Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add firewalld/ufw support #722

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Conversation

redy01
Copy link

@redy01 redy01 commented Aug 6, 2024

No description provided.

@redy01 redy01 marked this pull request as ready for review August 6, 2024 19:50
@SDV109
Copy link
Contributor

SDV109 commented Aug 13, 2024

@redy01 Hi, I completed all the settings, started running the ansible playbook-playbook deploy_pgcluster.yml and I get an error:
image

vars/system.yml

# Firewall
firewall_enabled_at_boot: true  # or 'true' for configure firewall
firewall_type: "firewalld"  # available 'iptables','firewalld','ufw'

@vitabaks
Copy link
Owner

try to define three roles in the playbook instead of role: "fw_{{ firewall_type }}", each with its own condition

Example:

  roles:
    - role: fw_iptables
      vars:
        firewall_allowed_tcp_ports: "{{ firewall_ports_dynamic_var | default([]) | unique }}"
        firewall_additional_rules: "{{ firewall_rules_dynamic_var | default([]) | unique }}"
      when: firewall_type == 'iptables' and firewall_enabled_at_boot | bool
      tags: firewall

    - role: fw_firewalld
      vars:
        firewall_allowed_tcp_ports: "{{ firewall_ports_dynamic_var | default([]) | unique }}"
      when: firewall_type == 'firewalld' and firewall_enabled_at_boot | bool
      tags: firewall

    - role: fw_ufw
      vars:
        firewall_allowed_tcp_ports: "{{ firewall_ports_dynamic_var | default([]) | unique }}"
      when: firewall_type == 'ufw' and firewall_enabled_at_boot | bool
      tags: firewall

This approach increases clarity and can sometimes simplify troubleshooting by making the playbook's flow more explicit.

@vitabaks
Copy link
Owner

vitabaks commented Aug 19, 2024

Please note that the ansible code has been moved to the automation directory.

@rausub
Copy link

rausub commented Nov 8, 2024

hi has there been any development on this ? Thanks :) great work guys

@vitabaks
Copy link
Owner

The author of this PR has not completed it yet, I can do it if this functionality is really necessary.

@rausub
Copy link

rausub commented Dec 19, 2024

Hi, yes I believe this functionality is crucial as firewalld is the preferred way to manage on oracle/redhat and ufw in ubuntu. Maintaining iptables + firewalld can become cumbersome, would rather stick with just firewalld . Thanks ! Great work with the project

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants