search

coreos / layering-examples

Apache License 2.0
111 stars 24 forks source link

Add Ansible example for firewalld #18

Closed jmarrero closed 2 years ago

jmarrero commented 2 years ago

Adds example using Ansible to configure firewalld.

jmarrero commented 2 years ago

Thanks so much for working on this! Have you gotten as far as testing that firewalld starts up and is working with this?

Yes Sir :grin: 

[core@tutorial ~]$ rpm-ostree status
State: idle
Deployments:
● ostree-unverified-registry:quay.io/jmarrero_rh/my-custom-fcos:ansible
                    Digest: sha256:c58d5027296e320bcd9447825be8ba58addd97adc8f999da42b03195c8cc97b0
                 Timestamp: 2022-05-10T13:32:46Z

  ostree-unverified-registry:quay.io/coreos-assembler/fcos:testing-devel
                    Digest: sha256:ee85bf2b3a7b9a8bdea43900ddf4cf461d4ebbbccc3fd70ca21a7fcd2f497463
                   Version: 35.20220509.20.0 (2022-05-09T22:07:20Z)
[core@tutorial ~]$ systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2022-05-10 13:33:29 UTC; 38s ago
       Docs: man:firewalld(1)
   Main PID: 965 (firewalld)
      Tasks: 2 (limit: 9423)
     Memory: 42.4M
        CPU: 716ms
     CGroup: /system.slice/firewalld.service
             └─ 965 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid

May 10 13:33:28 tutorial systemd[1]: Starting firewalld - dynamic firewall daemon...
May 10 13:33:29 tutorial systemd[1]: Started firewalld - dynamic firewall daemon.
[core@tutorial ~]$ sudo firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens8
  sources: 
  services: dhcpv6-client mdns ssh
  ports: 80/tcp 443/tcp 1936/tcp 2379/tcp 2380/tcp 3306/tcp 5050/tcp 6080/tcp 6180/tcp 6181/tcp 6183/tcp 6385/tcp 6443/tcp 8089/tcp 9001/tcp 9100-9103/tcp 9105-9106/tcp 9200-9219/tcp 9258/tcp 9444-9447/tcp 9537/tcp 9641-9644/tcp 9978-9979/tcp 10010/tcp 10250-10251/tcp 10255-10259/tcp 10263/tcp 10357/tcp 10443-10444/tcp 17697/tcp 22623-22624/tcp 60000/tcp 500/udp 4500/udp 4789/udp 6081/udp
  protocols: 
  forward: no
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
[core@tutorial ~]$
jmarrero commented 2 years ago

Ok I think I found a bug with the firewalld component of Ansible https://github.com/ansible-collections/ansible.posix/issues/357. But this is now ready for review.