Commit 1cade469 authored by Romain Dessort's avatar Romain Dessort

Role common: exclude some tasks from molecule converge test

parent 3905707b
...@@ -16,7 +16,9 @@ ...@@ -16,7 +16,9 @@
ufw: ufw:
name: OpenSSH name: OpenSSH
rule: limit rule: limit
tags: firewall tags:
- firewall
- molecule-converge-notest
- name: Set default input policy - name: Set default input policy
ufw: ufw:
...@@ -37,7 +39,9 @@ ...@@ -37,7 +39,9 @@
direction: out direction: out
dest: "{{item}}" dest: "{{item}}"
with_items: "{{dns_resolvers}}" with_items: "{{dns_resolvers}}"
tags: firewall tags:
- firewall
- molecule-converge-notest
- name: Allow outgoing NTP requests to ntp_server_ips - name: Allow outgoing NTP requests to ntp_server_ips
ufw: ufw:
...@@ -46,7 +50,9 @@ ...@@ -46,7 +50,9 @@
dest: "{{item}}" dest: "{{item}}"
port: ntp port: ntp
with_items: "{{ntp_server_ips}}" with_items: "{{ntp_server_ips}}"
tags: firewall tags:
- firewall
- molecule-converge-notest
- name: Allow outgoing HTTP(S) requests to fw_allow_http - name: Allow outgoing HTTP(S) requests to fw_allow_http
ufw: ufw:
...@@ -55,7 +61,9 @@ ...@@ -55,7 +61,9 @@
rule: allow rule: allow
dest: "{{item}}" dest: "{{item}}"
with_items: "{{fw_allow_http}}" with_items: "{{fw_allow_http}}"
tags: firewall tags:
- firewall
- molecule-converge-notest
- name: Allow outgoing SMTP requests - name: Allow outgoing SMTP requests
ufw: ufw:
...@@ -63,7 +71,9 @@ ...@@ -63,7 +71,9 @@
direction: out direction: out
rule: allow rule: allow
when: hosted_by is not defined when: hosted_by is not defined
tags: firewall tags:
- firewall
- molecule-converge-notest
- name: Allow outgoing SMTP requests to SMTP relayhost - name: Allow outgoing SMTP requests to SMTP relayhost
ufw: ufw:
...@@ -72,12 +82,16 @@ ...@@ -72,12 +82,16 @@
rule: allow rule: allow
to: "{{hostvars[hosted_by].ansible_all_ipv4_addresses |ipaddr('10.0.0.0/24') |first}}" to: "{{hostvars[hosted_by].ansible_all_ipv4_addresses |ipaddr('10.0.0.0/24') |first}}"
when: hosted_by is defined when: hosted_by is defined
tags: firewall tags:
- firewall
- molecule-converge-notest
- name: Enable ufw - name: Enable ufw
ufw: ufw:
state: enabled state: enabled
tags: firewall tags:
- firewall
- molecule-converge-notest
- name: Allow outgoing HTTP trafic to APT proxy - name: Allow outgoing HTTP trafic to APT proxy
ufw: ufw:
...@@ -87,7 +101,9 @@ ...@@ -87,7 +101,9 @@
port: 3142 port: 3142
direction: out direction: out
when: use_apt_proxy when: use_apt_proxy
tags: firewall tags:
- firewall
- molecule-converge-notest
- name: Allow outgoing DHCP requests - name: Allow outgoing DHCP requests
ufw: ufw:
...@@ -96,7 +112,9 @@ ...@@ -96,7 +112,9 @@
port: 67 port: 67
direction: out direction: out
when: ansible_virtualization_role == 'guest' when: ansible_virtualization_role == 'guest'
tags: firewall tags:
- firewall
- molecule-converge-notest
- name: Allow outgoing ICMP - name: Allow outgoing ICMP
lineinfile: lineinfile:
...@@ -122,7 +140,9 @@ ...@@ -122,7 +140,9 @@
port: 5222 port: 5222
direction: out direction: out
when: hosted_by is not defined when: hosted_by is not defined
tags: firewall tags:
- firewall
- molecule-converge-notest
- name: Allow extra outgoing trafic - name: Allow extra outgoing trafic
ufw: ufw:
...@@ -132,4 +152,6 @@ ...@@ -132,4 +152,6 @@
proto: "{{item.proto |default('tcp')}}" proto: "{{item.proto |default('tcp')}}"
port: "{{item.port}}" port: "{{item.port}}"
with_items: "{{fw_allow_out}}" with_items: "{{fw_allow_out}}"
tags: firewall tags:
- firewall
- molecule-converge-notest
...@@ -27,7 +27,9 @@ ...@@ -27,7 +27,9 @@
from: "{{hostvars[hosted_by].ansible_all_ipv4_addresses |ipaddr('10.0.0.0/24') |first}}" from: "{{hostvars[hosted_by].ansible_all_ipv4_addresses |ipaddr('10.0.0.0/24') |first}}"
port: 4949 port: 4949
when: hosted_by is defined when: hosted_by is defined
tags: munin-node tags:
- munin-node
- molecule-converge-notest
- name: Open munin-node port to munin-master - name: Open munin-node port to munin-master
ufw: ufw:
...@@ -37,7 +39,9 @@ ...@@ -37,7 +39,9 @@
from: "{{hostvars[munin_master].ansible_default_ipv4.address}}" from: "{{hostvars[munin_master].ansible_default_ipv4.address}}"
port: 4949 port: 4949
when: hosted_by is not defined and munin_master != ansible_hostname when: hosted_by is not defined and munin_master != ansible_hostname
tags: munin-node tags:
- munin-node
- molecule-converge-notest
- name: Remove useless munin plugins - name: Remove useless munin plugins
file: file:
......
...@@ -26,20 +26,32 @@ ...@@ -26,20 +26,32 @@
src: network/hosts src: network/hosts
dest: /etc/ dest: /etc/
mode: "0644" mode: "0644"
tags: network tags:
- network
- molecule-converge-notest
- name: Create a good resolv.conf file - name: Create a good resolv.conf file
template: template:
src: network/resolv.conf src: network/resolv.conf
dest: /etc/ dest: /etc/
mode: "0644" mode: "0644"
tags: network tags:
- network
- molecule-converge-notest
- name: Include /etc/network/interfaces.d/* files - name: Include /etc/network/interfaces.d/* files
lineinfile: lineinfile:
name: /etc/network/interfaces name: /etc/network/interfaces
insertbefore: BOF insertbefore: BOF
line: source /etc/network/interfaces.d/* line: source /etc/network/interfaces.d/*
create: true
tags: network
- name: Create /etc/network/interfaces.d/ directory
file:
name: /etc/network/interfaces.d/
mode: "0755"
state: directory
tags: network tags: network
- name: Set up WAN network on virtual machines - name: Set up WAN network on virtual machines
...@@ -61,7 +73,9 @@ ...@@ -61,7 +73,9 @@
- "net.ipv6.conf.default.autoconf" - "net.ipv6.conf.default.autoconf"
# - "net.ipv6.conf.{{ansible_default_ipv6.interface}}.autoconf" # - "net.ipv6.conf.{{ansible_default_ipv6.interface}}.autoconf"
# - "net.ipv6.conf.{{ansible_default_ipv6.interface}}.accept_ra" # - "net.ipv6.conf.{{ansible_default_ipv6.interface}}.accept_ra"
tags: network tags:
- network
- molecule-converge-notest
- name: Install ntp - name: Install ntp
apt: apt:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment