-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use the firewall role, the selinux role, and the certificate role from the logging role #293
Merged
Merged
Changes from all commits
Commits
Show all changes
4 commits
Select commit
Hold shift + click to select a range
6e9ad94
Use the firewall role and the selinux role from the logging role
nhosoi 2d72616
When logging_manage_firewall and logging_manage_selinux are
nhosoi b215d63
Fixed issues found in the reviews by @richm.
nhosoi 2345f7a
Updated the requirements section for fedora.linux_system_roles.
nhosoi File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
# SPDX-License-Identifier: MIT | ||
collections: | ||
- fedora.linux_system_roles |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
--- | ||
- name: Generate certificates | ||
include_role: | ||
name: fedora.linux_system_roles.certificate | ||
vars: | ||
certificate_requests: "{{ logging_certificates }}" | ||
when: logging_certificates | length > 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
--- | ||
- block: | ||
- name: Initialize logging_firewall_ports | ||
set_fact: | ||
logging_firewall_ports: [] | ||
|
||
- name: Add tcp ports to logging_firewall_ports | ||
set_fact: | ||
logging_firewall_ports: "{{ logging_firewall_ports | | ||
union([{'port': item, 'state': 'enabled'}]) }}" | ||
loop: "{{ (logging_tcp_ports + logging_tls_tcp_ports) | | ||
map('regex_replace', '$', '/tcp') | list }}" | ||
when: (logging_tcp_ports + logging_tls_tcp_ports) | length > 0 | ||
|
||
- name: Add udp ports to logging_firewall_ports | ||
set_fact: | ||
logging_firewall_ports: "{{ logging_firewall_ports | | ||
union([{'port': item, 'state': 'enabled'}]) }}" | ||
loop: "{{ (logging_udp_ports + logging_tls_udp_ports) | | ||
map('regex_replace', '$', '/udp') | list }}" | ||
when: (logging_udp_ports + logging_tls_udp_ports) | length > 0 | ||
|
||
- name: Manage firewall for specified ports | ||
include_role: | ||
name: fedora.linux_system_roles.firewall | ||
vars: | ||
firewall: "{{ logging_firewall_ports }}" | ||
when: | ||
- logging_firewall_ports | d([]) | ||
when: | ||
- logging_manage_firewall | bool | ||
- logging_tcp_ports or logging_udp_ports or | ||
logging_tls_tcp_ports or logging_tls_udp_ports |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,183 @@ | ||
--- | ||
# Initialize variables | ||
- name: Initialize logging_tls_tcp_ports | ||
set_fact: | ||
logging_tls_tcp_ports: [] | ||
|
||
- name: Initialize logging_tcp_ports | ||
set_fact: | ||
logging_tcp_ports: [] | ||
|
||
- name: Initialize logging_tls_udp_ports | ||
set_fact: | ||
logging_tls_udp_ports: [] | ||
|
||
- name: Initialize logging_udp_ports | ||
set_fact: | ||
logging_udp_ports: [] | ||
|
||
# Gather ports configured as logging role parameters | ||
- block: | ||
- name: Parameter 'port' values | ||
set_fact: | ||
logging_tls_tcp_ports: "{{ (logging_inputs + logging_outputs) | d([]) | | ||
selectattr('port', 'defined') | | ||
map(attribute='port') | list }}" | ||
|
||
- block: | ||
- name: Parameter 'tcp_port' values (without tls) | ||
set_fact: | ||
logging_tcp_ports: "{{ logging_tcp_ports | | ||
union(__tcp_ports[0] | list) }}" | ||
|
||
- name: Parameter 'tcp_port' values (with tls) | ||
set_fact: | ||
logging_tls_tcp_ports: "{{ logging_tls_tcp_ports | | ||
union(__tcp_ports[1] | list) }}" | ||
|
||
- name: Parameter 'udp_port' values (without tls) | ||
set_fact: | ||
logging_udp_ports: "{{ logging_udp_ports | | ||
union(__udp_ports[0] | list) }}" | ||
|
||
- name: Parameter 'udp_port' values (with tls) | ||
set_fact: | ||
logging_tls_udp_ports: "{{ logging_tls_udp_ports | | ||
union(__udp_ports[1] | list) }}" | ||
|
||
- name: Parameter 'server_port' values (without tls) | ||
set_fact: | ||
logging_tcp_ports: "{{ logging_tcp_ports | | ||
union(__server_ports[0] | list) }}" | ||
|
||
- name: Parameter 'server_port' values (with tls) | ||
set_fact: | ||
logging_tls_tcp_ports: "{{ logging_tls_tcp_ports | | ||
union(__server_ports[1] | list) }}" | ||
vars: | ||
__tcp_outputs: "{{ logging_outputs | d([]) | | ||
selectattr('tcp_port', 'defined') }}" | ||
__tcp_ports: | | ||
{% set tcp_ports = [] %} | ||
{% set tls_tcp_ports = [] %} | ||
