka/tasks/main.yml
index 45f406c..5b91cc8 100644
--- a/dev-tools/ansible/roles/kafka/tasks/main.yml
+++ b/dev-tools/ansible/roles/kafka/tasks/main.yml
@@ -74,6 +74,7 @@
zone: public
permanent: yes
state: enabled
+ immediate: yes
rich_rule: rule family=ipv4 source address="{{ item }}" port port={{ kafka_listener_port }} protocol=tcp accept
with_items:
- "{{ kafka_subnets }}"
diff --git a/dev-tools/ansible/roles/rabbitmq/tasks/main.yml b/dev-tools/ansible/roles/rabbitmq/tasks/main.yml
index 05cbd52..cfa31a1 100644
--- a/dev-tools/ansible/roles/rabbitmq/tasks/main.yml
+++ b/dev-tools/ansible/roles/rabbitmq/tasks/main.yml
@@ -35,6 +35,7 @@
permanent: yes
state: enabled
rich_rule: rule family=ipv4 source address="{{ item }}" port port="{{ rabbitmq_port }}" protocol=tcp accept
+ immediate: yes
with_items:
- "{{ rabbitmq_subnets }}"
become: yes
@@ -44,6 +45,7 @@
zone: public
permanent: yes
state: enabled
+ immediate: yes
rich_rule: rule family=ipv4 source address="{{ item }}" port port="{{ management_plugin_port }}" protocol=tcp accept
with_items:
- "{{ rabbitmq_subnets }}"
diff --git a/dev-tools/ansible/roles/zookeeper/tasks/main.yml b/dev-tools/ansible/roles/zookeeper/tasks/main.yml
index 728eca1..2cf5085 100644
--- a/dev-tools/ansible/roles/zookeeper/tasks/main.yml
+++ b/dev-tools/ansible/roles/zookeeper/tasks/main.yml
@@ -34,6 +34,7 @@
zone: public
permanent: yes
state: enabled
+ immediate: yes
rich_rule: rule family=ipv4 source address="{{ item }}" port port=2181 protocol=tcp accept
with_items:
- "{{ zk_subnets }}"