From a94e9fcc9e431a1b0db6be65e7b969c1a1572ebe Mon Sep 17 00:00:00 2001 From: VC Date: Mon, 31 Mar 2025 13:30:13 +0200 Subject: [PATCH] =?UTF-8?q?=E2=9A=A1:=20remove=20the=20mandatory=20gather?= =?UTF-8?q?=5Fsubsets=20of=20all=20VMs?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- playbooks/firewall.yml | 4 +- roles/firewall/templates/firewall.j2 | 58 ++++++++++++++-------------- 2 files changed, 31 insertions(+), 31 deletions(-) diff --git a/playbooks/firewall.yml b/playbooks/firewall.yml index 4053913..ce152ea 100644 --- a/playbooks/firewall.yml +++ b/playbooks/firewall.yml @@ -1,7 +1,7 @@ --- -- name: Retrieve network info - hosts: all:!disabled_server_conf:!machinbox +- name: Retrieve network info for physical machines + hosts: physicalservers gather_facts: true gather_subset: - network diff --git a/roles/firewall/templates/firewall.j2 b/roles/firewall/templates/firewall.j2 index 168393b..850e1a0 100644 --- a/roles/firewall/templates/firewall.j2 +++ b/roles/firewall/templates/firewall.j2 @@ -120,7 +120,7 @@ config rule config rule option name 'Allow-DMZ-Syslog' option dest 'dmz' - option dest_ip '{{ hostvars['syslog']['ansible_default_ipv4']['address'] }}' + option dest_ip '{{ hostvars['syslog'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}' option dest_port '514' list proto 'udp' option target 'ACCEPT' @@ -173,7 +173,7 @@ config redirect list proto 'tcp' list proto 'udp' option dest 'dmz' - option dest_ip '{{ hostvars['haproxy']['ansible_default_ipv4']['address'] }}' + option dest_ip '{{ hostvars['haproxy'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}' option dest_port '80' option target 'DNAT' @@ -184,7 +184,7 @@ config redirect list proto 'tcp' list proto 'udp' option dest 'dmz' - option dest_ip '{{ hostvars['haproxy']['ansible_default_ipv4']['address'] }}' + option dest_ip '{{ hostvars['haproxy'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}' option dest_port '443' option target 'DNAT' @@ -196,7 +196,7 @@ config rule list proto 'tcp' list proto 'udp' option dest 'dmz' - option dest_ip '{{ hostvars[host]['ansible_default_ipv6']['address'] }}' + option dest_ip '{{ hostvars[host].ansible_default_ipv6.address | default(hostvars[host].proxmox_net0.ip6 | ansible.utils.ipaddr('address')) }}' option dest_port '80 443' option target 'ACCEPT' option family 'ipv6' @@ -207,7 +207,7 @@ config rule config rule option name 'Allow-OUTPUT-BT' option src 'dmz' - option src_ip '{{ hostvars['bt']['ansible_default_ipv4']['address'] }}' + option src_ip '{{ hostvars['bt'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}' list proto 'tcp' list proto 'udp' option dest 'wan' @@ -217,7 +217,7 @@ config rule config rule option name 'Allow-OUTPUT-BT' option src 'dmz' - option src_ip '{{ hostvars['bt']['ansible_default_ipv6']['address'] }}' + option src_ip '{{ hostvars['bt'].proxmox_net0.ip6 | ansible.utils.ipaddr('address') }}' list proto 'tcp' list proto 'udp' option dest 'wan' @@ -230,7 +230,7 @@ config rule list proto 'tcp' list proto 'udp' option dest 'dmz' - option dest_ip '{{ hostvars['bt']['ansible_default_ipv6']['address'] }}' + option dest_ip '{{ hostvars['bt'].proxmox_net0.ip6 | ansible.utils.ipaddr('address') }}' option dest_port '10010' option target 'ACCEPT' option family 'ipv6' @@ -242,7 +242,7 @@ config redirect list proto 'tcp' list proto 'udp' option dest 'dmz' - option dest_ip '{{ hostvars['bt']['ansible_default_ipv4']['address'] }}' + option dest_ip '{{ hostvars['bt'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}' option dest_port '10010' option target 'DNAT' @@ -253,7 +253,7 @@ config rule option src 'wan' list proto 'tcp' option dest 'dmz' - option dest_ip '{{ hostvars[host]['ansible_default_ipv6']['address'] }}' + option dest_ip '{{ hostvars[host].ansible_default_ipv6.address }}' option dest_port '80 8006' option target 'ACCEPT' option family 'ipv6' @@ -267,7 +267,7 @@ config redirect option src_dport '8006' list proto 'tcp' option dest 'dmz' - option dest_ip '{{ first_hypervisor['ansible_default_ipv4']['address'] }}' + option dest_ip '{{ first_hypervisor.ansible_default_ipv4.address }}' option dest_port '8006' option target 'DNAT' @@ -275,7 +275,7 @@ config redirect config rule option name 'Allow-OUTPUT-XMPP-s2s' option src 'dmz' - option src_ip '{{ hostvars['jabber']['ansible_default_ipv4']['address']}}' + option src_ip '{{ hostvars['jabber'].proxmox_net0.ip | ansible.utils.ipaddr('address')}}' list proto 'tcp' list proto 'udp' option dest 'wan' @@ -286,7 +286,7 @@ config rule config rule option name 'Allow-OUTPUT-XMPP-s2s' option src 'dmz' - option src_ip '{{ hostvars['jabber']['ansible_default_ipv6']['address'] }}' + option src_ip '{{ hostvars['jabber'].proxmox_net0.ip6 | ansible.utils.ipaddr('address') }}' list proto 'tcp' list proto 'udp' option dest 'wan' @@ -301,7 +301,7 @@ config redirect list proto 'tcp' list proto 'udp' option dest 'dmz' - option dest_ip '{{ hostvars['jabber']['ansible_default_ipv4']['address'] }}' + option dest_ip '{{ hostvars['jabber'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}' option dest_port '5222' option target 'DNAT' @@ -312,7 +312,7 @@ config redirect list proto 'tcp' list proto 'udp' option dest 'dmz' - option dest_ip '{{ hostvars['jabber']['ansible_default_ipv4']['address'] }}' + option dest_ip '{{ hostvars['jabber'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}' option dest_port '5269' option target 'DNAT' @@ -322,7 +322,7 @@ config rule list proto 'tcp' list proto 'udp' option dest 'dmz' - option dest_ip '{{ hostvars['jabber']['ansible_default_ipv6']['address'] }}' + option dest_ip '{{ hostvars['jabber'].proxmox_net0.ip6 | ansible.utils.ipaddr('address') }}' option dest_port '5222 5269' option target 'ACCEPT' option family 'ipv6' @@ -334,7 +334,7 @@ config rule list proto 'tcp' list proto 'udp' option dest 'dmz' - option dest_ip '{{ hostvars['voice1']['ansible_default_ipv6']['address'] }}' + option dest_ip '{{ hostvars['voice1'].proxmox_net0.ip6 | ansible.utils.ipaddr('address') }}' option dest_port '64738' option target 'ACCEPT' option family 'ipv6' @@ -346,7 +346,7 @@ config redirect list proto 'tcp' list proto 'udp' option dest 'dmz' - option dest_ip '{{ hostvars['voice1']['ansible_default_ipv4']['address'] }}' + option dest_ip '{{ hostvars['voice1'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}' option dest_port '64738' option target 'DNAT' @@ -354,7 +354,7 @@ config redirect config rule option name 'Allow-OUTPUT-SMTP' option src 'dmz' - option src_ip '{{ hostvars['mail']['ansible_default_ipv4']['address'] }}' + option src_ip '{{ hostvars['mail'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}' list proto 'tcp' option dest 'wan' option dest_port '25' @@ -366,7 +366,7 @@ config rule option src 'wan' list proto 'tcp' option dest 'dmz' - option dest_ip '{{ hostvars['mail']['ansible_default_ipv6']['address'] }}' + option dest_ip '{{ hostvars['mail'].proxmox_net0.ip6 | ansible.utils.ipaddr('address') }}' option dest_port '25 465 587' option target 'ACCEPT' option family 'ipv6' @@ -376,7 +376,7 @@ config rule option src 'wan' list proto 'tcp' option dest 'dmz' - option dest_ip '{{ hostvars['mail']['ansible_default_ipv6']['address'] }}' + option dest_ip '{{ hostvars['mail'].proxmox_net0.ip6 | ansible.utils.ipaddr('address') }}' option dest_port '143 993' option target 'ACCEPT' option family 'ipv6' @@ -387,7 +387,7 @@ config redirect option src_dport '25' list proto 'tcp' option dest 'dmz' - option dest_ip '{{ hostvars['mail']['ansible_default_ipv4']['address'] }}' + option dest_ip '{{ hostvars['mail'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}' option dest_port '25' option target 'DNAT' @@ -397,7 +397,7 @@ config redirect option src_dport '465' list proto 'tcp' option dest 'dmz' - option dest_ip '{{ hostvars['mail']['ansible_default_ipv4']['address'] }}' + option dest_ip '{{ hostvars['mail'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}' option dest_port '465' option target 'DNAT' @@ -407,7 +407,7 @@ config redirect option src_dport '587' list proto 'tcp' option dest 'dmz' - option dest_ip '{{ hostvars['mail']['ansible_default_ipv4']['address'] }}' + option dest_ip '{{ hostvars['mail'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}' option dest_port '587' option target 'DNAT' @@ -417,7 +417,7 @@ config redirect option src_dport '143' list proto 'tcp' option dest 'dmz' - option dest_ip '{{ hostvars['mail']['ansible_default_ipv4']['address'] }}' + option dest_ip '{{ hostvars['mail'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}' option dest_port '143' option target 'DNAT' @@ -427,7 +427,7 @@ config redirect option src_dport '993' list proto 'tcp' option dest 'lan' - option dest_ip '{{ hostvars['mail']['ansible_default_ipv4']['address'] }}' + option dest_ip '{{ hostvars['mail'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}' option dest_port '993' option target 'DNAT' @@ -435,7 +435,7 @@ config redirect config rule option name 'Allow-INPUT-Munin' option src 'dmz' - option src_ip '{{ hostvars['munin']['ansible_default_ipv4']['address'] }}' + option src_ip '{{ hostvars['munin'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}' list proto 'tcp' option dest_port '4949' option target 'ACCEPT' @@ -444,7 +444,7 @@ config rule config rule option name 'Allow-FORWARD-Munin-Mikrotik-Garregmach' option src 'dmz' - option src_ip '{{ hostvars['munin']['ansible_default_ipv4']['address'] }}' + option src_ip '{{ hostvars['munin'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}' list proto 'tcp' list proto 'udp' option dest 'lan' @@ -456,7 +456,7 @@ config rule config rule option name 'Allow-FORWARD-Munin-Mikrotik-Derdriu' option src 'dmz' - option src_ip '{{ hostvars['munin']['ansible_default_ipv4']['address'] }}' + option src_ip '{{ hostvars['munin'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}' list proto 'tcp' list proto 'udp' option dest 'lan' @@ -530,7 +530,7 @@ config rule option src 'iot' list proto 'tcp' option dest 'dmz' - option dest_ip '{{ hostvars['ftp']['ansible_default_ipv4']['address'] }}' + option dest_ip '{{ hostvars['ftp'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}' option dest_port '21 10100-10110' option target 'ACCEPT'