jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-04-16 10:13:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2022-09-22 16:00

Browse Source
This commit is contained in:
Daniel Berteaud 2022-09-22 16:00:09 +02:00
parent 8b40e52ebe
commit 529151748a
4 changed files with 58 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
roles/nomad/files/iptables_cleanup.pl Normal file
View File

@ -0,0 +1,28 @@
#!/usr/bin/env perl
use warnings;
use strict;
my $ipt = $ARGV[0];
open(IPT, '<', $ipt) or die "Couldn't open $ipt\n";
my @rules = ();
my $change = 0;
while (<IPT>){
chomp;
if (
(m/(^:|.*\-[Aj]\s+)(CNI|NOMAD\-(?!ADMIN)|DOCKER).*/) or
(m/.*-A\s+NOMAD\-ADMIN/ and not m/\-\-comment\s+"ansible/) or
(m/.*\-o\s+docker0.*/)
){
$change = 1;
next;
}
push @rules, $_;
}
close IPT;
if ($change){
open(IPT, '>', $ipt) or die "Couldn't open $ipt\n";
print IPT join("\n", @rules);
close IPT;
}

19
roles/nomad/tasks/install.yml
View File

@ -122,11 +122,6 @@
when: nomad_vault_secrets.pki.enabled or nomad_vault_secrets.consul_pki.enabled when: nomad_vault_secrets.pki.enabled or nomad_vault_secrets.consul_pki.enabled
tags: nomad tags: nomad
- name: Reload systemd
systemd: daemon_reload=True
when: nomad_unit.changed or (nomad_consul_tpl_unit is defined and nomad_consul_tpl_unit.changed)
tags: nomad
- name: Install backup hooks - name: Install backup hooks
template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/nomad mode=755 template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/nomad mode=755
loop: loop:
@ -134,3 +129,17 @@
- post - post
tags: nomad tags: nomad
- name: Install iptables cleanup script
copy: src=iptables_cleanup.pl dest={{ nomad_root_dir }}/bin/iptables_cleanup.pl mode=755
tags: nomad
- name: Install iptables-nomad-cleanup unit
template: src=iptables-nomad-cleanup.service.j2 dest=/etc/systemd/system/iptables-nomad-cleanup.service
register: nomad_ipt_cleanup_unit
tags: nomad
- name: Reload systemd
systemd: daemon_reload=True
when: nomad_unit.changed or nomad_ipt_cleanup_unit.changed or (nomad_consul_tpl_unit is defined and nomad_consul_tpl_unit.changed)
tags: nomad

6
roles/nomad/tasks/services.yml
View File

@ -11,3 +11,9 @@
state: "{{ (nomad_vault_secrets.pki.enabled or nomad_vault_secrets.consul_pki.enabled or nomad_vault_secrets.tokens.enabled) | ternary('started', 'stopped') }}" state: "{{ (nomad_vault_secrets.pki.enabled or nomad_vault_secrets.consul_pki.enabled or nomad_vault_secrets.tokens.enabled) | ternary('started', 'stopped') }}"
enabled: "{{ (nomad_vault_secrets.pki.enabled or nomad_vault_secrets.consul_pki.enabled or nomad_vault_secrets.tokens.enabled) | ternary(True, False) }}" enabled: "{{ (nomad_vault_secrets.pki.enabled or nomad_vault_secrets.consul_pki.enabled or nomad_vault_secrets.tokens.enabled) | ternary(True, False) }}"
tags: nomad tags: nomad
- name: Handle iptables-nomad-cleanup service
service:
name: iptables-nomad-cleanup
enabled: "{{ (nomad_conf.client.enabled and iptables_manage | default(True)) | ternary(True, False) }}"
tags: nomad

10
roles/nomad/templates/iptables-nomad-cleanup.service.j2 Normal file
View File

@ -0,0 +1,10 @@
[Unit]
Description=Cleanup Nomad and Docker runtime rules
Before=iptables.service
[Service]
Type=oneshot
ExecStart=/bin/perl {{ nomad_root_dir }}/bin/iptables_cleanup.pl /etc/sysconfig/iptables
[Install]
WantedBy=multi-user.target