Commit Graph

50 Commits

Author SHA1 Message Date
Andrea Dell'Amico 8156a3883b Change the iptables rules.v4 template to support specific policies and to automatically reject the traffic for not allowed addresses. 2018-11-27 18:27:53 +01:00
Andrea Dell'Amico 92e71712bc Install postfix before iptables if we are going to configure a smtp server. 2018-05-04 13:27:31 +02:00
Andrea Dell'Amico ffc72e6f4f library/roles/iptables/defaults/main.yml: Use the default interface as the NAT output one. Do not pretend that is always eth0 2018-05-02 18:15:26 +02:00
Andrea Dell'Amico baf6caa8f2 library/roles/iptables/tasks/main.yml: Fix a installed vs present option. 2018-04-21 13:25:45 +02:00
Andrea Dell'Amico 188f0ccb8a iptables: fix the restart of fail2ban and docker. 2018-03-19 18:53:55 +01:00
Andrea Dell'Amico a7f966b26e handle the docker service restart after the iptables service one. 2018-03-19 15:49:43 +01:00
Andrea Dell'Amico e4d90a8e76 Install postfix if we want to use it as a relay service. We need it installed before the rules are applied. 2018-03-01 13:06:46 +01:00
Andrea Dell'Amico a86418946d library/roles/iptables/tasks/main.yml: Fix a conditional. 2018-02-17 12:45:05 +01:00
Andrea Dell'Amico 528a01ec4a library/roles/iptables/tasks/main.yml: Ubuntu 16.04 uses netfilter-persistent and systemd. 2018-02-17 12:44:03 +01:00
Andrea Dell'Amico 7f46f6f88e library/roles/iptables/templates/iptables-rules.v4.j2: Firewall rules for prometheus. 2018-02-07 16:52:55 +01:00
Andrea Dell'Amico d1672fe4fb library/roles/iptables/templates/iptables-rules.v4.j2: Do not fail if ganglia_unicast_mode is not defined. 2018-01-25 20:17:58 +01:00
Andrea Dell'Amico 69f14daa94 library/roles/iptables/templates/iptables-rules.v4.j2: Fix a conditional. 2018-01-16 17:03:54 +01:00
Andrea Dell'Amico 56fc118e9d iptables: in the tcp or udp rules, the allowed_hosts variables can be a list. 2017-10-20 17:46:21 +02:00
Andrea Dell'Amico 892a05256a library/roles/iptables/templates/iptables-rules.v4.j2: Fix a mistake where the task failed when psql_db_data was not defined. 2017-03-07 13:12:01 +01:00
Andrea Dell'Amico ba12f3dba8 library/roles/iptables/templates/iptables-rules.v4.j2: Fix a typo. 2016-12-14 18:32:05 +01:00
Andrea Dell'Amico d32a1e99c6 library/roles/iptables/templates/iptables-rules.v4.j2: Add a rule to add ANY rules. 2016-12-14 16:09:39 +01:00
Andrea Dell'Amico 86b510e7d5 d4science-ghn-cluster: New variabiles to cover the orientdb configuration.
library/roles/iptables/templates/iptables-rules.v4.j2: rule to support orientdb multicast configuration.
library/roles/orientdb: Template all the configuration files. Move the database and log directory out of the distribution.
2016-09-28 19:19:51 +02:00
Andrea Dell'Amico 80132d9e80 library/roles/iptables/templates/iptables-rules.v4.j2: The tomcat cluster rules need more flexibility. 2016-09-12 11:56:19 +02:00
Andrea Dell'Amico 36d88eb220 library/roles/iptables/templates/iptables-rules.v4.j2: Do not duplicate the http (port 80) rule when letsencrypt is active. 2016-08-04 16:56:59 +02:00
Andrea Dell'Amico 487572aa6e library/roles/ganglia: Change templates and defaults to support an unicast configuration.
library/roles/iptables: Rules to support a ganglia configuration that runs over unicast and not multicast.
2016-07-12 19:15:00 +02:00
Andrea Dell'Amico b53163a875 library/roles/iptables/tasks/main.yml: Start the iptables rules immediately after a new set of rules is installed. 2016-07-12 16:29:52 +02:00
Andrea Dell'Amico 2544a66b68 library/roles/iptables/templates/iptables-rules.v4.j2: If we are going to install letsencrypt, open the port 80/tcp to the world. 2016-07-12 15:33:46 +02:00
Andrea Dell'Amico a4159b2769 library/roles/iptables: Rules for the keepalived communications.
library/roles/keepalived: Role that installs and configures keepalived. The template is specific for the haproxy use case.
2016-07-05 18:29:03 +02:00
Andrea Dell'Amico d975326a1b library/roles/iptables/templates/iptables-rules.v4.j2: More conditionals for the postgres and mysql rules. 2016-06-22 18:02:28 +02:00
Andrea Dell'Amico b465587c3c library/roles/iptables/templates/iptables-rules.v4.j2: fix the template so that it manages NAT correctly. 2016-06-11 16:56:12 +02:00
Andrea Dell'Amico 1dbe0c9209 library/roles/iptables: Manage NAT and different defaults for INPUT and FORWARD chains. 2016-06-11 15:24:48 +02:00
Andrea Dell'Amico 93de42a333 d4science-ghn-cluster: new infra dev VM. liferay cluster.
library/roles/iptables: snippet for the multicast part of tomcat clustering.
2016-05-25 15:56:05 +02:00
Andrea Dell'Amico c80b73b8fa library/roles/postfix-relay/tasks/smtp-sasl-auth.yml: Fix the task that updates the hash.
d4science-ghn-cluster/group_vars/portal_servers: Add the d4science portals to the ganglia grid.
d4science-ghn-cluster/smtp-clients.yml: Add the task that creates the smtp accounts on the relay.
d4science-ghn-cluster/portals.yml: Playbook that configures some parts of the portals distribution. smtp relay, iptables rules, ganglia.
2016-01-22 17:09:57 +01:00
Andrea Dell'Amico 7a4e60ff33 library/roles/iptables/templates/iptables-rules.v4.j2: move the blacklist rules before anything else. 2015-10-23 19:45:07 +02:00
Andrea Dell'Amico aa1ad48c46 library/roles/iptables: Support for blacklists of ip/networks. Optionally with associated protocol, source port and destination port. 2015-10-23 16:01:53 +02:00
Andrea Dell'Amico b7ec847f5d all: Fix the nagios, ganglia and munin enable/disable variables. 2015-10-16 12:35:42 +02:00
Andrea Dell'Amico 97e9d1d055 library/roles/iptables/templates/iptables-rules.v4.j2: Do not assume that the variables that rule specific services are defined.
dnet-efg/portal.yml: Add the basic steps to install drupal.
2015-10-15 18:43:28 +02:00
Andrea Dell'Amico 8e104cec4a library/vars/isti-global.yml: Install and configure munin by default. 2015-10-14 14:47:23 +02:00
Andrea Dell'Amico 478dba36c0 dnet-openaire/group_vars/parthenos_mapping_dev/mapping.yml: Do not setup the SMTP relay iptables rules 2015-10-12 11:13:53 +02:00
Andrea Dell'Amico e090edee15 infrastructure-services/group_vars/all/all.yml: remove redundant variables. 2015-10-10 09:03:24 +02:00
Andrea Dell'Amico 304a25e564 library/roles/iptables: do not set ganglia or nagios rules if not explicitly told.
d4science-ghn-cluster/roles/smartgears: specific tasks to manage the egi images
d4science-ghn-cluster/roles/smartgears/templates/smartgears-setup.sh.j2: script to setup the container when the image is first activated.
