gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
prodnso
main
qa
feature/DEV-655
feature/SC-124
feature/SC-55
feature/DEV-470_2nd
feature/DEV-380_2nd
feature/DEV-380
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bbc57dbac5'
${ noResults }
hetzner-ansible/roles/hcloud/tasks/configure-firewall2.yml

184 lines
5.8 KiB
YAML
Raw Blame History

---
- name: "Get all existing firewalls"
uri:
method: GET
url: "https://api.hetzner.cloud/v1/firewalls?per_page=1000"
body_format: json
headers:
accept: application/json
authorization: Bearer {{ hetzner_authentication_ansible }}
status_code: [200]
register: hcloud_firewalls_all
delegate_to: 127.0.0.1
become: false
- name: "Setting hetzner firewall pagination count: <{{ hcloud_firewalls_all.json.meta.pagination.last_page }}>"
set_fact:
total_server_pages: "{{ hcloud_firewalls_all.json.meta.pagination.last_page }}"
become: false
tags:
- always
- name: "BLOCK << WITHOUT >> pagination"
block:
- name: "Get firewall object from list"
set_fact:
lookup_fw_obj: "{{ hcloud_firewalls_all.json.firewalls | community.general.json_query(jsonquery_find_firewall_name) }}"
vars:
jsonquery_find_firewall_name: "[?name=='{{ firewall_object.name }}']"
when:
- total_server_pages == '1'
- name: "<< WITH >> pagination"
block:
- name: "Get all existing firewalls"
uri:
method: GET
url: "https://api.hetzner.cloud/v1/firewalls?page={{ item }}"
body_format: json
headers:
accept: application/json
authorization: Bearer {{ hetzner_authentication_ansible }}
status_code: [200]
register: hcloud_firewalls_all
delegate_to: 127.0.0.1
become: false
- name: "Get firewall object from list"
set_fact:
lookup_fw_obj: "{{ hcloud_firewalls_all.json.results | community.general.json_query(querystr1) | first | community.general.json_query(querystr2) | community.general.json_query(querystr2) }}"
vars:
querystr1: "[[*].json.firewalls]"
querystr2: "[?name=='{{ firewall_object.name }}']"
when:
- total_server_pages != '1'
- name: "Create firewall rule for <<{{ firewall_object.name }}>>"
uri:
method: POST
url: "https://api.hetzner.cloud/v1/firewalls"
body_format: json
headers:
Content-Type: application/json
authorization: Bearer {{ hetzner_authentication_ansible }}
body: "{{ firewall_object | to_json }}"
return_content: yes
status_code: [201]
delegate_to: 127.0.0.1
become: false
when:
- firewall_object.state == 'present'
- lookup_fw_obj | length == 0
- name: "Update firewall rule for <<{{ firewall_object.name }}>>"
block:
- name: "Step_1: update FW rule <<{{ firewall_object.name }}>>"
uri:
method: PUT
url: "https://api.hetzner.cloud/v1/firewalls/{{ lookup_fw_obj.0.id }}"
body_format: json
headers:
Content-Type: application/json
authorization: Bearer {{ hetzner_authentication_ansible }}
body: "{{ firewall_object | to_json }}"
return_content: yes
status_code: [200]
register: fw_update_step1
delegate_to: 127.0.0.1
become: false
- name: "Setting VAR"
set_fact:
rules_obj:
rules: "{{ firewall_object.rules }}"
applyto_obj:
apply_to: "{{ firewall_object.apply_to }}"
- name: "Step_2: update FW rule - update rules"
uri:
method: POST
url: "https://api.hetzner.cloud/v1/firewalls/{{ lookup_fw_obj.0.id }}/actions/set_rules"
body_format: json
headers:
Content-Type: application/json
authorization: Bearer {{ hetzner_authentication_ansible }}
body: "{{ rules_obj | to_json }}"
return_content: yes
status_code: [201]
register: fw_update_step2
delegate_to: 127.0.0.1
become: false
- name: "Step_3: update FW rule - apply-to-resources"
uri:
method: POST
url: "https://api.hetzner.cloud/v1/firewalls/{{ lookup_fw_obj.0.id }}/actions/apply_to_resources"
body_format: json
headers:
Content-Type: application/json
authorization: Bearer {{ hetzner_authentication_ansible }}
body: "{{ applyto_obj | to_json }}"
return_content: yes
status_code: [201]
register: fw_update_step2
delegate_to: 127.0.0.1
become: false
rescue:
- name: "Rescueing FW-apply-to part "
debug:
msg: "Everything fine - FW-apply-to part already applied"
when:
- fw_update_step2.status in [422]
- fw_update_step2.json.error.code == 'firewall_already_applied'
when:
- firewall_object.state == 'present'
- lookup_fw_obj | length > 0
- name: "Delete firewall rule for <<{{ firewall_object.name }}>>"
block:
- name: "Create firewall object for deactivation"
set_fact:
deactivate_fw_obj:
remove_from: "{{ firewall_object.apply_to }}"
- name: "Step_1: Unset usage of firewall rule <<{{ firewall_object.name }}>>"
uri:
method: POST
url: "https://api.hetzner.cloud/v1/firewalls/{{ lookup_fw_obj.0.id }}/actions/remove_from_resources"
body_format: json
headers:
Content-Type: application/json
authorization: Bearer {{ hetzner_authentication_ansible }}
body: "{{ deactivate_fw_obj | to_json }}"
return_content: yes
status_code: [201]
delegate_to: 127.0.0.1
become: false
- name: "Step_2: Delete firewall rule for <<{{ firewall_object.name }}>>"
uri:
method: DELETE
url: "https://api.hetzner.cloud/v1/firewalls/{{ lookup_fw_obj.0.id }}"
body_format: json
headers:
Content-Type: application/json
authorization: Bearer {{ hetzner_authentication_ansible }}
return_content: yes
status_code: [204]
register: cleanup_firewall
delegate_to: 127.0.0.1
become: false
until: cleanup_firewall.status in [204]
retries: 15
delay: 10
when:
- firewall_object.state == 'absent'
- lookup_fw_obj | length > 0
Reference in New Issue View Git Blame Copy Permalink