Adding configuration options
This commit is contained in:
parent
9c1f0b1a98
commit
2b2d418c08
GPG key ID:
C7CC4B910D88EF96
5 changed files with 101 additions and 0 deletions
11
roles/nginx_cluster/tasks/firewall.yml
Normal file
11
roles/nginx_cluster/tasks/firewall.yml
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
# file: roles/nginx_cluster/tasks/firewall.yml
|
||||
|
||||
- name: "Enable firewall rule to Access IP"
|
||||
firewalld:
|
||||
rich_rule: 'rule family="ipv4" source address="{{ access_ip }}" port port="{{ item }}" protocol="tcp" accept'
|
||||
permanent: yes
|
||||
state: enabled
|
||||
immediate: yes
|
||||
notify: Reload firewalld
|
||||
loop: "{{ nginx_cluster_open_ports }}"
|
||||
|
|
@ -7,6 +7,19 @@
|
|||
state: present
|
||||
disable_gpg_check: True
|
||||
when: ansible_distribution == 'RedHat' or ansible_distribution == 'AlmaLinux' or ansible_distribution == 'Rocky'
|
||||
tags: packages
|
||||
|
||||
- name: Install remi RPM
|
||||
package:
|
||||
name: https://rpms.remirepo.net/enterprise/remi-release-9.rpm
|
||||
state: present
|
||||
disable_gpg_check: True
|
||||
tags: packages
|
||||
|
||||
- name: Enable DNF module for php
|
||||
shell: "dnf module enable -y php:remi-{{ nginx_cluster_php_version }}"
|
||||
register: dnf_module_enable
|
||||
changed_when: "'Nothing to do' not in dnf_module_enable.stdout"
|
||||
|
||||
- name: Install prereq packages
|
||||
package:
|
||||
|
|
@ -16,6 +29,20 @@
|
|||
- php-mysqlnd
|
||||
- lsyncd
|
||||
state: latest
|
||||
tags: packages
|
||||
|
||||
- name: Install additional packages
|
||||
package:
|
||||
name: "{{ item }}"
|
||||
state: latest
|
||||
loop: "{{ nginx_cluster_aditional_packages }}"
|
||||
tags: packages
|
||||
|
||||
- name: Create a symbolic link for host cert
|
||||
file:
|
||||
src: "/etc/ssl/{{ ansible_hostname }}"
|
||||
dest: "/etc/ssl/host"
|
||||
state: link
|
||||
|
||||
- name: Create temp directory
|
||||
file:
|
||||
|
|
@ -67,6 +94,22 @@
|
|||
dest: "/etc/lsyncd.conf"
|
||||
notify: Restart lsyncd
|
||||
|
||||
- name: Allow web server to listen on tcp port
|
||||
seport:
|
||||
ports: "{{ item }}"
|
||||
proto: tcp
|
||||
setype: http_port_t
|
||||
state: present
|
||||
loop: "{{ nginx_cluster_open_ports }}"
|
||||
|
||||
- name: Set selinux flags
|
||||
seboolean:
|
||||
name: "{{ item }}"
|
||||
state: true
|
||||
persistent: true
|
||||
loop: "{{ nginx_cluster_sebool }}"
|
||||
when: nginx_cluster_sebool != ""
|
||||
|
||||
- name: Start and enable lsyncd
|
||||
service:
|
||||
name: lsyncd
|
||||
|
|
@ -84,3 +127,20 @@
|
|||
name: php-fpm
|
||||
state: started
|
||||
enabled: yes
|
||||
|
||||
- name: Enable firewall for access IPs
|
||||
include_tasks: firewall.yml
|
||||
loop: "{{ nginx_cluster_access_ip }}"
|
||||
loop_control:
|
||||
loop_var: access_ip
|
||||
when: nginx_cluster_access_ip != ""
|
||||
|
||||
- name: Enable firewall rules
|
||||
firewalld:
|
||||
port: "{{ item }}/tcp"
|
||||
permanent: yes
|
||||
immediate: yes
|
||||
state: enabled
|
||||
notify: Reload firewalld
|
||||
loop: "{{ nginx_cluster_open_ports }}"
|
||||
when: nginx_cluster_access_ip == ""
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue