From 5a15f65db3dfb245919bdd534e93bd711db2eb60 Mon Sep 17 00:00:00 2001
From: "Suren A. Chilingaryan" <csa@suren.me>
Date: Sat, 24 Mar 2018 03:05:47 +0100
Subject: Minor tunning

---
 roles/ands_network/defaults/main.yml                 |  2 +-
 roles/ands_network/files/firewalld/galera.xml        | 10 ++++++++++
 roles/ands_network/files/firewalld/haproxy-stats.xml |  6 ++++++
 roles/ands_network/files/firewalld/netpipe.xml       |  6 ++++++
 roles/ands_network/files/galera.xml                  | 10 ----------
 roles/ands_network/files/netpipe.xml                 |  6 ------
 roles/ands_network/tasks/firewall.yml                | 12 +++++++++---
 roles/ands_network/tasks/firewall_service.yml        |  2 +-
 8 files changed, 33 insertions(+), 21 deletions(-)
 create mode 100644 roles/ands_network/files/firewalld/galera.xml
 create mode 100644 roles/ands_network/files/firewalld/haproxy-stats.xml
 create mode 100644 roles/ands_network/files/firewalld/netpipe.xml
 delete mode 100644 roles/ands_network/files/galera.xml
 delete mode 100644 roles/ands_network/files/netpipe.xml

(limited to 'roles/ands_network')

diff --git a/roles/ands_network/defaults/main.yml b/roles/ands_network/defaults/main.yml
index 0170370..c2538f9 100644
--- a/roles/ands_network/defaults/main.yml
+++ b/roles/ands_network/defaults/main.yml
@@ -1,3 +1,3 @@
 configure_network: "{{ ands_configure_network | default(false) }}"
 firewall_template_path: "{{ ands_paths.provision }}/firewall/{{ ansible_hostname }}"
-firewall_services: [ 'galera', 'netpipe' ]
\ No newline at end of file
+firewall_enabled_services: "{{ ands_firewall_enabled_services }}"
diff --git a/roles/ands_network/files/firewalld/galera.xml b/roles/ands_network/files/firewalld/galera.xml
new file mode 100644
index 0000000..15f908b
--- /dev/null
+++ b/roles/ands_network/files/firewalld/galera.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+  <short>MySQL/Galera</short>
+  <description>MySQL/Galera Database Server</description>
+  <port protocol="tcp" port="3306"/>
+  <port protocol="tcp" port="4567"/>
+  <port protocol="udp" port="4567"/>
+  <port protocol="tcp" port="4568"/>
+  <port protocol="tcp" port="4444"/>
+</service>
diff --git a/roles/ands_network/files/firewalld/haproxy-stats.xml b/roles/ands_network/files/firewalld/haproxy-stats.xml
new file mode 100644
index 0000000..b574be7
--- /dev/null
+++ b/roles/ands_network/files/firewalld/haproxy-stats.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+  <short>haproxy-stats</short>
+  <description>OpenShift HAProxy router statistics</description>
+  <port protocol="tcp" port="1936"/>
+</service>
diff --git a/roles/ands_network/files/firewalld/netpipe.xml b/roles/ands_network/files/firewalld/netpipe.xml
new file mode 100644
index 0000000..0e7f355
--- /dev/null
+++ b/roles/ands_network/files/firewalld/netpipe.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+  <short>NetPIPE</short>
+  <description>NetPIPE network benchmark</description>
+  <port protocol="tcp" port="5002"/>
+</service>
diff --git a/roles/ands_network/files/galera.xml b/roles/ands_network/files/galera.xml
deleted file mode 100644
index 15f908b..0000000
--- a/roles/ands_network/files/galera.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<service>
-  <short>MySQL/Galera</short>
-  <description>MySQL/Galera Database Server</description>
-  <port protocol="tcp" port="3306"/>
-  <port protocol="tcp" port="4567"/>
-  <port protocol="udp" port="4567"/>
-  <port protocol="tcp" port="4568"/>
-  <port protocol="tcp" port="4444"/>
-</service>
diff --git a/roles/ands_network/files/netpipe.xml b/roles/ands_network/files/netpipe.xml
deleted file mode 100644
index 0e7f355..0000000
--- a/roles/ands_network/files/netpipe.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<service>
-  <short>NetPIPE</short>
-  <description>NetPIPE network benchmark</description>
-  <port protocol="tcp" port="5002"/>
-</service>
diff --git a/roles/ands_network/tasks/firewall.yml b/roles/ands_network/tasks/firewall.yml
index d5ba5f3..280a172 100644
--- a/roles/ands_network/tasks/firewall.yml
+++ b/roles/ands_network/tasks/firewall.yml
@@ -12,15 +12,21 @@
 
 - name: Configure missing firewalld services
   include_tasks: firewall_service.yml
-  with_items: "{{ firewall_services }}"
+  with_items: "{{ lookup('pipe', filesearch).split('\n') }}"
   vars:
+    filesearch: "find {{ role_path }}/files/firewalld -name *.xml -mindepth 1 -maxdepth 1"
+    service:  "{{ item | basename | regex_replace('\\.xml','') }}"
     servicelist: "{{ services.stdout_lines }}"
-  loop_control:
-    loop_var: service
 
 - name: Reload firewalld rules
   shell: firewall-cmd --reload
 
+- name: Enable requested services
+  firewalld: service="{{ item }}" state="enabled" permanent="true" immediate="true"
+  when: ands_hostnet_db | default(false)
+  with_items: "{{ firewall_enabled_services }}"
+ 
+
 - name: Enable MySQL and Galera services if ands_hostnet_db is enabled
   firewalld: service="{{ item }}" state="enabled" permanent="true" immediate="true"
   when: ands_hostnet_db | default(false)
diff --git a/roles/ands_network/tasks/firewall_service.yml b/roles/ands_network/tasks/firewall_service.yml
index 98bc866..d3c6e9b 100644
--- a/roles/ands_network/tasks/firewall_service.yml
+++ b/roles/ands_network/tasks/firewall_service.yml
@@ -1,5 +1,5 @@
 - name: "Copy firewalld service '{{ service }}'"
-  copy: src="{{ service }}.xml" dest="{{ firewall_template_path }}/{{ service }}.xml" owner=root group=root mode="0644"
+  copy: src="firewalld/{{ service }}.xml" dest="{{ firewall_template_path }}/{{ service }}.xml" owner=root group=root mode="0644"
   register: result
 
 - name: "Delete old version of firewalld service '{{ service }}'"
-- 
cgit v1.2.3