Ansible:firewalld 和添加新区域
Ansible: firewalld and adding new zone
我正在尝试将以下内容添加到 Ansible 剧本中:
firewall-cmd --permanent --new-zone dockerc
firewall-cmd --permanent --zone dockerc --add-source 172.17.0.0/16
firewall-cmd --permanent --zone dockerc --add-port 8443/tcp
firewall-cmd --permanent --zone dockerc --add-port 53/udp
但根据 http://docs.ansible.com/ansible/firewalld_module.html 区域没有添加新区域的选项。
有谁知道是否可以使用 Ansible 添加 dockerc 作为新区域?
不幸的是,firewalld 模块不适合创建新区域。如果 firewall-cmd 在您的主机上可用,那么您可以简单地 运行 单独使用它:
- command: firewall-cmd --permanent --new-zone dockerc
区域设置完成后就可以正常使用模块了:
- firewalld:
zone: dockerc
permanent: true
source: 172.17.0.0/16
state: enabled
如果你不能单独使用 firewall-cmd 命令,那么你可能运气不好,因为检查 source code of the module 你可以看到它不包含创建新区域的代码.
但是请注意,此模块是 ansible 中的 Curated 模块,这意味着它没有获得完整的核心支持。如果您知道 python,那么欢迎您发送拉取请求,使该模块能够创建新区域。
截至 2017-12-12,具体提交 8475171f67f,firewalld 模块支持创建(和删除)区域。
- firewalld:
zone: custom
state: present
permanent: true
将state设置为present或absent,并确保zone、state和permanent是唯一的键任务。
来自 source code
的注释
- Zone transactions (creating, deleting) can be performed by using only the zone and state parameters "present" or "absent".
Note that zone transactions must explicitly be permanent. This is a limitation in firewalld.
This also means that you will have to reload firewalld after adding a zone that you wish to perfom immediate actions on.
The module will not take care of this for you implicitly because that would undo any previously performed immediate actions which were
not
permanent. Therefor, if you require immediate access to a newly created zone it is recommended you reload firewalld immediately after
the zone
creation returns with a changed state and before you perform any other immediate, non-permanent actions on that zone.
我正在尝试将以下内容添加到 Ansible 剧本中:
firewall-cmd --permanent --new-zone dockerc
firewall-cmd --permanent --zone dockerc --add-source 172.17.0.0/16
firewall-cmd --permanent --zone dockerc --add-port 8443/tcp
firewall-cmd --permanent --zone dockerc --add-port 53/udp
但根据 http://docs.ansible.com/ansible/firewalld_module.html 区域没有添加新区域的选项。
有谁知道是否可以使用 Ansible 添加 dockerc 作为新区域?
不幸的是,firewalld 模块不适合创建新区域。如果 firewall-cmd 在您的主机上可用,那么您可以简单地 运行 单独使用它:
- command: firewall-cmd --permanent --new-zone dockerc
区域设置完成后就可以正常使用模块了:
- firewalld:
zone: dockerc
permanent: true
source: 172.17.0.0/16
state: enabled
如果你不能单独使用 firewall-cmd 命令,那么你可能运气不好,因为检查 source code of the module 你可以看到它不包含创建新区域的代码.
但是请注意,此模块是 ansible 中的 Curated 模块,这意味着它没有获得完整的核心支持。如果您知道 python,那么欢迎您发送拉取请求,使该模块能够创建新区域。
截至 2017-12-12,具体提交 8475171f67f,firewalld 模块支持创建(和删除)区域。
- firewalld:
zone: custom
state: present
permanent: true
将state设置为present或absent,并确保zone、state和permanent是唯一的键任务。
来自 source code
的注释
- Zone transactions (creating, deleting) can be performed by using only the zone and state parameters "present" or "absent". Note that zone transactions must explicitly be permanent. This is a limitation in firewalld. This also means that you will have to reload firewalld after adding a zone that you wish to perfom immediate actions on. The module will not take care of this for you implicitly because that would undo any previously performed immediate actions which were not permanent. Therefor, if you require immediate access to a newly created zone it is recommended you reload firewalld immediately after the zone creation returns with a changed state and before you perform any other immediate, non-permanent actions on that zone.