Andrea Dell'Amico
8156a3883b
Change the iptables rules.v4 template to support specific policies and to automatically reject the traffic for not allowed addresses.
2018-11-27 18:27:53 +01:00
Andrea Dell'Amico
92e71712bc
Install postfix before iptables if we are going to configure a smtp server.
2018-05-04 13:27:31 +02:00
Andrea Dell'Amico
ffc72e6f4f
library/roles/iptables/defaults/main.yml: Use the default interface as the NAT output one. Do not pretend that is always eth0
2018-05-02 18:15:26 +02:00
Andrea Dell'Amico
baf6caa8f2
library/roles/iptables/tasks/main.yml: Fix a installed vs present option.
2018-04-21 13:25:45 +02:00
Andrea Dell'Amico
188f0ccb8a
iptables: fix the restart of fail2ban and docker.
2018-03-19 18:53:55 +01:00
Andrea Dell'Amico
a7f966b26e
handle the docker service restart after the iptables service one.
2018-03-19 15:49:43 +01:00
Andrea Dell'Amico
e4d90a8e76
Install postfix if we want to use it as a relay service. We need it installed before the rules are applied.
2018-03-01 13:06:46 +01:00
Andrea Dell'Amico
a86418946d
library/roles/iptables/tasks/main.yml: Fix a conditional.
2018-02-17 12:45:05 +01:00
Andrea Dell'Amico
528a01ec4a
library/roles/iptables/tasks/main.yml: Ubuntu 16.04 uses netfilter-persistent and systemd.
2018-02-17 12:44:03 +01:00
Andrea Dell'Amico
7f46f6f88e
library/roles/iptables/templates/iptables-rules.v4.j2: Firewall rules for prometheus.
2018-02-07 16:52:55 +01:00
Andrea Dell'Amico
d1672fe4fb
library/roles/iptables/templates/iptables-rules.v4.j2: Do not fail if ganglia_unicast_mode is not defined.
2018-01-25 20:17:58 +01:00
Andrea Dell'Amico
69f14daa94
library/roles/iptables/templates/iptables-rules.v4.j2: Fix a conditional.
2018-01-16 17:03:54 +01:00
Andrea Dell'Amico
56fc118e9d
iptables: in the tcp or udp rules, the allowed_hosts variables can be a list.
2017-10-20 17:46:21 +02:00
Andrea Dell'Amico
892a05256a
library/roles/iptables/templates/iptables-rules.v4.j2: Fix a mistake where the task failed when psql_db_data was not defined.
2017-03-07 13:12:01 +01:00
Andrea Dell'Amico
ba12f3dba8
library/roles/iptables/templates/iptables-rules.v4.j2: Fix a typo.
2016-12-14 18:32:05 +01:00
Andrea Dell'Amico
d32a1e99c6
library/roles/iptables/templates/iptables-rules.v4.j2: Add a rule to add ANY rules.
2016-12-14 16:09:39 +01:00
Andrea Dell'Amico
86b510e7d5
d4science-ghn-cluster: New variabiles to cover the orientdb configuration.
...
library/roles/iptables/templates/iptables-rules.v4.j2: rule to support orientdb multicast configuration.
library/roles/orientdb: Template all the configuration files. Move the database and log directory out of the distribution.
2016-09-28 19:19:51 +02:00
Andrea Dell'Amico
80132d9e80
library/roles/iptables/templates/iptables-rules.v4.j2: The tomcat cluster rules need more flexibility.
2016-09-12 11:56:19 +02:00
Andrea Dell'Amico
36d88eb220
library/roles/iptables/templates/iptables-rules.v4.j2: Do not duplicate the http (port 80) rule when letsencrypt is active.
2016-08-04 16:56:59 +02:00
Andrea Dell'Amico
487572aa6e
library/roles/ganglia: Change templates and defaults to support an unicast configuration.
...
library/roles/iptables: Rules to support a ganglia configuration that runs over unicast and not multicast.
