8553e52acd
This change introduces automated configuration of firewalld and adds a new filter for extracting services from the project_services dict. the filter selects any enabled services and their haproxy element and returns them so they can be iterated over. This commit also enables automated configuration of firewalld from enabled openstack services and adds them to the defined zone and reloads the system firewall. Change-Id: Iea3680142711873984efff2b701347b6a56dd355
42 lines
1.4 KiB
YAML
42 lines
1.4 KiB
YAML
---
|
|
- name: "Copying over {{ project_name }} haproxy config"
|
|
vars:
|
|
service: "{{ item.value }}"
|
|
haproxy_templates:
|
|
- "{{ node_custom_config }}/haproxy-config/{{ inventory_hostname }}/{{ item.key }}.cfg"
|
|
- "{{ node_custom_config }}/haproxy-config/{{ item.key }}.cfg"
|
|
- "{{ node_custom_config }}/haproxy-config/{{ inventory_hostname }}/{{ haproxy_service_template }}"
|
|
- "{{ node_custom_config }}/haproxy-config/{{ haproxy_service_template }}"
|
|
- "templates/{{ haproxy_service_template }}"
|
|
template_file: "{{ query('first_found', haproxy_templates) | first }}"
|
|
template:
|
|
src: "{{ template_file }}"
|
|
dest: "{{ node_config_directory }}/haproxy/services.d/{{ item.key }}.cfg"
|
|
mode: "0660"
|
|
become: true
|
|
when:
|
|
- service.enabled | bool
|
|
- service.haproxy is defined
|
|
- enable_haproxy | bool
|
|
with_dict: "{{ project_services }}"
|
|
notify:
|
|
- Restart haproxy container
|
|
|
|
- name: "Configuring firewall for {{ project_name }}"
|
|
firewalld:
|
|
offline: "yes"
|
|
permanent: "yes"
|
|
port: "{{ item.value.port }}/tcp"
|
|
state: "enabled"
|
|
zone: "{{ external_api_firewalld_zone }}"
|
|
become: true
|
|
when:
|
|
- enable_haproxy | bool
|
|
- item.value.enabled | bool
|
|
- item.value.port is defined
|
|
- item.value.external | default('false') | bool
|
|
- enable_external_api_firewalld | bool
|
|
with_dict: "{{ project_services | extract_haproxy_services }}"
|
|
notify:
|
|
- "Reload firewalld"
|