-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathfirewalld-playbook.yml
64 lines (59 loc) · 2.2 KB
/
firewalld-playbook.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
---
- name: Create Zone
hosts: all
tasks:
- name: Create Zookeeper Zone
firewalld:
zone: zookeeper
state: present
permanent: true
- name: Reload firewalld
systemd:
name: firewalld
state: reloaded
- name: Firewall Rules
hosts: all
tasks:
- name: Zookeeper Rules Source
firewalld:
permanent: yes
immediate: yes
state: "{{item.state}}"
zone: "{{item.zone}}"
source: "{{item.source}}"
with_items:
- {state: "enabled", zone: "zookeeper", source: "172.18.46.11/24" }
- {state: "enabled", zone: "zookeeper", source: "172.18.46.12/24" }
- {state: "enabled", zone: "zookeeper", source: "172.18.46.13/24" }
- name: Zookeeper Rules Port
firewalld:
permanent: yes
immediate: yes
state: "{{item.state}}"
zone: "{{item.zone}}"
port: "{{item.port}}/{{item.proto}}"
with_items:
- {port: "2181-2182", proto: "tcp", state: "enabled", zone: "zookeeper"}
- {port: "2888-3888", proto: "tcp", state: "enabled", zone: "zookeeper"}
- name: Public Rules
firewalld:
permanent: yes
immediate: yes
state: "{{item.state}}"
zone: "{{item.zone}}"
port: "{{item.port}}/{{item.proto}}"
with_items:
- {port: "9091", proto: "tcp", state: "enabled", zone: "public"}
- {port: "9092", proto: "tcp", state: "enabled", zone: "public"}
- {port: "9093", proto: "tcp", state: "enabled", zone: "public"}
- {port: "9094", proto: "tcp", state: "enabled", zone: "public"}
- {port: "8090", proto: "tcp", state: "enabled", zone: "public"}
- {port: "9021", proto: "tcp", state: "enabled", zone: "public"}
- {port: "8081", proto: "tcp", state: "enabled", zone: "public"}
- {port: "8082", proto: "tcp", state: "enabled", zone: "public"}
- {port: "8083", proto: "tcp", state: "enabled", zone: "public"}
- {port: "8088", proto: "tcp", state: "enabled", zone: "public"}
- name: Reload firewalld
systemd:
name: firewalld
state: reloaded