Commit 1cade469 authored by Romain Dessort's avatar Romain Dessort

Role common: exclude some tasks from molecule converge test

parent 3905707b
......@@ -16,7 +16,9 @@
ufw:
name: OpenSSH
rule: limit
tags: firewall
tags:
- firewall
- molecule-converge-notest
- name: Set default input policy
ufw:
......@@ -37,7 +39,9 @@
direction: out
dest: "{{item}}"
with_items: "{{dns_resolvers}}"
tags: firewall
tags:
- firewall
- molecule-converge-notest
- name: Allow outgoing NTP requests to ntp_server_ips
ufw:
......@@ -46,7 +50,9 @@
dest: "{{item}}"
port: ntp
with_items: "{{ntp_server_ips}}"
tags: firewall
tags:
- firewall
- molecule-converge-notest
- name: Allow outgoing HTTP(S) requests to fw_allow_http
ufw:
......@@ -55,7 +61,9 @@
rule: allow
dest: "{{item}}"
with_items: "{{fw_allow_http}}"
tags: firewall
tags:
- firewall
- molecule-converge-notest
- name: Allow outgoing SMTP requests
ufw:
......@@ -63,7 +71,9 @@
direction: out
rule: allow
when: hosted_by is not defined
tags: firewall
tags:
- firewall
- molecule-converge-notest
- name: Allow outgoing SMTP requests to SMTP relayhost
ufw:
......@@ -72,12 +82,16 @@
rule: allow
to: "{{hostvars[hosted_by].ansible_all_ipv4_addresses |ipaddr('10.0.0.0/24') |first}}"
when: hosted_by is defined
tags: firewall
tags:
- firewall
- molecule-converge-notest
- name: Enable ufw
ufw:
state: enabled
tags: firewall
tags:
- firewall
- molecule-converge-notest
- name: Allow outgoing HTTP trafic to APT proxy
ufw:
......@@ -87,7 +101,9 @@
port: 3142
direction: out
when: use_apt_proxy
tags: firewall
tags:
- firewall
- molecule-converge-notest
- name: Allow outgoing DHCP requests
ufw:
......@@ -96,7 +112,9 @@
port: 67
direction: out
when: ansible_virtualization_role == 'guest'
tags: firewall
tags:
- firewall
- molecule-converge-notest
- name: Allow outgoing ICMP
lineinfile:
......@@ -122,7 +140,9 @@
port: 5222
direction: out
when: hosted_by is not defined
tags: firewall
tags:
- firewall
- molecule-converge-notest
- name: Allow extra outgoing trafic
ufw:
......@@ -132,4 +152,6 @@
proto: "{{item.proto |default('tcp')}}"
port: "{{item.port}}"
with_items: "{{fw_allow_out}}"
tags: firewall
tags:
- firewall
- molecule-converge-notest
......@@ -27,7 +27,9 @@
from: "{{hostvars[hosted_by].ansible_all_ipv4_addresses |ipaddr('10.0.0.0/24') |first}}"
port: 4949
when: hosted_by is defined
tags: munin-node
tags:
- munin-node
- molecule-converge-notest
- name: Open munin-node port to munin-master
ufw:
......@@ -37,7 +39,9 @@
from: "{{hostvars[munin_master].ansible_default_ipv4.address}}"
port: 4949
when: hosted_by is not defined and munin_master != ansible_hostname
tags: munin-node
tags:
- munin-node
- molecule-converge-notest
- name: Remove useless munin plugins
file:
......
......@@ -26,20 +26,32 @@
src: network/hosts
dest: /etc/
mode: "0644"
tags: network
tags:
- network
- molecule-converge-notest
- name: Create a good resolv.conf file
template:
src: network/resolv.conf
dest: /etc/
mode: "0644"
tags: network
tags:
- network
- molecule-converge-notest
- name: Include /etc/network/interfaces.d/* files
lineinfile:
name: /etc/network/interfaces
insertbefore: BOF
line: source /etc/network/interfaces.d/*
create: true
tags: network
- name: Create /etc/network/interfaces.d/ directory
file:
name: /etc/network/interfaces.d/
mode: "0755"
state: directory
tags: network
- name: Set up WAN network on virtual machines
......@@ -61,7 +73,9 @@
- "net.ipv6.conf.default.autoconf"
# - "net.ipv6.conf.{{ansible_default_ipv6.interface}}.autoconf"
# - "net.ipv6.conf.{{ansible_default_ipv6.interface}}.accept_ra"
tags: network
tags:
- network
- molecule-converge-notest
- name: Install ntp
apt:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment