diff --git a/README.md b/README.md index c97b8bb..6e0bcd9 100644 --- a/README.md +++ b/README.md @@ -63,6 +63,8 @@ Red Hat Certified Specialist in Ansible Automation (EX407) Preparation Course - [Ansible 2.7 Exam Update](#ansible-2.7-exam-update) - [Install and Configure Control Node and Ansible Nodes](#install-and-configure-control-node-and-ansible-nodes) - [Shell Scripts to Run Ad-Hoc Commands](#shell-scripts-to-run-ad-hoc-commands) + - [Firewall Rules](#firewall-rules) + ## Understanding Core Components of Ansible ### Understanding Core Components of Ansible Part 1 @@ -2193,4 +2195,67 @@ Why shell scripts? - People not skilled in Ansible can create and use them - There is no need to know yam and .yml formatiing -![img](https://github.com/Bes0n/EX407-Ansible-Automation/blob/master/images/img28.png) \ No newline at end of file +![img](https://github.com/Bes0n/EX407-Ansible-Automation/blob/master/images/img28.png) + + +### Firewall Rules +Ansible and Firewall Rules +- There are Ansible modules that can be used with firewalls +- The **firewalld** module like othersm, can be used to add or remove rules. +- **firewalld** module - https://docs.ansible.com/ansible/latest/modules/firewalld_module.html +- **iptables** module - https://docs.ansible.com/ansible/latest/modules/iptables_module.html + +- Playbook for installation and enabling firewalld: +``` +--- +- hosts: labservers + user: ansible + become: yes + gather_facts: no + tasks: + - name: install firewalld + action: yum name=firewalld state=installed + - name: enable firewalld on system boot + service: name=firewalld enabled=yes + - name: start service firewalld, if not started + service: + name: firewalld + state: started +``` + +- Second playbook will install **elinks** and **httpd** on your nodes +``` +--- +- hosts: labservers + user: ansible + become: yes + gather_facts: no + tasks: + - name: install elinks + action: yum name=elinks state=installed + - name: install httpd + action: yum name=httpd state=installed + - name: enable and start apache on system reboot + service: name=httpd enabled=yes state=started +``` + +- `elinks http://localhost `- our apache server accessible from internal network +- `elinks http://client` - but it's not accessible from outside + +- Let's create playbook to change this firewall rule: +``` +--- +- hosts: labservers + user: ansible + become: yes + gather_facts: no + tasks: + - firewalld: + service: http + permanent: yes + state: enabled + - name: restart service firewalld + service: + name: firewalld + state: restarted +``` diff --git a/playbooks/firewall-rule.yml b/playbooks/firewall-rule.yml new file mode 100644 index 0000000..6fa4a24 --- /dev/null +++ b/playbooks/firewall-rule.yml @@ -0,0 +1,14 @@ +--- +- hosts: labservers + user: ansible + become: yes + gather_facts: no + tasks: + - firewalld: + service: http + permanent: yes + state: enabled + - name: restart service firewalld + service: + name: firewalld + state: restarted \ No newline at end of file diff --git a/playbooks/install-firewalld.yml b/playbooks/install-firewalld.yml new file mode 100644 index 0000000..b8f23fe --- /dev/null +++ b/playbooks/install-firewalld.yml @@ -0,0 +1,14 @@ +--- +- hosts: labservers + user: ansible + become: yes + gather_facts: no + tasks: + - name: install firewalld + action: yum name=firewalld state=installed + - name: enable firewalld on system boot + service: name=firewalld enabled=yes + - name: start service firewalld, if not started + service: + name: firewalld + state: started \ No newline at end of file diff --git a/playbooks/setup-server.yml b/playbooks/setup-server.yml new file mode 100644 index 0000000..ca282f7 --- /dev/null +++ b/playbooks/setup-server.yml @@ -0,0 +1,12 @@ +--- +- hosts: labservers + user: ansible + become: yes + gather_facts: no + tasks: + - name: install elinks + action: yum name=elinks state=installed + - name: install httpd + action: yum name=httpd state=installed + - name: enable and start apache on system reboot + service: name=httpd enabled=yes state=started \ No newline at end of file