--- # updates firewall config # Parameters: # playbook inventory # stage := the name of the stage (e.g. dev, int, qa, prod) ############################################################# # Creating inventory dynamically for given parameters ############################################################# - hosts: localhost gather_facts: false connection: local pre_tasks: - name: "Check if ansible version is at least 2.10.x" assert: that: - ansible_version.major >= 2 - ansible_version.minor >= 10 msg: "The ansible version has to be at least ({{ ansible_version.full }})" # add virtual server to load stage specific variables as context - name: "Add <{{ stage }}-virtual-host-to-read-groups-vars> to hosts" add_host: name: "{{ stage }}-virtual-host-to-read-groups-vars" groups: - "stage_{{ stage }}" changed_when: False ############################################################# # Creating inventory dynamically for given parameters ############################################################# - hosts: "{{ stage }}-virtual-host-to-read-groups-vars" serial: "{{ serial_number | default(1) }}" gather_facts: false connection: local tasks: - name: "Setup base hcloud firewall rules" include_role: name: hcloud tasks_from: configure-firewall2 loop: "{{ hcloud_firewall_objects }}" loop_control: loop_var: firewall_object # - name: "Generate awx-related hcloud firewall rules" block: - name: "Lookup hetzner servers - smaradigo k8s worker nodes" delegate_to: localhost hcloud_server_info: api_token: "{{ hetzner_authentication_ansible_vault }}" label_selector: 'service=kube_node' register: found_servers - name: "Initial VAR(s)" set_fact: k8s_worker_node_ips: [] - name: "Get IPs from k8s worker nodes" set_fact: k8s_worker_node_ips: '{{ k8s_worker_node_ips + [ item + "/32" ] }}' loop: '{{ found_servers.hcloud_server_info | selectattr("ipv4_address","defined") | map(attribute="ipv4_address") }}' - name: "Setup hcloud firewalls for AWX stuff..." include_role: name: hcloud tasks_from: configure-firewall2 vars: awx_source_ips: '{{ k8s_worker_node_ips }}' loop: "{{ hcloud_firewall_objects_awx }}" loop_control: loop_var: firewall_object - name: "Setup hcloud firewalls for database backup..." include_role: name: hcloud tasks_from: configure-firewall2 vars: awx_source_ips: '{{ k8s_worker_node_ips }}' loop: "{{ hcloud_firewall_objects_backup }}" loop_control: loop_var: firewall_object - name: "Setup hcloud firewalls for gitea..." include_role: name: hcloud tasks_from: configure-firewall2 vars: awx_source_ips: '{{ k8s_worker_node_ips }}' loop: "{{ hcloud_firewall_objects_gitea }}" loop_control: loop_var: firewall_object - name: "Setup hcloud firewalls for keycloak..." include_role: name: hcloud tasks_from: configure-firewall2 vars: awx_source_ips: '{{ k8s_worker_node_ips }}' loop: "{{ hcloud_firewall_objects_keycloak }}" loop_control: loop_var: firewall_object - name: "Setup hcloud firewalls for kibana..." include_role: name: hcloud tasks_from: configure-firewall2 vars: awx_source_ips: '{{ k8s_worker_node_ips }}' loop: "{{ hcloud_firewall_objects_kibana }}" loop_control: loop_var: firewall_object - name: "Setup hcloud firewalls for management..." include_role: name: hcloud tasks_from: configure-firewall2 vars: awx_source_ips: '{{ k8s_worker_node_ips }}' loop: "{{ hcloud_firewall_objects_management }}" loop_control: loop_var: firewall_object # end of BLOCK when: hcloud_firewall_app_specific_stuff | default(True)