From b79f383bc5d82302ee4e292c284e2482ae8fd24f Mon Sep 17 00:00:00 2001 From: Matthieu Saulnier Date: Sun, 21 Oct 2018 10:25:08 +0200 Subject: Split firewall tasks in task files --- roles/bittorrent/tasks/config.yml | 7 ------- roles/bittorrent/tasks/fw.yml | 6 ++++++ roles/bittorrent/tasks/main.yml | 3 +++ roles/dnsserver/tasks/config.yml | 7 ------- roles/dnsserver/tasks/fw.yml | 6 ++++++ roles/dnsserver/tasks/main.yml | 3 +++ roles/mtaserver/tasks/config.yml | 14 -------------- roles/mtaserver/tasks/fw.yml | 13 +++++++++++++ roles/mtaserver/tasks/main.yml | 3 +++ roles/ntpserver/tasks/config.yml | 7 ------- roles/ntpserver/tasks/fw.yml | 6 ++++++ roles/ntpserver/tasks/main.yml | 3 +++ 12 files changed, 43 insertions(+), 35 deletions(-) create mode 100644 roles/bittorrent/tasks/fw.yml create mode 100644 roles/dnsserver/tasks/fw.yml create mode 100644 roles/mtaserver/tasks/fw.yml create mode 100644 roles/ntpserver/tasks/fw.yml diff --git a/roles/bittorrent/tasks/config.yml b/roles/bittorrent/tasks/config.yml index a299619..0fd37a7 100644 --- a/roles/bittorrent/tasks/config.yml +++ b/roles/bittorrent/tasks/config.yml @@ -30,10 +30,3 @@ - name: Désactivation UPnP command: transmission-remote --no-portmap - -- name: Ouverture des ports Firewalld - firewalld: port=51413/tcp permanent={{ item }} state=enabled - with_items: - - true - - false - when: ansible_distribution == "Fedora" diff --git a/roles/bittorrent/tasks/fw.yml b/roles/bittorrent/tasks/fw.yml new file mode 100644 index 0000000..3749a01 --- /dev/null +++ b/roles/bittorrent/tasks/fw.yml @@ -0,0 +1,6 @@ +- name: Ouverture des ports Firewalld + firewalld: port=51413/tcp permanent={{ item }} state=enabled + with_items: + - true + - false + when: ansible_distribution == "Fedora" diff --git a/roles/bittorrent/tasks/main.yml b/roles/bittorrent/tasks/main.yml index 908318f..9382a23 100644 --- a/roles/bittorrent/tasks/main.yml +++ b/roles/bittorrent/tasks/main.yml @@ -1,6 +1,9 @@ - name: Installation des paquets import_tasks: pkgs.yml +- name: Ouverture des ports Firewalld + import_tasks: fw.yml + - name: Démarrage du service pour accèder à la configuration import_tasks: services.yml diff --git a/roles/dnsserver/tasks/config.yml b/roles/dnsserver/tasks/config.yml index 0618031..73445e1 100644 --- a/roles/dnsserver/tasks/config.yml +++ b/roles/dnsserver/tasks/config.yml @@ -15,10 +15,3 @@ when: is_dnsmaster is defined notify: reload named with_items: "{{ zonelist }}" - -- name: Ouverture des ports Firewalld - firewalld: service=dns permanent={{ item }} state=enabled - with_items: - - true - - false - when: ansible_distribution == "Fedora" diff --git a/roles/dnsserver/tasks/fw.yml b/roles/dnsserver/tasks/fw.yml new file mode 100644 index 0000000..fb5e6b6 --- /dev/null +++ b/roles/dnsserver/tasks/fw.yml @@ -0,0 +1,6 @@ +- name: Ouverture des ports Firewalld + firewalld: service=dns permanent={{ item }} state=enabled + with_items: + - true + - false + when: ansible_distribution == "Fedora" diff --git a/roles/dnsserver/tasks/main.yml b/roles/dnsserver/tasks/main.yml index 0951a8e..7fe27b9 100644 --- a/roles/dnsserver/tasks/main.yml +++ b/roles/dnsserver/tasks/main.yml @@ -7,6 +7,9 @@ - name: Configuration du service import_tasks: config.yml +- name: Ouverture des ports Firewalld + import_tasks: fw.yml + - name: Gestion du service import_tasks: services.yml diff --git a/roles/mtaserver/tasks/config.yml b/roles/mtaserver/tasks/config.yml index af8ae87..9210934 100644 --- a/roles/mtaserver/tasks/config.yml +++ b/roles/mtaserver/tasks/config.yml @@ -68,17 +68,3 @@ - name: Restauration des contextes SELinux des fichiers de conf command: /sbin/restorecon -R /etc/postfix/ /etc/aliases when: ansible_selinux.status != "disabled" - -- name: Ouverture du port SMTP - firewalld: service=smtp permanent={{ item }} state=enabled - with_items: - - true - - false - when: ansible_distribution == "Fedora" and is_mtamaster is defined - -- name: Ouverture du port Submission - firewalld: service=smtp-submission permanent={{ item }} state=enabled - with_items: - - true - - false - when: ansible_distribution == "Fedora" and is_mtamaster is defined diff --git a/roles/mtaserver/tasks/fw.yml b/roles/mtaserver/tasks/fw.yml new file mode 100644 index 0000000..3129a4d --- /dev/null +++ b/roles/mtaserver/tasks/fw.yml @@ -0,0 +1,13 @@ +- name: Ouverture du port SMTP + firewalld: service=smtp permanent={{ item }} state=enabled + with_items: + - true + - false + when: ansible_distribution == "Fedora" and is_mtamaster is defined + +- name: Ouverture du port Submission + firewalld: service=smtp-submission permanent={{ item }} state=enabled + with_items: + - true + - false + when: ansible_distribution == "Fedora" and is_mtamaster is defined diff --git a/roles/mtaserver/tasks/main.yml b/roles/mtaserver/tasks/main.yml index 977ec12..eb3efa7 100644 --- a/roles/mtaserver/tasks/main.yml +++ b/roles/mtaserver/tasks/main.yml @@ -4,6 +4,9 @@ - name: Configuration du service import_tasks: config.yml +- name: Ouverture des ports Firewalld + import_tasks: fw.yml + - name: Gestion du service import_tasks: services.yml diff --git a/roles/ntpserver/tasks/config.yml b/roles/ntpserver/tasks/config.yml index 2992990..6dd888e 100644 --- a/roles/ntpserver/tasks/config.yml +++ b/roles/ntpserver/tasks/config.yml @@ -7,10 +7,3 @@ template: src=chrony.conf.j2 dest=/etc/chrony.conf mode=644 notify: restart chrony when: ansible_distribution == "Fedora" - -- name: Ouverture des ports Firewalld - firewalld: service=ntp permanent={{ item }} state=enabled - with_items: - - true - - false - when: ansible_distribution == "Fedora" diff --git a/roles/ntpserver/tasks/fw.yml b/roles/ntpserver/tasks/fw.yml new file mode 100644 index 0000000..f57ca7d --- /dev/null +++ b/roles/ntpserver/tasks/fw.yml @@ -0,0 +1,6 @@ +- name: Ouverture des ports Firewalld + firewalld: service=ntp permanent={{ item }} state=enabled + with_items: + - true + - false + when: ansible_distribution == "Fedora" diff --git a/roles/ntpserver/tasks/main.yml b/roles/ntpserver/tasks/main.yml index d7c85a7..874a6cc 100644 --- a/roles/ntpserver/tasks/main.yml +++ b/roles/ntpserver/tasks/main.yml @@ -4,5 +4,8 @@ - name: Configuration des services import_tasks: config.yml +- name: Ouverture des ports Firewalld + import_tasks: fw.yml + - name: État des services import_tasks: services.yml -- cgit