# # # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. # --- #Tasks file can include smaller files if wanted #All commons tasks goes here - name: Create a new user group "{{ group }}" group: name={{ group }} become: yes - name: Create a new user "{{ user }}" user: name={{ user }} group={{ group }} become: yes - name: Install Firewalld (RedHat) yum: name=firewalld state=latest update_cache=yes become: yes when: ansible_os_family == "RedHat" - name: Install Firewalld (Debian) apt: name=firewalld state=latest update_cache=yes become: yes when: ansible_os_family == "Debian" # TODO: stop iptables service, can't have both iptables and firewalld on same host # firewalld is just a frontend for iptables - so we can't remove it # if we try to stop non existing service ansible fails. # - name: Stop iptables, ip6tables services # service: name="{{ item }}" state=stopped # with_items: # - iptables # - ip6tables - name: Install Git (RedHat) yum: name: - git state: latest update_cache: yes become: yes when: ansible_os_family == "RedHat" - name: Install Git (Debian) apt: name: - git state: latest update_cache: yes become: yes when: ansible_os_family == "Debian" - name: Ansible flush zone=public ansible.builtin.file: path: - /etc/firewalld/zones/public.xml - /etc/firewalld/zones/public.xml.old state: absent #- name: Ansible flush zone=public public.xml # shell: rm -rf /etc/firewalld/zones/public.xml # become: yes # #- name: Ansible flush zone=public public.xml.old # shell: rm -rf /etc/firewalld/zones/public.xml.old # become: yes - name: open firewall port 22 for SSH connections firewalld: port="22/tcp" zone=public permanent=true state=enabled immediate=yes become: yes - name: Start firewalld service service: name=firewalld state=started become: yes ...