123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990 |
- # Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- ---
- - name: Install firewalld
- package:
- name: firewalld
- state: present
- tags: firewalld
- - name: Start and enable firewalld
- service:
- name: firewalld
- state: started
- enabled: yes
- tags: firewalld
- - name: Configure firewalld on master nodes
- firewalld:
- port: "{{ item }}"
- permanent: yes
- state: enabled
- with_items: '{{ k8s_master_ports }}'
- when: "'manager' in group_names"
- tags: firewalld
- - name: Configure firewalld on compute nodes
- firewalld:
- port: "{{ item }}/tcp"
- permanent: yes
- state: enabled
- with_items: '{{ k8s_compute_ports }}'
- when: "'compute' in group_names and groups['manager'][0] != groups['compute'][0] and groups['compute']|length >= 1"
- tags: firewalld
- - name: Open flannel ports on the firewall
- firewalld:
- port: "{{ item }}/udp"
- permanent: yes
- state: enabled
- with_items: "{{ flannel_udp_ports }}"
- when: hostvars['127.0.0.1']['k8s_cni'] == "flannel"
- tags: firewalld
- - name: Open calico UDP ports on the firewall
- firewalld:
- port: "{{ item }}/udp"
- permanent: yes
- state: enabled
- with_items: "{{ calico_udp_ports }}"
- when: hostvars['127.0.0.1']['k8s_cni'] == "calico"
- tags: firewalld
- - name: Open calico TCP ports on the firewall
- firewalld:
- port: "{{ item }}/tcp"
- permanent: yes
- state: enabled
- with_items: "{{ calico_tcp_ports }}"
- when: hostvars['127.0.0.1']['k8s_cni'] == "calico"
- tags: firewalld
- - name: Masquerade the firewall
- command: firewall-cmd --add-masquerade --permanent
- changed_when: true
- tags: firewalld
- - name: Reload firewalld
- command: firewall-cmd --reload
- changed_when: true
- tags: firewalld
- - name: Stop and disable firewalld
- service:
- name: firewalld
- state: stopped
- enabled: no
- tags: firewalld
|