2015-10-07 14:48:22 +02:00
Andrea Dell'Amico 9e5653f85d library/roles/iptables/tasks/main.yml: ugly fix for the distribution versions mess.
library/roles/oracle-jdk/tasks/main.yml: now it installs on debian too.
library/roles/php-fpm: Support saving sessions on memcache. Needs memcache (there's a role for it).
library/roles/postfix-relay: Now it can be configured to permit unencrypted connections from the local clients.
library/roles/users: Fix the sudo stuff.
2015-09-03 02:36:22 +02:00
Andrea Dell'Amico 4b06f84618 library/roles: Try and fix the fail2ban conditionals, again.
xen/host_vars/dlib28x.dom0.research-infrastructures.eu: add dlib28x.dom0.research-infrastructures.eu
2015-08-07 11:25:06 +02:00
Andrea Dell'Amico 0df30e5cf7 library/roles: fixes to the fail2ban and iptables handlers. Remove some dependencies from the solr-tomcat-instance and tomcat-apache-requirements roles. They will need to be explicitly set. 2015-07-23 19:32:54 +02:00
Andrea Dell'Amico 10441129fc library/roles/dnet_user_services_perms: Manage more directories. Logs in /var/log/dnet
library/roles/iptables/templates/iptables-rules.v6.j2: Fix the reject options
library/roles/tomcat: Install a catalina.properties that matches the one used by the multiple instances role
library/roles/tomcat/templates/tomcat-server.xml.j2: Do not generate a random password when the shutdown port is disabled
2015-07-16 13:25:02 +02:00
Andrea Dell'Amico 6eb98527ba library/roles/iptables/templates/iptables-rules.v4.j2: manage multiple IPs for the nagios server.
library/roles/iptables/templates/iptables-rules.v6.j2: set the same policy used by the ipv4 rules.
2015-07-15 13:59:23 +02:00
Andrea Dell'Amico e1180b39a7 library/roles/mysql: better backup script. Now supports nagios and a retain interval.
library/roles/iptables: special case for ldap.
library/roles/openldap-server: first bits of a openldap role
2015-07-14 00:30:49 +02:00
Andrea Dell'Amico d222d0cfdc dnet-mincyt: new VM to host the portal. Fixes to the apache virtualhosts generation tasks.
library/roles/dnet_user_services_perms: New roles to configure the VM permissions in a way that allows playing with tomcat without been root.
infrastructure-services: First bits of nagios configuration for the infrastructure services.
2015-07-13 17:54:21 +02:00
Andrea Dell'Amico d37840100e Various fixes to the library roles. 2015-07-13 14:17:42 +02:00
Andrea Dell'Amico e53c5a3f63 library/roles/postgresql: Fix the configuration tasks to use the configfile module
library/roles/iptables: Create rules for postgresql even if the service listens on localhost only.
2015-06-22 14:49:59 +02:00
Andrea Dell'Amico a684f6f5fd library/roles/iptables/tasks/main.yml: Fix the 'when' clause. 2015-06-15 12:01:25 +02:00
Andrea Dell'Amico d69a92292c library: small fixes.
d4science-gcube/roles/mediawiki_setup/templates/nginx-mediawiki.j2: First attempt at a nginx ssl config.
2015-06-14 23:39:13 +02:00
Andrea Dell'Amico b9d50790cd d4science-ghn-cluster: We now manage the iptables firewall on the mongodb cluster.
library/roles: separate task that sets the hostname
library/vars/isti-global.yml: add the d4science partners networks as a common variable.
2015-06-11 16:32:01 +02:00
Andrea Dell'Amico 93be7129fe library/roles: roles added for memcache and revive-adserver. Various fixes to the haproxy, php-fpm, varnish and yii roles. 2015-05-31 19:35:38 +02:00
Andrea Dell'Amico 73d37f81a6 Major refactoring. Moved all the library roles under 'library/roles' and changed all the occurrances inside all the playbooks. 2015-05-28 11:32:57 +02:00