Skip to content

Commit

Permalink
Fix firewalld policy
Browse files Browse the repository at this point in the history
  • Loading branch information
@psztoch
psztoch committed Apr 4, 2024
1 parent 1cae275 commit 58e1d34
Showing 1 changed file with 17 additions and 2 deletions.
19 changes: 17 additions & 2 deletions roles/prereq/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@
- name: If firewalld enabled, open api port
ansible.posix.firewalld:
port: "{{ api_port }}/tcp"
zone: trusted
zone: internal
state: enabled
permanent: true
immediate: true
Expand All @@ -82,10 +82,25 @@
when: groups['server'] | length > 1
ansible.posix.firewalld:
port: "2379-2381/tcp"
zone: trusted
zone: internal
state: enabled
permanent: true
immediate: true

- name: If firewalld enabled, open inbound ports
ansible.posix.firewalld:
port: "{{ item }}"
zone: internal
state: enabled
permanent: true
immediate: true
with_items:
- 8472/udp
- 10250/tcp
- 51820/udp
- 51821/udp
- 5001/tcp
- 6443/tcp

- name: If firewalld enabled, allow default CIDRs
ansible.posix.firewalld:
Expand Down

0 comments on commit 58e1d34

Please sign in to comment.