ansible: enable firewalld ports (#602)

open up http/s and the microk8s ports
2023-02-15 23:50:14 -05:00 · 2023-02-15 23:50:14 -05:00 · 1ebffd8b05
commit 1ebffd8b05
parent bd4fba7af7
2 changed files with 36 additions and 2 deletions
--- a/ansible/.tool-versions
+++ b/ansible/.tool-versions
@ -1,2 +1 @@
-direnv 2.32.1
-python 3.10.6
+python 3.11.2
--- a/ansible/playbooks/install_microk8s.yml
+++ b/ansible/playbooks/install_microk8s.yml
@ -1,6 +1,7 @@
 ---
 # by default this playbook will add the ip address of your endpoint
 # pass '-e host_name="my-domain.example.edu"' for it to work best
+#
 - name: deploy microk8s 
  gather_facts: true
  hosts: "{{ host_ip | default('inventory_hostname') }}"
@ -12,6 +13,7 @@
  tasks:
  # ===========================================
  # Install pre-requisites (RedHat)
+  #
  - name: microk8s | enable epel-release (RedHat)
    ansible.builtin.dnf:
      name: "{{ item }}"
@ -21,6 +23,7 @@
      - epel-release
      - python3
      - python3-pip
+      - python3-firewall
    become: true
    when:
      - ansible_os_family == "RedHat"
@ -43,8 +46,40 @@
      - ansible_os_family == "RedHat"
    become: true

+  - name: microk8s | open microk8s web service
+    ansible.posix.firewalld:
+      service: "{{ item }}"
+      permanent: true
+      immediate: true
+      state: enabled
+    loop:
+      - https
+      - http
+    when:
+      - ansible_os_family == "RedHat"
+
+  - name: microk8s | open microk8s firewall ports
+    ansible.posix.firewalld:
+      port: "{{ item }}"
+      permanent: true
+      immediate: true
+      state: enabled
+    loop:
+      - 16443/tcp
+      - 10250/tcp
+      - 10255/tcp
+      - 25000/tcp
+      - 12379/tcp
+      - 10257/tcp
+      - 10259/tcp
+      - 19001/tcp
+      - 4789/udp
+    when:
+      - ansible_os_family == "RedHat"
+
  # ===========================================
  # Install microk8s
+  #
  - name: microk8s | ensure dependencies are installed (Debian)
    ansible.builtin.apt:
      name: