state: restarted
- name: open firewall
command: firewall-cmd --permanent --add-port=21488/tcp
- when: ansible_os_family == "RedHat" and ansible_distribution_major_version in ("7", "8", "9") and ansible_virtualization_type != "lxc"
+ when: ansible_os_family == "RedHat" and ansible_distribution_major_version in ("7", "8", "9") and ansible_virtualization_type != "lxc" and not network.disable_firewall
- name: reload firewall
command: firewall-cmd --reload
- when: ansible_os_family == "RedHat" and ansible_distribution_major_version in ("7", "8", "9") and ansible_virtualization_type != "lxc"
+ when: ansible_os_family == "RedHat" and ansible_distribution_major_version in ("7", "8", "9") and ansible_virtualization_type != "lxc" and not network.disable_firewall
- name: force check
community.general.nagios:
action: forced_check
-class tinc($tinc_name, $tinc_location, $tinc_connect_to, $tinc_locations, $tinc_ip, $tinc_netmask, $tinc_other_networks) {
+class tinc($tinc_name, $tinc_location, $tinc_connect_to, $tinc_locations, $tinc_ip, $tinc_netmask, $tinc_other_networks, $firewall = true) {
# https://bugzilla.redhat.com/show_bug.cgi?id=2153663
if($facts['os']['family'] == 'RedHat' and $facts['os']['release']['major'] == '9') {
copr {'tinc':
notify => Service["tinc@${tinc_name}"],
}
- if ($facts['os']['family'] == 'RedHat') {
+ if ($facts['os']['family'] == 'RedHat' and $firewall) {
exec {'open firewall for tinc':
command => '/usr/bin/firewall-cmd --permanent --add-port=655/{tcp,udp}',
unless => '/usr/bin/firewall-cmd --query-port=655/udp',
tinc_ip => lookup("network.self_internal_ip"),
tinc_netmask => lookup("network.self_internal_netmask"),
tinc_other_networks => $tinc_other_networks,
+ firewall => !lookup("network.disable_firewall"),
}
}
projects / alex.git / commitdiff