opendev/system-config
Code Issues Proposed changes
d9d9a53cb7
system-config/playbooks/roles/iptables/README.rst
Monty Taylor d93a661ae4 Run iptables in service playbooks instead of base 
It's the only part of base that's important to run when we run a
service. Run it in the service playbooks and get rid of the
dependency on infra-prod-base.

Continue running it in base so that new nodes are brought up
with iptables in place.

Bump the timeout for the mirror job, because the iptables addition
seems to have just bumped it over the edge.

Change-Id: I4608216f7a59cfa96d3bdb191edd9bc7bb9cca39
2020-06-04 07:44:22 -05:00

64 lines
1.5 KiB
ReStructuredText
Raw Blame History

Install and configure iptables
**Role Variables**
.. zuul:rolevar:: iptables_allowed_hosts
:default: []
A list of dictionaries, each item in the list is a rule to add for
a host/port combination. The format of the dictionary is:
.. zuul:rolevar:: hostname
The hostname to allow. It will automatically be resolved, and
the inventory IP address will be added to the firewall.
.. zuul:rolevar:: protocol
One of "tcp" or "udp".
.. zuul:rolevar:: port
The port number.
.. zuul:rolevar:: iptables_allowed_groups
:default: []
A list of dictionaries, each item in the list is a rule to add for
a host/port combination. The format of the dictionary is:
.. zuul:rolevar:: group
The ansible inventory group to add. Every host in the group will
be added to the firewall.
.. zuul:rolevar:: protocol
One of "tcp" or "udp".
.. zuul:rolevar:: port
The port number.
.. zuul:rolevar:: iptables_public_tcp_ports
:default: []
A list of public TCP ports to open.
.. zuul:rolevar:: iptables_public_udp_ports
:default: []
A list of public UDP ports to open.
.. zuul:rolevar:: iptables_rules_v4
:default: []
A list of iptables v4 rules. Each item is a string containing the
iptables command line options for the rule.
.. zuul:rolevar:: iptables_rules_v6
:default: []
A list of iptables v6 rules. Each item is a string containing the
iptables command line options for the rule.
View Git Blame Copy Permalink