Merge branch 'firewall' into 'newinfra'

[nftables] Install and enable nftables on routers See merge request nounous/ansible!62
2020-08-19 17:49:28 +02:00 · 2020-08-19 17:49:28 +02:00 · eb21eba032
parent 68ce662296 b76d538ad6
commit eb21eba032
2 changed files with 18 additions and 2 deletions
--- a/plays/firewall.yml
+++ b/plays/firewall.yml
@ -4,13 +4,14 @@
 - hosts: crans_routeurs
  roles:
    - sysctl-forwarding
    - nftables
 - hosts: routeur-sam.adm.crans.org
  roles:
    - arp-proxy
 # Deploy firewall
- hosts: crans_routeurs,gulp.adm.crans.org
+- hosts: crans_routeurs
  vars:
    re2o:
      server: re2o.adm.crans.org
@ -20,7 +21,7 @@
    - firewall
 # Deploy BGP server configuration on IPv4 routers
- hosts: crans_routeurs,gulp.adm.crans.org
+- hosts: crans_routeurs
  vars:
    zebra:
      password: "{{ vault_zebra_password }}"
--- a/roles/nftables/tasks/main.yml
+++ b/roles/nftables/tasks/main.yml
@ -0,0 +1,15 @@
 ---
 - name: Install nftables
  apt:
    name: nftables
    state: present
    update_cache: true
  register: apt_result
  retries: 3
  until: apt_result is succeeded
 - name: Enable and start nftables
  systemd:
    name: nftables
    enabled: true
    state: started