Commit Graph

51 Commits

Author SHA1 Message Date
Andrea Dell'Amico 31b8b7b711 Put the prometheus rules at the end of the template, so that they not interfere with other rules. 2019-02-19 16:54:15 +01:00
Andrea Dell'Amico 8156a3883b Change the iptables rules.v4 template to support specific policies and to automatically reject the traffic for not allowed addresses. 2018-11-27 18:27:53 +01:00
Andrea Dell'Amico 92e71712bc Install postfix before iptables if we are going to configure a smtp server. 2018-05-04 13:27:31 +02:00
Andrea Dell'Amico ffc72e6f4f library/roles/iptables/defaults/main.yml: Use the default interface as the NAT output one. Do not pretend that is always eth0 2018-05-02 18:15:26 +02:00
Andrea Dell'Amico baf6caa8f2 library/roles/iptables/tasks/main.yml: Fix a installed vs present option. 2018-04-21 13:25:45 +02:00
Andrea Dell'Amico 188f0ccb8a iptables: fix the restart of fail2ban and docker. 2018-03-19 18:53:55 +01:00
Andrea Dell'Amico a7f966b26e handle the docker service restart after the iptables service one. 2018-03-19 15:49:43 +01:00
Andrea Dell'Amico e4d90a8e76 Install postfix if we want to use it as a relay service. We need it installed before the rules are applied. 2018-03-01 13:06:46 +01:00
Andrea Dell'Amico a86418946d library/roles/iptables/tasks/main.yml: Fix a conditional. 2018-02-17 12:45:05 +01:00
Andrea Dell'Amico 528a01ec4a library/roles/iptables/tasks/main.yml: Ubuntu 16.04 uses netfilter-persistent and systemd. 2018-02-17 12:44:03 +01:00
Andrea Dell'Amico 7f46f6f88e library/roles/iptables/templates/iptables-rules.v4.j2: Firewall rules for prometheus. 2018-02-07 16:52:55 +01:00
Andrea Dell'Amico d1672fe4fb library/roles/iptables/templates/iptables-rules.v4.j2: Do not fail if ganglia_unicast_mode is not defined. 2018-01-25 20:17:58 +01:00
Andrea Dell'Amico 69f14daa94 library/roles/iptables/templates/iptables-rules.v4.j2: Fix a conditional. 2018-01-16 17:03:54 +01:00
Andrea Dell'Amico 56fc118e9d iptables: in the tcp or udp rules, the allowed_hosts variables can be a list. 2017-10-20 17:46:21 +02:00
Andrea Dell'Amico 892a05256a library/roles/iptables/templates/iptables-rules.v4.j2: Fix a mistake where the task failed when psql_db_data was not defined. 2017-03-07 13:12:01 +01:00
Andrea Dell'Amico ba12f3dba8 library/roles/iptables/templates/iptables-rules.v4.j2: Fix a typo. 2016-12-14 18:32:05 +01:00
Andrea Dell'Amico d32a1e99c6 library/roles/iptables/templates/iptables-rules.v4.j2: Add a rule to add ANY rules. 2016-12-14 16:09:39 +01:00
Andrea Dell'Amico 86b510e7d5 d4science-ghn-cluster: New variabiles to cover the orientdb configuration.
library/roles/iptables/templates/iptables-rules.v4.j2: rule to support orientdb multicast configuration.
library/roles/orientdb: Template all the configuration files. Move the database and log directory out of the distribution.
2016-09-28 19:19:51 +02:00
Andrea Dell'Amico 80132d9e80 library/roles/iptables/templates/iptables-rules.v4.j2: The tomcat cluster rules need more flexibility. 2016-09-12 11:56:19 +02:00
Andrea Dell'Amico 36d88eb220 library/roles/iptables/templates/iptables-rules.v4.j2: Do not duplicate the http (port 80) rule when letsencrypt is active. 2016-08-04 16:56:59 +02:00
Andrea Dell'Amico 487572aa6e library/roles/ganglia: Change templates and defaults to support an unicast configuration.
library/roles/iptables: Rules to support a ganglia configuration that runs over unicast and not multicast.
