Manage backend firewall zone

Configure backend firewall zones if applicable. Allow all UDP for cluster traffic. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
ha-node: allow vrrp in firewall
2023-02-12 06:04:16 +01:00 · 2023-02-12 05:54:20 +01:00
3 changed files with 14 additions and 0 deletions
--- a/pillar/global/init.sls
+++ b/pillar/global/init.sls
@ -26,6 +26,10 @@ firewalld:
    public:
      short: Public
      {{ firewall_interfaces(public) }}
+    {%- if backend | length %}
+    backend:
+      {{ firewall_interfaces(backend) }}
+    {%- endif %}
 {%- endif %}

 mine_functions:
--- a/pillar/role/ha-netcup.sls
+++ b/pillar/role/ha-netcup.sls
@ -0,0 +1,2 @@
+include:
+  - role.ha-node
--- a/pillar/role/ha-node.sls
+++ b/pillar/role/ha-node.sls
@ -0,0 +1,8 @@
+firewalld:
+  zones:
+    internal:
+      services:
+        - vrrp
+    backend:
+      protocols:
+        - udp
Author	SHA1	Message	Date
Georg Pfuetzenreuter	c5ce94d7b5	Manage backend firewall zone All checks were successful ci/lysergic/push/pipeline Pipeline was successful Details Configure backend firewall zones if applicable. Allow all UDP for cluster traffic. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-12 06:04:16 +01:00
Georg Pfuetzenreuter	bef66c1f8a	ha-node: allow vrrp in firewall Needed for keepalived operation. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-12 05:54:20 +01:00