This Ansible role provides a simple firewalld configuration for Opencast. The idea behind this set-up is to:
- Generally allow network communication within the cluster
- Allow communication via HTTP(S) from the outside world
This role uses community.general.dig to look up the IP addresses for the given hostnames. Make sure to have on your host system:
- dnspython
- community.general collection
opencast_firewall_internal_hosts- List of hosts between which to allow all network communication (default:
groups["all"])
- List of hosts between which to allow all network communication (default:
opencast_firewall_http_hosts- List of hosts to allow external HTTP communications to (default:
groups["all"]) - Often makes sense to set this to something like
groups["opencast"]
- List of hosts to allow external HTTP communications to (default:
opencast_firewall_https_hosts- List of hosts to allow external HTTPS communications to (default:
opencast_firewall_http_hosts)
- List of hosts to allow external HTTPS communications to (default:
opencast_firewall_ipv4- Look up IPv4 addresses of hostnames
opencast_firewall_ipv6- Look up IPv6 addresses of hostnames
Example of how to configure and use the role:
- hosts: servers
become: true
roles:
- role: elan.opencast_firewalld
opencast_firewall_http_hosts: '{{ groups["opencast"] }}'