2016-07-12 19:15:00 +02:00
Andrea Dell'Amico
b53163a875
library/roles/iptables/tasks/main.yml: Start the iptables rules immediately after a new set of rules is installed.
2016-07-12 16:29:52 +02:00
Andrea Dell'Amico
2544a66b68
library/roles/iptables/templates/iptables-rules.v4.j2: If we are going to install letsencrypt, open the port 80/tcp to the world.
2016-07-12 15:33:46 +02:00
Andrea Dell'Amico
a4159b2769
library/roles/iptables: Rules for the keepalived communications.
...
library/roles/keepalived: Role that installs and configures keepalived. The template is specific for the haproxy use case.
2016-07-05 18:29:03 +02:00
Andrea Dell'Amico
d975326a1b
library/roles/iptables/templates/iptables-rules.v4.j2: More conditionals for the postgres and mysql rules.
2016-06-22 18:02:28 +02:00
Andrea Dell'Amico
b465587c3c
library/roles/iptables/templates/iptables-rules.v4.j2: fix the template so that it manages NAT correctly.
2016-06-11 16:56:12 +02:00
Andrea Dell'Amico
1dbe0c9209
library/roles/iptables: Manage NAT and different defaults for INPUT and FORWARD chains.
2016-06-11 15:24:48 +02:00
Andrea Dell'Amico
93de42a333
d4science-ghn-cluster: new infra dev VM. liferay cluster.
...
library/roles/iptables: snippet for the multicast part of tomcat clustering.
2016-05-25 15:56:05 +02:00
Andrea Dell'Amico
c80b73b8fa
library/roles/postfix-relay/tasks/smtp-sasl-auth.yml: Fix the task that updates the hash.
...
d4science-ghn-cluster/group_vars/portal_servers: Add the d4science portals to the ganglia grid.
d4science-ghn-cluster/smtp-clients.yml: Add the task that creates the smtp accounts on the relay.
d4science-ghn-cluster/portals.yml: Playbook that configures some parts of the portals distribution. smtp relay, iptables rules, ganglia.
2016-01-22 17:09:57 +01:00
Andrea Dell'Amico
7a4e60ff33
library/roles/iptables/templates/iptables-rules.v4.j2: move the blacklist rules before anything else.
2015-10-23 19:45:07 +02:00
Andrea Dell'Amico
aa1ad48c46
library/roles/iptables: Support for blacklists of ip/networks. Optionally with associated protocol, source port and destination port.
2015-10-23 16:01:53 +02:00
Andrea Dell'Amico
b7ec847f5d
all: Fix the nagios, ganglia and munin enable/disable variables.
2015-10-16 12:35:42 +02:00
Andrea Dell'Amico
97e9d1d055
library/roles/iptables/templates/iptables-rules.v4.j2: Do not assume that the variables that rule specific services are defined.
...
dnet-efg/portal.yml: Add the basic steps to install drupal.
2015-10-15 18:43:28 +02:00
Andrea Dell'Amico
8e104cec4a
library/vars/isti-global.yml: Install and configure munin by default.
2015-10-14 14:47:23 +02:00
Andrea Dell'Amico
478dba36c0
dnet-openaire/group_vars/parthenos_mapping_dev/mapping.yml: Do not setup the SMTP relay iptables rules
2015-10-12 11:13:53 +02:00
Andrea Dell'Amico
e090edee15
infrastructure-services/group_vars/all/all.yml: remove redundant variables.
2015-10-10 09:03:24 +02:00
Andrea Dell'Amico
304a25e564
library/roles/iptables: do not set ganglia or nagios rules if not explicitly told.
...
d4science-ghn-cluster/roles/smartgears: specific tasks to manage the egi images
d4science-ghn-cluster/roles/smartgears/templates/smartgears-setup.sh.j2: script to setup the container when the image is first activated.
2015-10-07 14:48:22 +02:00
Andrea Dell'Amico
9e5653f85d
library/roles/iptables/tasks/main.yml: ugly fix for the distribution versions mess.
