Manage firewall ports on all (known) Linux operating systems.
This example is taken from molecule/default/playbook.yml
:
---
- name: Converge
hosts: all
gather_facts: false
become: true
roles:
- robertdebock.bootstrap
- robertdebock.firewall
These variables are set in defaults/main.yml
:
---
# defaults file for firewall
# A list of service to allow traffic to.
firewall_services:
- name: ssh
# A bit more difficult example:
# firewall_services:
# - name: ssh
# - name: https
# - name: 5353
# proto: udp
# To update all packages installed by this roles, set `firewall_package_state` to `latest`.
firewall_package_state: present
# Some Docker containers do not allow managing services, rebooting and writing
# to some locations in /etc. The role skips tasks that will typically fail in
# Docker. With this parameter you can tell the role to -not- skip these tasks.
firewall_ignore_docker: yes
- Access to a repository containing packages, likely on the internet.
- A recent version of Ansible. (Tests run on the last 3 release of Ansible.)
The following roles can be installed to ensure all requirements are met, using ansible-galaxy install -r requirements.yml
:
---
- robertdebock.bootstrap
This role is a part of many compatible roles. Have a look at the documentation of these roles for further information.
Here is an overview of related roles:
This role has been tested against the following distributions and Ansible version:
distribution | ansible 2.6 | ansible 2.7 | ansible devel |
---|---|---|---|
alpine-edge* | yes | yes | yes* |
alpine-latest | yes | yes | yes* |
archlinux | yes | yes | yes* |
centos-6 | yes | yes | yes* |
centos-latest | yes | yes | yes* |
debian-latest | yes | yes | yes* |
debian-stable | yes | yes | yes* |
debian-unstable* | yes | yes | yes* |
fedora-latest | yes | yes | yes* |
fedora-rawhide* | yes | yes | yes* |
opensuse-leap | yes | yes | yes* |
opensuse-tumbleweed | yes | yes | yes* |
ubuntu-artful | yes | yes | yes* |
ubuntu-devel* | yes | yes | yes* |
ubuntu-latest | yes | yes | yes* |
A single star means the build may fail, it's marked as an experimental build.
Unit tests are done on every commit and periodically.
If you find issues, please register them in GitHub
To test this role locally please use Molecule:
pip install molecule
molecule test
To test on Amazon EC2, configure ~/.aws/credentials and export AWS_REGION=eu-central-1
before running molecule test --scenario-name ec2
.
There are many specific scenarios available, please have a look in the molecule/
directory.
Run the ansible-galaxy and my lint rules if you want your change to be merges:
git clone https://github.com/ansible/ansible-lint.git /tmp/ansible-lint
ansible-lint -r /tmp/ansible-lint/lib/ansiblelint/rules .
git clone https://github.com/robertdebock/ansible-lint /tmp/my-ansible-lint
ansible-lint -r /tmp/my-ansible-lint/rules .
Apache-2.0