darexsu.firewalld
Ansible 角色 firewalld
- 角色:
- 剧本(合并版本):
- 剧本(完整版本):
平台
| 测试 | 可使用 |
|---|---|
| Debian 11 | :heavy_check_mark: |
| Debian 10 | :heavy_check_mark: |
| Ubuntu 20.04 | :heavy_check_mark: |
| Ubuntu 18.04 | :heavy_check_mark: |
| Oracle Linux 8 | :heavy_check_mark: |
| Rocky Linux 8 | :heavy_check_mark: |
安装
ansible-galaxy install darexsu.firewalld --force
行为
替换或合并字典(在 ansible.cfg 中使用 "hash_behaviour=replace"):
# 替换 # 合并
--- ---
vars: vars:
dict: merge:
a: "value" dict:
b: "value" a: "value"
b: "value"
# 合并是如何工作的?
你的变量 [host_vars] --> 默认变量 [当前角色] --> 默认变量 [包含角色]
dict: dict: dict:
a: "1" --> a: "1" --> a: "1"
b: "2" --> b: "2"
c: "3"
安装和配置:firewalld(合并版本)
---
- hosts: all
become: true
vars:
merge:
# FirewallD
firewalld:
enabled: true
# FirewallD -> 安装
firewalld_install:
enabled: true
# FirewallD -> 规则
firewalld_rules:
port_80:
enabled: true
zone: "public"
state: "enabled"
port: "80/tcp"
permanent: true
service_http:
enabled: true
zone: "public"
state: "enabled"
service: "http"
permanent: true
service_https:
enabled: true
zone: "public"
state: "enabled"
service: "https"
permanent: true
# ...
tasks:
- name: role darexsu firewalld
include_role:
name: darexsu.firewalld
安装:firewalld(合并版本)
---
- hosts: all
become: true
vars:
merge:
# FirewallD
firewalld:
enabled: true
# FirewallD -> 安装
firewalld_install:
enabled: true
tasks:
- name: role darexsu firewalld
include_role:
name: darexsu.firewalld
配置:添加防火墙规则(合并版本)
---
- hosts: all
become: true
vars:
merge:
# FirewallD
firewalld:
enabled: true
# FirewallD -> 规则
firewalld_rules:
port_80:
enabled: true
zone: "public"
state: "enabled"
port: "80/tcp"
permanent: true
service_http:
enabled: true
zone: "public"
state: "enabled"
service: "http"
permanent: true
service_https:
enabled: true
zone: "public"
state: "enabled"
service: "https"
permanent: true
# rule_name:
# enabled: true
# key: value
# ...
tasks:
- name: role darexsu firewalld
include_role:
name: darexsu.firewalld
安装和配置:firewalld(完整版本)
---
- hosts: all
become: true
vars:
# FirewallD
firewalld:
enabled: true
service:
enabled: true
state: "started"
# FirewallD -> 安装
firewalld_install:
enabled: true
# FirewallD -> 规则
firewalld_rules:
port_80:
enabled: true
zone: "public"
state: "enabled"
port: "80/tcp"
permanent: true
immediate: true
service_http:
enabled: true
zone: "public"
state: "enabled"
service: "http"
permanent: true
immediate: true
service_https:
enabled: true
zone: "public"
state: "enabled"
service: "https"
permanent: true
immediate: true
# ...
tasks:
- name: role darexsu firewalld
include_role:
name: darexsu.firewalld
安装:firewalld(完整版本)
---
- hosts: all
become: true
vars:
# FirewallD
firewalld:
enabled: true
# FirewallD -> 安装
firewalld_install:
enabled: true
tasks:
- name: role darexsu firewalld
include_role:
name: darexsu.firewalld
配置:添加防火墙规则(完整版本)
---
- hosts: all
become: true
vars:
# FirewallD
firewalld:
enabled: true
service:
enabled: true
state: "started"
# FirewallD -> 规则
firewalld_rules:
port_80:
enabled: true
zone: "public"
state: "enabled"
port: "80/tcp"
permanent: true
immediate: true
service_http:
enabled: true
zone: "public"
state: "enabled"
service: "http"
permanent: true
immediate: true
service_https:
enabled: true
zone: "public"
state: "enabled"
service: "https"
permanent: true
immediate: true
# rule_name:
# enabled: true
# key: value
# ...
tasks:
- name: role darexsu firewalld
include_role:
name: darexsu.firewalld