...
library/roles/oracle-jdk/tasks/main.yml: now it installs on debian too.
library/roles/php-fpm: Support saving sessions on memcache. Needs memcache (there's a role for it).
library/roles/postfix-relay: Now it can be configured to permit unencrypted connections from the local clients.
library/roles/users: Fix the sudo stuff.
2015-09-03 02:36:22 +02:00
Andrea Dell'Amico
4b06f84618
library/roles: Try and fix the fail2ban conditionals, again.
...
xen/host_vars/dlib28x.dom0.research-infrastructures.eu: add dlib28x.dom0.research-infrastructures.eu
2015-08-07 11:25:06 +02:00
Andrea Dell'Amico
0df30e5cf7
library/roles: fixes to the fail2ban and iptables handlers. Remove some dependencies from the solr-tomcat-instance and tomcat-apache-requirements roles. They will need to be explicitly set.
2015-07-23 19:32:54 +02:00
Andrea Dell'Amico
10441129fc
library/roles/dnet_user_services_perms: Manage more directories. Logs in /var/log/dnet
...
library/roles/iptables/templates/iptables-rules.v6.j2: Fix the reject options
library/roles/tomcat: Install a catalina.properties that matches the one used by the multiple instances role
library/roles/tomcat/templates/tomcat-server.xml.j2: Do not generate a random password when the shutdown port is disabled
2015-07-16 13:25:02 +02:00
Andrea Dell'Amico
6eb98527ba
library/roles/iptables/templates/iptables-rules.v4.j2: manage multiple IPs for the nagios server.
...
library/roles/iptables/templates/iptables-rules.v6.j2: set the same policy used by the ipv4 rules.
2015-07-15 13:59:23 +02:00
Andrea Dell'Amico
e1180b39a7
library/roles/mysql: better backup script. Now supports nagios and a retain interval.
...
library/roles/iptables: special case for ldap.
library/roles/openldap-server: first bits of a openldap role
2015-07-14 00:30:49 +02:00
Andrea Dell'Amico
d222d0cfdc
dnet-mincyt: new VM to host the portal. Fixes to the apache virtualhosts generation tasks.
...
library/roles/dnet_user_services_perms: New roles to configure the VM permissions in a way that allows playing with tomcat without been root.
infrastructure-services: First bits of nagios configuration for the infrastructure services.
2015-07-13 17:54:21 +02:00
Andrea Dell'Amico
d37840100e
Various fixes to the library roles.
2015-07-13 14:17:42 +02:00
Andrea Dell'Amico
e53c5a3f63
library/roles/postgresql: Fix the configuration tasks to use the configfile module
...
library/roles/iptables: Create rules for postgresql even if the service listens on localhost only.
2015-06-22 14:49:59 +02:00
Andrea Dell'Amico
a684f6f5fd
library/roles/iptables/tasks/main.yml: Fix the 'when' clause.
2015-06-15 12:01:25 +02:00
Andrea Dell'Amico
d69a92292c
library: small fixes.
...
d4science-gcube/roles/mediawiki_setup/templates/nginx-mediawiki.j2: First attempt at a nginx ssl config.
2015-06-14 23:39:13 +02:00
Andrea Dell'Amico
b9d50790cd
d4science-ghn-cluster: We now manage the iptables firewall on the mongodb cluster.
...
library/roles: separate task that sets the hostname
library/vars/isti-global.yml: add the d4science partners networks as a common variable.
2015-06-11 16:32:01 +02:00
Andrea Dell'Amico
93be7129fe
library/roles: roles added for memcache and revive-adserver. Various fixes to the haproxy, php-fpm, varnish and yii roles.
2015-05-31 19:35:38 +02:00
Andrea Dell'Amico
73d37f81a6
Major refactoring. Moved all the library roles under 'library/roles' and changed all the occurrances inside all the playbooks.
2015-05-28 11:32:57 +02:00