main.yml 2.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990
  1. # Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
  2. #
  3. # Licensed under the Apache License, Version 2.0 (the "License");
  4. # you may not use this file except in compliance with the License.
  5. # You may obtain a copy of the License at
  6. #
  7. # http://www.apache.org/licenses/LICENSE-2.0
  8. #
  9. # Unless required by applicable law or agreed to in writing, software
  10. # distributed under the License is distributed on an "AS IS" BASIS,
  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. # See the License for the specific language governing permissions and
  13. # limitations under the License.
  14. ---
  15. - name: Install firewalld
  16. package:
  17. name: firewalld
  18. state: present
  19. tags: firewalld
  20. - name: Start and enable firewalld
  21. service:
  22. name: firewalld
  23. state: started
  24. enabled: yes
  25. tags: firewalld
  26. - name: Configure firewalld on master nodes
  27. firewalld:
  28. port: "{{ item }}"
  29. permanent: yes
  30. state: enabled
  31. with_items: '{{ k8s_master_ports }}'
  32. when: "'manager' in group_names"
  33. tags: firewalld
  34. - name: Configure firewalld on compute nodes
  35. firewalld:
  36. port: "{{ item }}/tcp"
  37. permanent: yes
  38. state: enabled
  39. with_items: '{{ k8s_compute_ports }}'
  40. when: "'compute' in group_names and groups['manager'][0] != groups['compute'][0] and groups['compute']|length >= 1"
  41. tags: firewalld
  42. - name: Open flannel ports on the firewall
  43. firewalld:
  44. port: "{{ item }}/udp"
  45. permanent: yes
  46. state: enabled
  47. with_items: "{{ flannel_udp_ports }}"
  48. when: hostvars['127.0.0.1']['k8s_cni'] == "flannel"
  49. tags: firewalld
  50. - name: Open calico UDP ports on the firewall
  51. firewalld:
  52. port: "{{ item }}/udp"
  53. permanent: yes
  54. state: enabled
  55. with_items: "{{ calico_udp_ports }}"
  56. when: hostvars['127.0.0.1']['k8s_cni'] == "calico"
  57. tags: firewalld
  58. - name: Open calico TCP ports on the firewall
  59. firewalld:
  60. port: "{{ item }}/tcp"
  61. permanent: yes
  62. state: enabled
  63. with_items: "{{ calico_tcp_ports }}"
  64. when: hostvars['127.0.0.1']['k8s_cni'] == "calico"
  65. tags: firewalld
  66. - name: Masquerade the firewall
  67. command: firewall-cmd --add-masquerade --permanent
  68. changed_when: true
  69. tags: firewalld
  70. - name: Reload firewalld
  71. command: firewall-cmd --reload
  72. changed_when: true
  73. tags: firewalld
  74. - name: Stop and disable firewalld
  75. service:
  76. name: firewalld
  77. state: stopped
  78. enabled: no
  79. tags: firewalld