2016-07-12 19:15:00 +02:00
Andrea Dell'Amico b53163a875 library/roles/iptables/tasks/main.yml: Start the iptables rules immediately after a new set of rules is installed. 2016-07-12 16:29:52 +02:00
Andrea Dell'Amico 2544a66b68 library/roles/iptables/templates/iptables-rules.v4.j2: If we are going to install letsencrypt, open the port 80/tcp to the world. 2016-07-12 15:33:46 +02:00
Andrea Dell'Amico a4159b2769 library/roles/iptables: Rules for the keepalived communications.
library/roles/keepalived: Role that installs and configures keepalived. The template is specific for the haproxy use case.
2016-07-05 18:29:03 +02:00
Andrea Dell'Amico d975326a1b library/roles/iptables/templates/iptables-rules.v4.j2: More conditionals for the postgres and mysql rules. 2016-06-22 18:02:28 +02:00
Andrea Dell'Amico b465587c3c library/roles/iptables/templates/iptables-rules.v4.j2: fix the template so that it manages NAT correctly. 2016-06-11 16:56:12 +02:00
Andrea Dell'Amico 1dbe0c9209 library/roles/iptables: Manage NAT and different defaults for INPUT and FORWARD chains. 2016-06-11 15:24:48 +02:00
Andrea Dell'Amico 93de42a333 d4science-ghn-cluster: new infra dev VM. liferay cluster.
library/roles/iptables: snippet for the multicast part of tomcat clustering.
2016-05-25 15:56:05 +02:00
Andrea Dell'Amico c80b73b8fa library/roles/postfix-relay/tasks/smtp-sasl-auth.yml: Fix the task that updates the hash.
d4science-ghn-cluster/group_vars/portal_servers: Add the d4science portals to the ganglia grid.
d4science-ghn-cluster/smtp-clients.yml: Add the task that creates the smtp accounts on the relay.
d4science-ghn-cluster/portals.yml: Playbook that configures some parts of the portals distribution. smtp relay, iptables rules, ganglia.
2016-01-22 17:09:57 +01:00
Andrea Dell'Amico 7a4e60ff33 library/roles/iptables/templates/iptables-rules.v4.j2: move the blacklist rules before anything else. 2015-10-23 19:45:07 +02:00
Andrea Dell'Amico aa1ad48c46 library/roles/iptables: Support for blacklists of ip/networks. Optionally with associated protocol, source port and destination port. 2015-10-23 16:01:53 +02:00
Andrea Dell'Amico b7ec847f5d all: Fix the nagios, ganglia and munin enable/disable variables. 2015-10-16 12:35:42 +02:00
Andrea Dell'Amico 97e9d1d055 library/roles/iptables/templates/iptables-rules.v4.j2: Do not assume that the variables that rule specific services are defined.
dnet-efg/portal.yml: Add the basic steps to install drupal.
2015-10-15 18:43:28 +02:00
Andrea Dell'Amico 8e104cec4a library/vars/isti-global.yml: Install and configure munin by default. 2015-10-14 14:47:23 +02:00
Andrea Dell'Amico 478dba36c0 dnet-openaire/group_vars/parthenos_mapping_dev/mapping.yml: Do not setup the SMTP relay iptables rules 2015-10-12 11:13:53 +02:00
Andrea Dell'Amico e090edee15 infrastructure-services/group_vars/all/all.yml: remove redundant variables. 2015-10-10 09:03:24 +02:00
Andrea Dell'Amico 304a25e564 library/roles/iptables: do not set ganglia or nagios rules if not explicitly told.
d4science-ghn-cluster/roles/smartgears: specific tasks to manage the egi images
d4science-ghn-cluster/roles/smartgears/templates/smartgears-setup.sh.j2: script to setup the container when the image is first activated.
