Commit 2f9b7c6d authored by Alain Takoudjou's avatar Alain Takoudjou

playbook: imt-slapos: enable firewalld configuration in slapos.cfg

parent ab17e43f
...@@ -46,6 +46,27 @@ ...@@ -46,6 +46,27 @@
- { regexp: '^manager_list\s*=', line: 'manager_list = prerm' } - { regexp: '^manager_list\s*=', line: 'manager_list = prerm' }
when: post_config is defined and slapos_cfg.stat.exists == True when: post_config is defined and slapos_cfg.stat.exists == True
- name: Check whether firewall is enabled
shell: grep -Fxq "[firewall]" /etc/opt/slapos/slapos.cfg
register: has_firewall
ignore_errors: yes
when: post_config is defined and slapos_cfg.stat.exists == True
- name: activate firewalld in slapos config
lineinfile: dest=/etc/opt/slapos/slapos.cfg line="[firewall]\n" insertbefore="^\[networkcache\]"
when: post_config is defined and has_firewall.rc != 0 and slapos_cfg.stat.exists == True
- name: Update firewall configuration
lineinfile: dest=/etc/opt/slapos/slapos.cfg regexp="{{ item.regexp }}" line="{{ item.line }}" insertafter="^\[firewall\]$" state=present
with_items:
- { regexp: '^dbus_executable\s*=', line: 'dbus_executable = /opt/slapos/parts/dbus/bin/dbus-daemon --nofork --nopidfile --system' }
- { regexp: '^firewall_executable\s*=', line: 'firewall_executable = /opt/slapos/parts/firewalld/sbin/firewalld --nofork' }
- { regexp: '^firewall_cmd\s*=', line: 'firewall_cmd = /opt/slapos/parts/firewalld/bin/firewall-cmd' }
- { regexp: '^log_file\s*=*firewalld*', line: 'log_file = /opt/slapos/log/firewalld.log' }
- { regexp: '^dbus_log_file\s*=', line: 'dbus_log_file = /opt/slapos/log/dbus.log' }
- { regexp: '^reload_config_cmd\s*=', line: 'reload_config_cmd = slapos node restart firewall' }
when: post_config is defined and slapos_cfg.stat.exists == True
- modprobe: name=kvm state=present - modprobe: name=kvm state=present
when: post_config is defined when: post_config is defined
- modprobe: name=kvm_intel state=present - modprobe: name=kvm_intel state=present
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment