From d19a71843f15386c424dc8bd9f3aa2bdff39541c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Soko=C5=82owski?= Date: Thu, 12 Aug 2021 17:05:29 +0200 Subject: [PATCH] use infra-role-open-ports, open metrics for metrics.hq MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://github.com/status-im/infra-hq/issues/69 Signed-off-by: Jakub SokoĊ‚owski --- meta/main.yml | 3 +++ tasks/firewall.yml | 25 +++++++++---------------- 2 files changed, 12 insertions(+), 16 deletions(-) diff --git a/meta/main.yml b/meta/main.yml index 9935c49..9bceef0 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -13,6 +13,9 @@ galaxy_info: - name: consul-service src: git+git@github.com:status-im/infra-role-consul-service.git scm: git + - name: open-ports + src: git+git@github.com:status-im/infra-role-open-ports.git + scm: git - name: systemd-timer src: git+git@github.com:status-im/infra-role-systemd-timer.git scm: git diff --git a/tasks/firewall.yml b/tasks/firewall.yml index 34419ea..8903d6c 100644 --- a/tasks/firewall.yml +++ b/tasks/firewall.yml @@ -1,17 +1,10 @@ --- -- name: 'Open ports' - iptables: - comment: '{{ beacon_node_service_name }} {{ rule.protocol }}' - action: insert - chain: INPUT - jump: ACCEPT - source: '0.0.0.0/0' - protocol: '{{ rule.protocol }}' - destination_port: '{{ rule.port }}' - with_items: - - { protocol: 'tcp', port: '{{ beacon_node_listening_port }}' } - - { protocol: 'udp', port: '{{ beacon_node_discovery_port }}' } - loop_control: - loop_var: rule - notify: - - Save iptables rules +- name: Open ports in iptables firewall + include_role: name=open-ports + vars: + open_ports_default_comment: '{{ beacon_node_service_name }}' + open_ports_default_chain: 'SERVICES' + open_ports_list: + - { port: '{{ beacon_node_listening_port }}', protocol: 'tcp' } + - { port: '{{ beacon_node_discovery_port }}', protocol: 'udp' } + - { port: '{{ beacon_node_metrics_port }}', chain: 'VPN', ipset: 'metrics.hq' }