121baa0d77
This reverts commit 46b7b6e1c9.
This didn't end up changing the incidence of the iptables-save command
task failures.
Change-Id: I02e725d7330bc9b438a9864ea49510cca7fee524
53 lines
1.3 KiB
YAML
53 lines
1.3 KiB
YAML
- name: Ensure iptables
|
|
become: true
|
|
package:
|
|
name: iptables
|
|
|
|
- name: Set up the host ip addresses
|
|
set_fact:
|
|
ipv4_addresses: >
|
|
{% set hosts = [] -%}
|
|
{% for host, vars in hostvars.items() -%}
|
|
{% if vars['nodepool']['private_ipv4'] -%}
|
|
{% set _ = hosts.append(vars['nodepool']['private_ipv4']) -%}
|
|
{% endif -%}
|
|
{% if vars['nodepool']['public_ipv4'] -%}
|
|
{% set _ = hosts.append(vars['nodepool']['public_ipv4']) -%}
|
|
{% endif -%}
|
|
{% endfor -%}
|
|
{{- hosts | sort | unique -}}
|
|
ipv6_addresses: >
|
|
{% set hosts = [] -%}
|
|
{% for host, vars in hostvars.items() -%}
|
|
{% if vars['nodepool']['public_ipv6'] -%}
|
|
{% set _ = hosts.append(vars['nodepool']['public_ipv6']) -%}
|
|
{% endif -%}
|
|
{% endfor -%}
|
|
{{- hosts | sort | unique -}}
|
|
|
|
- name: Set up ipv4 iptables rules
|
|
become: yes
|
|
iptables:
|
|
state: present
|
|
action: insert
|
|
chain: INPUT
|
|
ip_version: ipv4
|
|
source: "{{ item }}"
|
|
jump: ACCEPT
|
|
with_items: "{{ ipv4_addresses }}"
|
|
|
|
- name: Set up ipv6 iptables rules
|
|
become: yes
|
|
iptables:
|
|
state: present
|
|
action: insert
|
|
chain: INPUT
|
|
ip_version: ipv6
|
|
source: "{{ item }}"
|
|
jump: ACCEPT
|
|
with_items: "{{ ipv6_addresses }}"
|
|
|
|
- name: Persist iptables rules
|
|
include_role:
|
|
name: persistent-firewall
|