From c5ce94d7b5217265cc50b6aa98a2074f4885d5eb Mon Sep 17 00:00:00 2001 From: Georg Pfuetzenreuter Date: Sun, 12 Feb 2023 06:04:16 +0100 Subject: [PATCH] Manage backend firewall zone Configure backend firewall zones if applicable. Allow all UDP for cluster traffic. Signed-off-by: Georg Pfuetzenreuter --- pillar/global/init.sls | 4 ++++ pillar/role/ha-node.sls | 3 +++ 2 files changed, 7 insertions(+) diff --git a/pillar/global/init.sls b/pillar/global/init.sls index 5b174bf..c35306c 100644 --- a/pillar/global/init.sls +++ b/pillar/global/init.sls @@ -26,6 +26,10 @@ firewalld: public: short: Public {{ firewall_interfaces(public) }} + {%- if backend | length %} + backend: + {{ firewall_interfaces(backend) }} + {%- endif %} {%- endif %} mine_functions: diff --git a/pillar/role/ha-node.sls b/pillar/role/ha-node.sls index d52076a..137e1af 100644 --- a/pillar/role/ha-node.sls +++ b/pillar/role/ha-node.sls @@ -3,3 +3,6 @@ firewalld: internal: services: - vrrp + backend: + protocols: + - udp