55 lines
1.7 KiB
YAML
55 lines
1.7 KiB
YAML
---
|
|
- name: Configure shorewall for docker egress
|
|
hosts: "{{ docker_shorewall_hosts | default('docker:&shorewall') }}"
|
|
become: "{{ docker_shorewall_become | default(true, true) }}"
|
|
tasks:
|
|
- name: Add docker interface
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/shorewall/interfaces
|
|
regex: "^dock"
|
|
line: |
|
|
dock docker0 bridge
|
|
- name: Add docker routing policy
|
|
ansible.builtin.blockinfile:
|
|
path: /etc/shorewall/policy
|
|
insertbefore: "^# THE FOLLOWING POLICY MUST BE LAST"
|
|
content: |
|
|
# Docker specific configuration
|
|
dock all ACCEPT
|
|
- name: Add docker zone
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/shorewall/zones
|
|
regex: "^dock"
|
|
line: |
|
|
dock ipv4
|
|
- name: Add docker egress rules
|
|
ansible.builtin.blockinfile:
|
|
path: /etc/shorewall/rules
|
|
marker: "#{mark} ANSIBLE MANAGED BLOCK - DOCKER EGRESS"
|
|
content: |
|
|
#
|
|
# Docker egress configuration
|
|
#
|
|
ACCEPT dock all
|
|
- name: Add docker dns rules
|
|
ansible.builtin.blockinfile:
|
|
path: /etc/shorewall/rules
|
|
marker: "#{mark} ANSIBLE MANAGED BLOCK - DOCKER DNS"
|
|
content: |
|
|
#
|
|
# Docker dns configuration
|
|
#
|
|
DNS(ACCEPT) dock all
|
|
- name: Enable shorewall docker support
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/shorewall/shorewall.conf
|
|
line: "DOCKER=Yes"
|
|
regex: "^DOCKER="
|
|
- name: Ensure shorewall reloaded
|
|
community.general.systemd_service:
|
|
service: "{{ item }}"
|
|
state: reloaded
|
|
loop:
|
|
- shorewall.service
|
|
- shorewall6.service
|