Merge pull request #1311 from mira-miracoli/d-s-n-port

defined influx service, d-s-n not available in firewalld
usegalaxy-eu · Sep 6, 2024 · 305c60e · 305c60e
2 parents c8254a9 + 4bbe8ec
commit 305c60e
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 2 deletions.
diff --git a/group_vars/influxdb.yml b/group_vars/influxdb.yml
@@ -85,9 +85,9 @@ nginx_conf_ssl_certificate_key: /etc/ssl/user/privkey-nginx.pem
 firewall_public_services:
   - http
   - https
-  - d-s-n # name for port 8086
+  - influxdb # must be created in playbook
 firewall_internal_services:
   - http
   - https
   - ssh
-  - d-s-n
+  - influxdb
diff --git a/influxdb.yml b/influxdb.yml
@@ -18,6 +18,26 @@
         persistent: true
       loop:
         - httpd_can_network_connect
+    - name: Create influxdb firewalld service
+      ansible.builtin.copy:
+        dest: /etc/firewalld/services/influxdb.xml
+        content: |
+          <?xml version="1.0" encoding="utf-8"?>
+          <service>
+          <short>influxdb</short>
+            <description>Time-series database for storing metrics and analytics data</description>
+            <port protocol="tcp" port="8086"/>
+          </service>
+        mode: "0600"
+        owner: root
+        group: root
+      notify: copied_service
+  handlers:
+    - name: Reload Firewalld
+      listen: copied_service
+      ansible.builtin.service:
+        name: firewalld
+        state: reloaded
   collections:
     - devsec.hardening
   roles: