ALBERT SITE

[ANSIBLE] 방화벽 서비스추가

Posted by Albert 285Day 21Hour 26Min 2Sec ago [2024-07-08]

1. 우선 방화벽 추가하는 롤 생성

[root@asimblecontroller ansible]' ansible-galaxy role init firewallSetup
- Role firewallSetup was created successfully


2. 방화벽 적용 서비스변수 추가

[root@asimblecontroller ansible]' vi firewallSetup/vars/main.yml
---
' vars file for firewallSetup
service_port:
  - http
  - https


3. ansible.posix 모듈 설치(기본으로 설치되지않아 설치작업해주어야함)

[root@asimblecontroller ansible]' ansible-galaxy collection install ansible.posix
Process install dependency map
Starting collection install process
Installing 'ansible.posix:1.5.4' to '/root/.ansible/collections/ansible_collections/ansible/posix'


4. 롤 task 작성

---
' tasks file for firewallSetup
- name: Config firewalld
  ansible.posix.firewalld:
    service: "{{ item }}"
    permanent: true
    state: enabled
  loop: "{{ service_port }}"

- name: Reload firewalld
  ansible.builtin.service:
    name: firewalld
    state: reloaded


5. 방화벽 서비스 실행 플레이북 생성

(기존 https://visionboy.me/859에서 생성한 arole 아파치 설치롤과 같이 실행하는 플레이북 생성해보겠다.

우선 아파치설치 후 관련 웹방화벽가지 세팅하는 job이다)

---

- hosts: web

  pre_tasks:
    - name: Print Start message
      ansible.builtin.debug:
      msg: " ========== job start ==========="

  roles:
    - role: arole
      service_title: "Custom Title"
    - role: firewallSetup

  tasks:
    - name: Print finish role play
      ansible.builtin.debug:
        msg: "Finish role play"
    notify: Print result

  post_tasks:
    - name: Print End message
      ansible.builtin.debug:
        msg: " ========== job finished ==========="

  handlers:
    - name: Print result
      ansible.builtin.debug:
        msg: "ok finish"


6. 실행(이미 아파치는 web서버에 설치된 관계로 --check 옵션을 추가하여 정상 실행되는지만 확인)

[root@asimblecontroller ansible]' ansible-playbook --check multifoleExe.yml

PLAY [web] **********************************************************************************

TASK [Gathering Facts] **********************************************************************
ok: [tnode1]

TASK [Print Start message] ******************************************************************
ok: [tnode1] => {
"msg": " ========== job start ==========="
}

TASK [arole : install service Custom Title] *************************************************
ok: [tnode1] => (item=httpd-tools)
ok: [tnode1] => (item=httpd)

TASK [arole : copy html file] ***************************************************************
ok: [tnode1]

TASK [firewallSetup : Config firewalld] *****************************************************
changed: [tnode1] => (item=http)
changed: [tnode1] => (item=https)

TASK [firewallSetup : Reload firewalld] *****************************************************
changed: [tnode1]

TASK [Print finish role play] ***************************************************************
ok: [tnode1] => {
"msg": "Finish role play"
}

TASK [Print End message] ********************************************************************
ok: [tnode1] => {
"msg": " ========== job finished ==========="
}

PLAY RECAP **********************************************************************************
tnode1                     : ok=8    changed=2    unreachable=0    failed=0    skipped=0    r                                 escued=0    ignored=0



LIST

Copyright © 2014 visionboy.me All Right Reserved.