forked from evolix/ansible-roles
kvm-host: Add firewall rule for DRBD
This commit is contained in:
parent
13284645de
commit
7c2fd5e394
|
@ -11,3 +11,4 @@ lvm_filter:
|
||||||
- '"a|^/dev/sd[a-zA-Z]+[0-9]*$|"'
|
- '"a|^/dev/sd[a-zA-Z]+[0-9]*$|"'
|
||||||
- '"a|^/dev/nvme[0-9]+(n[0-9]+)?(p[0-9]+)?$|"'
|
- '"a|^/dev/nvme[0-9]+(n[0-9]+)?(p[0-9]+)?$|"'
|
||||||
- '"a|^/dev/md[0-9]+$|"'
|
- '"a|^/dev/md[0-9]+$|"'
|
||||||
|
kvm_drbd_interface: null
|
||||||
|
|
9
kvm-host/tasks/firewall.yml
Normal file
9
kvm-host/tasks/firewall.yml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
- name: Allow all traffic through DRBD interface
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: /etc/minifirewall.d/drbd
|
||||||
|
line: "/sbin/iptables -I INPUT -p tcp -i {{ kvm_drbd_interface }} -j ACCEPT"
|
||||||
|
create: yes
|
||||||
|
when:
|
||||||
|
- kvm_drbd_interface is defined
|
||||||
|
- kvm_drbd_interface | length > 0
|
|
@ -16,3 +16,5 @@
|
||||||
- ansible.builtin.include: images.yml
|
- ansible.builtin.include: images.yml
|
||||||
|
|
||||||
- ansible.builtin.include: tools.yml
|
- ansible.builtin.include: tools.yml
|
||||||
|
|
||||||
|
- ansible.builtin.include: firewall.yml
|
||||||
|
|
Loading…
Reference in a new issue