Commit Graph

34 Commits

Author SHA1 Message Date
Andrea Dell'Amico 31b8b7b711 Put the prometheus rules at the end of the template, so that they not interfere with other rules. 2019-02-19 16:54:15 +01:00
Andrea Dell'Amico 8156a3883b Change the iptables rules.v4 template to support specific policies and to automatically reject the traffic for not allowed addresses. 2018-11-27 18:27:53 +01:00
Andrea Dell'Amico 7f46f6f88e library/roles/iptables/templates/iptables-rules.v4.j2: Firewall rules for prometheus. 2018-02-07 16:52:55 +01:00
Andrea Dell'Amico d1672fe4fb library/roles/iptables/templates/iptables-rules.v4.j2: Do not fail if ganglia_unicast_mode is not defined. 2018-01-25 20:17:58 +01:00
Andrea Dell'Amico 69f14daa94 library/roles/iptables/templates/iptables-rules.v4.j2: Fix a conditional. 2018-01-16 17:03:54 +01:00
Andrea Dell'Amico 56fc118e9d iptables: in the tcp or udp rules, the allowed_hosts variables can be a list. 2017-10-20 17:46:21 +02:00
Andrea Dell'Amico 892a05256a library/roles/iptables/templates/iptables-rules.v4.j2: Fix a mistake where the task failed when psql_db_data was not defined. 2017-03-07 13:12:01 +01:00
Andrea Dell'Amico ba12f3dba8 library/roles/iptables/templates/iptables-rules.v4.j2: Fix a typo. 2016-12-14 18:32:05 +01:00
Andrea Dell'Amico d32a1e99c6 library/roles/iptables/templates/iptables-rules.v4.j2: Add a rule to add ANY rules. 2016-12-14 16:09:39 +01:00
Andrea Dell'Amico 86b510e7d5 d4science-ghn-cluster: New variabiles to cover the orientdb configuration.
library/roles/iptables/templates/iptables-rules.v4.j2: rule to support orientdb multicast configuration.
library/roles/orientdb: Template all the configuration files. Move the database and log directory out of the distribution.
2016-09-28 19:19:51 +02:00
Andrea Dell'Amico 80132d9e80 library/roles/iptables/templates/iptables-rules.v4.j2: The tomcat cluster rules need more flexibility. 2016-09-12 11:56:19 +02:00
Andrea Dell'Amico 36d88eb220 library/roles/iptables/templates/iptables-rules.v4.j2: Do not duplicate the http (port 80) rule when letsencrypt is active. 2016-08-04 16:56:59 +02:00
Andrea Dell'Amico 487572aa6e library/roles/ganglia: Change templates and defaults to support an unicast configuration.
library/roles/iptables: Rules to support a ganglia configuration that runs over unicast and not multicast.
2016-07-12 19:15:00 +02:00
Andrea Dell'Amico 2544a66b68 library/roles/iptables/templates/iptables-rules.v4.j2: If we are going to install letsencrypt, open the port 80/tcp to the world. 2016-07-12 15:33:46 +02:00
Andrea Dell'Amico a4159b2769 library/roles/iptables: Rules for the keepalived communications.
library/roles/keepalived: Role that installs and configures keepalived. The template is specific for the haproxy use case.
2016-07-05 18:29:03 +02:00
Andrea Dell'Amico d975326a1b library/roles/iptables/templates/iptables-rules.v4.j2: More conditionals for the postgres and mysql rules. 2016-06-22 18:02:28 +02:00
Andrea Dell'Amico b465587c3c library/roles/iptables/templates/iptables-rules.v4.j2: fix the template so that it manages NAT correctly. 2016-06-11 16:56:12 +02:00
Andrea Dell'Amico 1dbe0c9209 library/roles/iptables: Manage NAT and different defaults for INPUT and FORWARD chains. 2016-06-11 15:24:48 +02:00
Andrea Dell'Amico 93de42a333 d4science-ghn-cluster: new infra dev VM. liferay cluster.
library/roles/iptables: snippet for the multicast part of tomcat clustering.