2015-10-07 14:48:22 +02:00
Andrea Dell'Amico 9e5653f85d library/roles/iptables/tasks/main.yml: ugly fix for the distribution versions mess.
library/roles/oracle-jdk/tasks/main.yml: now it installs on debian too.
library/roles/php-fpm: Support saving sessions on memcache. Needs memcache (there's a role for it).
library/roles/postfix-relay: Now it can be configured to permit unencrypted connections from the local clients.
library/roles/users: Fix the sudo stuff.
2015-09-03 02:36:22 +02:00
Andrea Dell'Amico 4b06f84618 library/roles: Try and fix the fail2ban conditionals, again.
xen/host_vars/dlib28x.dom0.research-infrastructures.eu: add dlib28x.dom0.research-infrastructures.eu
2015-08-07 11:25:06 +02:00
Andrea Dell'Amico 0df30e5cf7 library/roles: fixes to the fail2ban and iptables handlers. Remove some dependencies from the solr-tomcat-instance and tomcat-apache-requirements roles. They will need to be explicitly set. 2015-07-23 19:32:54 +02:00
Andrea Dell'Amico 10441129fc library/roles/dnet_user_services_perms: Manage more directories. Logs in /var/log/dnet
library/roles/iptables/templates/iptables-rules.v6.j2: Fix the reject options
library/roles/tomcat: Install a catalina.properties that matches the one used by the multiple instances role
library/roles/tomcat/templates/tomcat-server.xml.j2: Do not generate a random password when the shutdown port is disabled
2015-07-16 13:25:02 +02:00
Andrea Dell'Amico 6eb98527ba library/roles/iptables/templates/iptables-rules.v4.j2: manage multiple IPs for the nagios server.
library/roles/iptables/templates/iptables-rules.v6.j2: set the same policy used by the ipv4 rules.
2015-07-15 13:59:23 +02:00
Andrea Dell'Amico e1180b39a7 library/roles/mysql: better backup script. Now supports nagios and a retain interval.
library/roles/iptables: special case for ldap.
library/roles/openldap-server: first bits of a openldap role
2015-07-14 00:30:49 +02:00
Andrea Dell'Amico d222d0cfdc dnet-mincyt: new VM to host the portal. Fixes to the apache virtualhosts generation tasks.
library/roles/dnet_user_services_perms: New roles to configure the VM permissions in a way that allows playing with tomcat without been root.
infrastructure-services: First bits of nagios configuration for the infrastructure services.
2015-07-13 17:54:21 +02:00
Andrea Dell'Amico d37840100e Various fixes to the library roles. 2015-07-13 14:17:42 +02:00
Andrea Dell'Amico e53c5a3f63 library/roles/postgresql: Fix the configuration tasks to use the configfile module
library/roles/iptables: Create rules for postgresql even if the service listens on localhost only.
2015-06-22 14:49:59 +02:00
Andrea Dell'Amico a684f6f5fd library/roles/iptables/tasks/main.yml: Fix the 'when' clause. 2015-06-15 12:01:25 +02:00
Andrea Dell'Amico d69a92292c library: small fixes.
d4science-gcube/roles/mediawiki_setup/templates/nginx-mediawiki.j2: First attempt at a nginx ssl config.
2015-06-14 23:39:13 +02:00
Andrea Dell'Amico b9d50790cd d4science-ghn-cluster: We now manage the iptables firewall on the mongodb cluster.
library/roles: separate task that sets the hostname
library/vars/isti-global.yml: add the d4science partners networks as a common variable.
2015-06-11 16:32:01 +02:00
Andrea Dell'Amico 93be7129fe library/roles: roles added for memcache and revive-adserver. Various fixes to the haproxy, php-fpm, varnish and yii roles. 2015-05-31 19:35:38 +02:00