postgresql_cluster icon indicating copy to clipboard operation
postgresql_cluster copied to clipboard

Published 20 hours ago verified publisher icon vitabaks

Add firewalld/ufw support

Open redy01 opened this issue 1 year ago • 7 comments

redy01 avatar Aug 06 '24 19:08 redy01

@redy01 Hi, I completed all the settings, started running the ansible playbook-playbook deploy_pgcluster.yml and I get an error: image

vars/system.yml

# Firewall
firewall_enabled_at_boot: true  # or 'true' for configure firewall
firewall_type: "firewalld"  # available 'iptables','firewalld','ufw'

SDV109 avatar Aug 13 '24 09:08 SDV109

try to define three roles in the playbook instead of role: "fw_{{ firewall_type }}", each with its own condition

Example:

  roles:
    - role: fw_iptables
      vars:
        firewall_allowed_tcp_ports: "{{ firewall_ports_dynamic_var | default([]) | unique }}"
        firewall_additional_rules: "{{ firewall_rules_dynamic_var | default([]) | unique }}"
      when: firewall_type == 'iptables' and firewall_enabled_at_boot | bool
      tags: firewall

    - role: fw_firewalld
      vars:
        firewall_allowed_tcp_ports: "{{ firewall_ports_dynamic_var | default([]) | unique }}"
      when: firewall_type == 'firewalld' and firewall_enabled_at_boot | bool
      tags: firewall

    - role: fw_ufw
      vars:
        firewall_allowed_tcp_ports: "{{ firewall_ports_dynamic_var | default([]) | unique }}"
      when: firewall_type == 'ufw' and firewall_enabled_at_boot | bool
      tags: firewall

This approach increases clarity and can sometimes simplify troubleshooting by making the playbook's flow more explicit.

vitabaks avatar Aug 13 '24 10:08 vitabaks

Please note that the ansible code has been moved to the automation directory.

vitabaks avatar Aug 19 '24 11:08 vitabaks

hi has there been any development on this ? Thanks :) great work guys

rausub avatar Nov 08 '24 04:11 rausub

The author of this PR has not completed it yet, I can do it if this functionality is really necessary.

vitabaks avatar Dec 18 '24 20:12 vitabaks

Hi, yes I believe this functionality is crucial as firewalld is the preferred way to manage on oracle/redhat and ufw in ubuntu. Maintaining iptables + firewalld can become cumbersome, would rather stick with just firewalld . Thanks ! Great work with the project

rausub avatar Dec 19 '24 07:12 rausub

If you're interested in this feature, please consider becoming a sponsor.

The development of this feature requires sponsorship to fund developer efforts. If you're already a sponsor and are interested in this feature, please leave a comment here so we can prioritize this issue accordingly.

We also welcome contributions from those willing to dedicate their time to implement this feature on a voluntary basis. Please see the Contributing Guide for more information.

vitabaks avatar Feb 16 '25 11:02 vitabaks