{% for output in __tcp_outputs %} | ||
{% if output.tcp_port is defined %} | ||
{% if output.tls is defined %} | ||
{% if output.tls -%} | ||
{% set _ = tls_tcp_ports.append(output.tcp_port) %} | ||
{% else -%} | ||
{% set _ = tcp_ports.append(output.tcp_port) %} | ||
{%- endif %} | ||
{% else -%} | ||
{% set _ = tcp_ports.append(output.tcp_port) %} | ||
{%- endif %} | ||
{%- endif %} | ||
{% endfor %} | ||
{% set both = [tcp_ports, tls_tcp_ports] %} | ||
{{ both }} | ||
__udp_outputs: "{{ logging_outputs | d([]) | | ||
selectattr('udp_port', 'defined') }}" | ||
__udp_ports: | | ||
{% set udp_ports = [] %} | ||
{% set tls_udp_ports = [] %} | ||
{% for output in __udp_outputs %} | ||
{% if output.udp_port is defined %} | ||
{% if output.tls is defined %} | ||
{% if output.tls -%} | ||
{% set _ = tls_udp_ports.append(output.udp_port) %} | ||
{% else -%} | ||
{% set _ = udp_ports.append(output.udp_port) %} | ||
{%- endif %} | ||
{% else -%} | ||
{% set _ = udp_ports.append(output.udp_port) %} | ||
{%- endif %} | ||
{%- endif %} | ||
{% endfor %} | ||
{% set both = [udp_ports, tls_udp_ports] %} | ||
{{ both }} | ||
__server_outputs: "{{ logging_outputs | d([]) | | ||
selectattr('server_port', 'defined') }}" | ||
__server_ports: | | ||
{% set server_ports = [] %} | ||
{% set server_tls_ports = [] %} | ||
{% for output in __server_outputs %} | ||
{% if output.server_port is defined %} | ||
{% if output.tls is defined %} | ||
{% if output.tls -%} | ||
{% set _ = server_tls_ports.append(output.server_port) %} | ||
{% else -%} | ||
{% set _ = server_ports.append(output.server_port) %} | ||
{%- endif %} | ||
{% else -%} | ||
{% set _ = server_tls_ports.append(output.server_port) %} | ||
{%- endif %} | ||
{%- endif %} | ||
{% endfor %} | ||
{% set both = [server_ports, server_tls_ports] %} | ||
{{ both }} | ||
|
||
- block: | ||
- name: Parameter 'tcp_ports' values (without tls) | ||
set_fact: | ||
logging_tcp_ports: "{{ logging_tcp_ports | | ||
union(__tcp_ports[0]) | list | flatten }}" | ||
|
||
- name: Parameter 'tcp_ports' values (with tls) | ||
set_fact: | ||
logging_tls_tcp_ports: "{{ logging_tls_tcp_ports | | ||
union(__tcp_ports[1]) | | ||
list | flatten }}" | ||
|
||
- name: Parameter 'udp_ports' values (without tls) | ||
set_fact: | ||
logging_udp_ports: "{{ logging_udp_ports | | ||
union(__udp_ports[0])| list | flatten }}" | ||
|
||
- name: Parameter 'udp_ports' values (with tls) | ||
set_fact: | ||
logging_tls_udp_ports: "{{ logging_tls_udp_ports | | ||
union(__udp_ports[1]) | | ||
list | flatten }}" | ||
vars: | ||
__tcp_inputs: "{{ logging_inputs | d([]) | | ||
selectattr('tcp_ports', 'defined') }}" | ||
__tcp_ports: | | ||
{% set tcp_ports = [] %} | ||
{% set tls_tcp_ports = [] %} | ||
{% for input in __tcp_inputs %} | ||
{% if input.tcp_ports is defined %} | ||
{% if input.tls is defined %} | ||
{% if input.tls -%} | ||
{% set _ = tls_tcp_ports.append(input.tcp_ports) %} | ||
{% else -%} | ||
{% set _ = tcp_ports.append(input.tcp_ports) %} | ||
{%- endif %} | ||
{% else -%} | ||
{% set _ = tcp_ports.append(input.tcp_ports) %} | ||
{%- endif %} | ||
{%- endif %} | ||
{% endfor %} | ||
{% set both = [tcp_ports, tls_tcp_ports] %} | ||
{{ both }} | ||
__udp_inputs: "{{ logging_inputs | d([]) | | ||
selectattr('udp_port', 'defined') }}" | ||
__udp_ports: | | ||
{% set udp_ports = [] %} | ||
{% set tls_udp_ports = [] %} | ||
{% for input in __udp_inputs %} | ||
{% if input.udp_ports is defined %} | ||
{% if input.tls is defined %} | ||
{% if input.tls -%} | ||
{% set _ = tls_udp_ports.append(input.udp_ports) %} | ||
{% else -%} | ||
{% set _ = udp_ports.append(input.udp_ports) %} | ||
{%- endif %} | ||
{% else -%} | ||
{% set _ = udp_ports.append(input.udp_ports) %} | ||
{%- endif %} | ||
{%- endif %} | ||
{% endfor %} | ||
{% set both = [udp_ports, tls_udp_ports] %} | ||
{{ both }} | ||
when: | ||
- (logging_manage_firewall | bool) or (logging_manage_selinux | bool) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since you are using
set_fact
, you'll need to ensure thatlogging_firewall_ports
is empty before this task, either by resetting it before this task, or resetting it after the task that calls the firewall role