ai-workspace-infra/playbooks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(firewall): allow ssh http https ingress

Browse Source
This commit is contained in:
Haitao Pan 2026-06-16 14:51:07 +08:00
parent e5991301c6
commit b36a1c44e5
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/vhosts/common/defaults/main.yml
View File

@ -21,9 +21,11 @@ enable_common: true
common_firewall:
enabled: true
ssh_port: 22
http_port: 80
https_port: 443
allow_comments:
ssh: XWorkmate SSH
http: XWorkmate HTTP
https: XWorkmate HTTPS

8
roles/vhosts/common/tasks/firewall_ports.yml
View File

@ -9,12 +9,13 @@
path: /usr/bin/firewall-cmd
register: common_firewall_firewalld_binary
- name: Common | allow HTTP/HTTPS through UFW
- name: Common | allow SSH/HTTP/HTTPS through UFW
ansible.builtin.command: "ufw allow {{ item.port }}/{{ item.protocol }}"
register: common_firewall_ufw_allow
changed_when: "'Skipping adding existing rule' not in (common_firewall_ufw_allow.stdout | default(''))"
failed_when: common_firewall_ufw_allow.rc != 0
loop:
- { port: "{{ common_firewall.ssh_port | default(22) }}", protocol: tcp, comment: "{{ common_firewall.allow_comments.ssh | default('XWorkmate SSH') }}" }
- { port: "{{ common_firewall.http_port | default(80) }}", protocol: tcp, comment: "{{ common_firewall.allow_comments.http | default('XWorkmate HTTP') }}" }
- { port: "{{ common_firewall.https_port | default(443) }}", protocol: tcp, comment: "{{ common_firewall.allow_comments.https | default('XWorkmate HTTPS') }}" }
when:
@ -22,13 +23,14 @@
- common_firewall_ufw_binary.stat.exists | default(false)
become: true
- name: Common | allow HTTP/HTTPS through firewalld
- name: Common | allow SSH/HTTP/HTTPS through firewalld
ansible.posix.firewalld:
port: "{{ item.port }}/{{ item.protocol }}"
permanent: true
immediate: true
state: enabled
loop:
- { port: "{{ common_firewall.ssh_port | default(22) }}", protocol: tcp, comment: "{{ common_firewall.allow_comments.ssh | default('XWorkmate SSH') }}" }
- { port: "{{ common_firewall.http_port | default(80) }}", protocol: tcp, comment: "{{ common_firewall.allow_comments.http | default('XWorkmate HTTP') }}" }
- { port: "{{ common_firewall.https_port | default(443) }}", protocol: tcp, comment: "{{ common_firewall.allow_comments.https | default('XWorkmate HTTPS') }}" }
when:
@ -40,7 +42,7 @@
- name: Common | explain firewall handling
ansible.builtin.debug:
msg: >-
HTTP/HTTPS firewall handling completed or skipped on {{ inventory_hostname }}.
SSH/HTTP/HTTPS firewall handling completed or skipped on {{ inventory_hostname }}.
UFW={{ common_firewall_ufw_binary.stat.exists | default(false) }},
firewalld={{ common_firewall_firewalld_binary.stat.exists | default(false) }}.
when: