Role - tripleo-firewall

Role Documentation

Welcome to the “tripleo_firewall” role documentation.

Role Defaults

This section highlights all of the defaults and variables set within the “tripleo_firewall” role.

# All variables intended for modification should be placed in this file.

# All variables within this role should have a prefix of "tripleo_firewall"

# Example rule definition
#
# '003 accept ssh from all':
#   proto: 'tcp'
#   dport: 22
# '002 remove ssh from all':
#   proto: 'tcp'
#   dport: 22
#   extras:
#     ensure: 'absent'

tripleo_firewall_rules: {}

tripleo_firewall_frontend_enabled: false

tripleo_firewall_frontend_rules: {}

tripleo_firewall_ssl_frontend_enabled: false

tripleo_firewall_ssl_frontend_rules: {}

tripleo_firewall_edge_frontend_enabled: false

tripleo_firewall_edge_frontend_rules: {}

tripleo_firewall_edge_ssl_frontend_rules: {}

Role Variables: redhat.yml

# While options found within the vars/ path can be overridden using extra
# vars, items within this path are considered part of the role and not
# intended to be modified.

tripleo_firewall_packages:
- nftables

Role Variables: main.yml

# All variables within this role should have a prefix of "tripleo_firewall"

# Converts the expected state options to functional states when
# interacting with ports.
tripleo_firewall_port_states:
  enabled: present
  present: present
  absent: absent
  disabled: absent

Molecule Scenarios

Molecule is being used to test the “tripleo_firewall” role. The following section highlights the drivers in service and provides an example playbook showing how the role is leveraged.

Scenario: nftables

Molecule Inventory

hosts:
  all:
    hosts:
      instance:
        ansible_host: localhost

Example nftables playbook

- name: Converge
  hosts: all
  roles:
  - role: tripleo_firewall
    tripleo_firewall_engine: nftables
  tasks:
  - name: Clean everything nftables related
    import_role:
      name: tripleo_nftables
      tasks_from: cleanup.yml