From 6aa268834c5fe6d51cf788fb642f303191c15d3d Mon Sep 17 00:00:00 2001 From: "Chandan Kumar (raukadah)" Date: Mon, 10 Jan 2022 12:27:47 +0530 Subject: [PATCH] Introduce iptables_package var on RHEL-9 there is no iptables package, we need to install iptables-nft package here. In CentOS Stream-9 and Fedora-34 onwards iptables-nft package is available.[1] But we also need to support other distros, so we are introducing iptables_packages var and distro specific var files (having different name) for installing iptables package. [1]. https://pkgs.org/download/iptables-nft Signed-off-by: Chandan Kumar (raukadah) Change-Id: I8d5d3182996fc1e83b7f4f7eb99cf4c347d6ef1f --- roles/multi-node-firewall/README.rst | 12 ++++++++++-- roles/multi-node-firewall/defaults/main.yaml | 2 ++ roles/multi-node-firewall/tasks/main.yaml | 13 +++++++++++-- roles/multi-node-firewall/vars/CentOS.yaml | 7 +++++++ roles/multi-node-firewall/vars/Fedora.yaml | 7 +++++++ roles/multi-node-firewall/vars/RedHat.yaml | 7 +++++++ roles/multi-node-firewall/vars/default.yaml | 2 ++ 7 files changed, 46 insertions(+), 4 deletions(-) create mode 100644 roles/multi-node-firewall/defaults/main.yaml create mode 100644 roles/multi-node-firewall/vars/CentOS.yaml create mode 100644 roles/multi-node-firewall/vars/Fedora.yaml create mode 100644 roles/multi-node-firewall/vars/RedHat.yaml create mode 100644 roles/multi-node-firewall/vars/default.yaml diff --git a/roles/multi-node-firewall/README.rst b/roles/multi-node-firewall/README.rst index c19f310dd..15c2fea48 100644 --- a/roles/multi-node-firewall/README.rst +++ b/roles/multi-node-firewall/README.rst @@ -1,2 +1,10 @@ -Configures the inventory private and public addresses in a multi-node job in -iptables in order to allow traffic to and from each node without restrictions. +Multinode firewall is configured. + +This role is intended to install iptables and configure firewall. + +**Role Variables** + +.. zuul:rolevar:: iptables_package + :default: iptables + + Install the distribution package for Iptables. diff --git a/roles/multi-node-firewall/defaults/main.yaml b/roles/multi-node-firewall/defaults/main.yaml new file mode 100644 index 000000000..8abfee197 --- /dev/null +++ b/roles/multi-node-firewall/defaults/main.yaml @@ -0,0 +1,2 @@ +--- +iptables_package: "iptables" diff --git a/roles/multi-node-firewall/tasks/main.yaml b/roles/multi-node-firewall/tasks/main.yaml index 578fb2cd0..fc6f8eebd 100644 --- a/roles/multi-node-firewall/tasks/main.yaml +++ b/roles/multi-node-firewall/tasks/main.yaml @@ -1,7 +1,16 @@ -- name: Ensure iptables +- name: Include operating system specific vars + include_vars: "{{ zj_distro_os }}" + with_first_found: + - "{{ ansible_distribution }}.yaml" + - "{{ ansible_os_family }}.yaml" + - "default.yaml" + loop_control: + loop_var: zj_distro_os + +- name: 'Ensure {{ iptables_package }}' become: true package: - name: iptables + name: "{{ iptables_package }}" - name: Set up the host ip addresses set_fact: diff --git a/roles/multi-node-firewall/vars/CentOS.yaml b/roles/multi-node-firewall/vars/CentOS.yaml new file mode 100644 index 000000000..f745401d2 --- /dev/null +++ b/roles/multi-node-firewall/vars/CentOS.yaml @@ -0,0 +1,7 @@ +--- +iptables_package: >- + {% if ansible_distribution_major_version|int <= 8 -%} + iptables + {%- else -%} + iptables-nft + {%- endif %} diff --git a/roles/multi-node-firewall/vars/Fedora.yaml b/roles/multi-node-firewall/vars/Fedora.yaml new file mode 100644 index 000000000..79ccd36b2 --- /dev/null +++ b/roles/multi-node-firewall/vars/Fedora.yaml @@ -0,0 +1,7 @@ +--- +iptables_package: >- + {% if ansible_distribution_major_version|int <= 33 -%} + iptables + {%- else -%} + iptables-nft + {%- endif %} diff --git a/roles/multi-node-firewall/vars/RedHat.yaml b/roles/multi-node-firewall/vars/RedHat.yaml new file mode 100644 index 000000000..f745401d2 --- /dev/null +++ b/roles/multi-node-firewall/vars/RedHat.yaml @@ -0,0 +1,7 @@ +--- +iptables_package: >- + {% if ansible_distribution_major_version|int <= 8 -%} + iptables + {%- else -%} + iptables-nft + {%- endif %} diff --git a/roles/multi-node-firewall/vars/default.yaml b/roles/multi-node-firewall/vars/default.yaml new file mode 100644 index 000000000..8abfee197 --- /dev/null +++ b/roles/multi-node-firewall/vars/default.yaml @@ -0,0 +1,2 @@ +--- +iptables_package: "iptables"