2016-05-25 15:56:05 +02:00
Andrea Dell'Amico 7a4e60ff33 library/roles/iptables/templates/iptables-rules.v4.j2: move the blacklist rules before anything else. 2015-10-23 19:45:07 +02:00
Andrea Dell'Amico aa1ad48c46 library/roles/iptables: Support for blacklists of ip/networks. Optionally with associated protocol, source port and destination port. 2015-10-23 16:01:53 +02:00
Andrea Dell'Amico 97e9d1d055 library/roles/iptables/templates/iptables-rules.v4.j2: Do not assume that the variables that rule specific services are defined.
dnet-efg/portal.yml: Add the basic steps to install drupal.
2015-10-15 18:43:28 +02:00
Andrea Dell'Amico 8e104cec4a library/vars/isti-global.yml: Install and configure munin by default. 2015-10-14 14:47:23 +02:00
Andrea Dell'Amico 478dba36c0 dnet-openaire/group_vars/parthenos_mapping_dev/mapping.yml: Do not setup the SMTP relay iptables rules 2015-10-12 11:13:53 +02:00
Andrea Dell'Amico e090edee15 infrastructure-services/group_vars/all/all.yml: remove redundant variables. 2015-10-10 09:03:24 +02:00
Andrea Dell'Amico 304a25e564 library/roles/iptables: do not set ganglia or nagios rules if not explicitly told.
d4science-ghn-cluster/roles/smartgears: specific tasks to manage the egi images
d4science-ghn-cluster/roles/smartgears/templates/smartgears-setup.sh.j2: script to setup the container when the image is first activated.
2015-10-07 14:48:22 +02:00
Andrea Dell'Amico 10441129fc library/roles/dnet_user_services_perms: Manage more directories. Logs in /var/log/dnet
library/roles/iptables/templates/iptables-rules.v6.j2: Fix the reject options
library/roles/tomcat: Install a catalina.properties that matches the one used by the multiple instances role
library/roles/tomcat/templates/tomcat-server.xml.j2: Do not generate a random password when the shutdown port is disabled
2015-07-16 13:25:02 +02:00
Andrea Dell'Amico 6eb98527ba library/roles/iptables/templates/iptables-rules.v4.j2: manage multiple IPs for the nagios server.
library/roles/iptables/templates/iptables-rules.v6.j2: set the same policy used by the ipv4 rules.
2015-07-15 13:59:23 +02:00
Andrea Dell'Amico e1180b39a7 library/roles/mysql: better backup script. Now supports nagios and a retain interval.
library/roles/iptables: special case for ldap.
library/roles/openldap-server: first bits of a openldap role
2015-07-14 00:30:49 +02:00
Andrea Dell'Amico d37840100e Various fixes to the library roles. 2015-07-13 14:17:42 +02:00
Andrea Dell'Amico e53c5a3f63 library/roles/postgresql: Fix the configuration tasks to use the configfile module
library/roles/iptables: Create rules for postgresql even if the service listens on localhost only.
2015-06-22 14:49:59 +02:00
Andrea Dell'Amico d69a92292c library: small fixes.
d4science-gcube/roles/mediawiki_setup/templates/nginx-mediawiki.j2: First attempt at a nginx ssl config.
2015-06-14 23:39:13 +02:00
Andrea Dell'Amico b9d50790cd d4science-ghn-cluster: We now manage the iptables firewall on the mongodb cluster.
library/roles: separate task that sets the hostname
library/vars/isti-global.yml: add the d4science partners networks as a common variable.
2015-06-11 16:32:01 +02:00
Andrea Dell'Amico 73d37f81a6 Major refactoring. Moved all the library roles under 'library/roles' and changed all the occurrances inside all the playbooks. 2015-05-28 11:32:57 +02:00