From d038403979103921f060159eb3f5d9f8e468f29f Mon Sep 17 00:00:00 2001 From: Tyler Hale Date: Sat, 25 Sep 2021 08:41:14 -0600 Subject: [PATCH] Adding variable for managing firewall ports --- README.md | 27 ++++++++++++++------------- roles/haproxy/defaults/main.yml | 9 +++++++++ roles/haproxy/tasks/main.yml | 14 +------------- 3 files changed, 24 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index d6c8df3..38703b8 100644 --- a/README.md +++ b/README.md @@ -4,19 +4,20 @@ Ansible playbook that provisions a group of servers to run HAProxy with a shared ## Variables -| Variable | Required | Default | Choices | Description | -| --------------------------------- | -------- | ---------------------- | ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| haproxy_bind_adapter | Yes | eth0 | | Interface to use for the Shared IP | -| haproxy_config_file | Yes | example.haproxy.cfg.j2 | | File name to use for the haproxy config file | -| haproxy_keepalived_adapter | Yes | eth0 | | Interface to use for the keepalived communication | -| haproxy_keepalived_adapter_vlan | No | | | When specified, this will setup the given vlan and use that for the keepalived communication to keep the traffic out of the primary network | -| haproxy_keepalived_ip | Yes | 172.16.10.1/24 | | IP to use for the keepalived communication | -| haproxy_keepalived_process_weight | Yes | 10 | | Weight used for tracking the haproxy process on the server | -| haproxy_shared_ip | Yes | | | Shared IP that will be used by the group | -| haproxy_shared_ip_subnet | Yes | /24 | | Subnet for the shared IP | -| haproxy_shared_priority | Yes | 100 | | Keepalived priority for the host - this will | -| haproxy_shared_state | Yes | MASTER | MASTER/BACKUP | What state the keepalived configuration will start with for the desired host - After config starts it will determine if other members exist and adjust based on priority | -| haproxy_shared_virtual_router_id | Yes | 25 | | Virtual Router ID for the keepalived configuration - This should be the same for the group | +| Variable | Required | Default | Choices | Description | +| --------------------------------- | -------- | --------------------------------- | ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| haproxy_bind_adapter | Yes | eth0 | | Interface to use for the Shared IP | +| haproxy_config_file | Yes | example.haproxy.cfg.j2 | | File name to use for the haproxy config file | +| haproxy_keepalived_adapter | Yes | eth0 | | Interface to use for the keepalived communication | +| haproxy_keepalived_adapter_vlan | No | | | When specified, this will setup the given vlan and use that for the keepalived communication to keep the traffic out of the primary network | +| haproxy_keepalived_ip | Yes | 172.16.10.1/24 | | IP to use for the keepalived communication | +| haproxy_keepalived_process_weight | Yes | 10 | | Weight used for tracking the haproxy process on the server | +| haproxy_shared_ip | Yes | | | Shared IP that will be used by the group | +| haproxy_shared_ip_subnet | Yes | /24 | | Subnet for the shared IP | +| haproxy_shared_priority | Yes | 100 | | Keepalived priority for the host - this will | +| haproxy_shared_state | Yes | MASTER | MASTER/BACKUP | What state the keepalived configuration will start with for the desired host - After config starts it will determine if other members exist and adjust based on priority | +| haproxy_shared_virtual_router_id | Yes | 25 | | Virtual Router ID for the keepalived configuration - This should be the same for the group | +| haproxy_listen_ports | Yes | 22/tcp, 80/tcp, 443/tcp, 9999/tcp | | The firewall ports/protocols that should be opened on the firewall | ## Example diff --git a/roles/haproxy/defaults/main.yml b/roles/haproxy/defaults/main.yml index 4d96499..627d731 100644 --- a/roles/haproxy/defaults/main.yml +++ b/roles/haproxy/defaults/main.yml @@ -9,6 +9,15 @@ haproxy_shared_ip: "" haproxy_shared_ip_subnet: "/24" haproxy_shared_virtual_router_id: 25 haproxy_keepalived_process_weight: 10 +haproxy_listen_ports: + - port : 22 + protocol: tcp + - port : 80 + protocol: tcp + - port : 443 + protocol: tcp + - port : 9999 + protocol: tcp # Set per host diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml index 96051d7..2f02773 100644 --- a/roles/haproxy/tasks/main.yml +++ b/roles/haproxy/tasks/main.yml @@ -110,19 +110,7 @@ permanent: yes immediate: yes state: enabled - with_items: - - {port: "22", protocol: "tcp"} - - {port: "80", protocol: "tcp"} - - {port: "443", protocol: "tcp"} - notify: reload firewalld - become: yes - -- name: Enable firewall ports for haproxy stats - firewalld: - port: "9999/tcp" - permanent: yes - immediate: yes - state: enabled + loop: "{{ haproxy_listen_ports }}" notify: reload firewalld become: yes