Merge pull request #233 from richm/firewall-platform-support

This commit is contained in:
Matt Willsher 2023-04-27 08:33:54 +01:00 committed by GitHub
commit 4c629407d7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 28 additions and 13 deletions

View file

@ -22,6 +22,7 @@ jobs:
tests/tasks/restore.yml tests/tasks/restore.yml
tests/tests_duplicate_role.yml tests/tests_duplicate_role.yml
tests/tests_os_defaults.yml tests/tests_os_defaults.yml
tests/tests_firewall_selinux.yml
- run: "sed -i -e 's/ansible.builtin.//g' -e 's/ansible.posix.//g' */*.yml */*/*.yml" - run: "sed -i -e 's/ansible.builtin.//g' -e 's/ansible.posix.//g' */*.yml */*/*.yml"
- name: ansible check with centos 6 - name: ansible check with centos 6

View file

@ -1,6 +1,7 @@
--- ---
- name: Test managing firewall and selinux from role - name: Test managing firewall and selinux from role
hosts: all hosts: all
gather_facts: true # needs os_family, etc.
vars: vars:
__sshd_test_backup_files: __sshd_test_backup_files:
- /etc/ssh/sshd_config - /etc/ssh/sshd_config
@ -9,6 +10,23 @@
- name: "Backup configuration files" - name: "Backup configuration files"
ansible.builtin.include_tasks: tasks/backup.yml ansible.builtin.include_tasks: tasks/backup.yml
- name: Call role with no args to get access to __sshd_skip_virt_env
ansible.builtin.include_role:
name: ansible-sshd
public: true
vars:
sshd_enable: false # skip everything but loading vars
- name: See if we can test firewall or selinux
ansible.builtin.set_fact:
sshd_enable: true # reset to true
__sshd_test_firewall: "{{ ansible_facts['os_family'] == 'RedHat' and
ansible_facts['distribution_version'] is version('7', '>=') and
ansible_virtualization_type | d(None) not in __sshd_skip_virt_env }}"
__sshd_test_selinux: "{{ ansible_facts['os_family'] == 'RedHat' and
ansible_facts['distribution_version'] is version('6', '>=') and
ansible_virtualization_type | d(None) not in __sshd_skip_virt_env }}"
########## ##########
# First test: default port # First test: default port
########## ##########
@ -16,8 +34,8 @@
ansible.builtin.include_role: ansible.builtin.include_role:
name: ansible-sshd name: ansible-sshd
vars: vars:
sshd_manage_selinux: true sshd_manage_selinux: "{{ __sshd_test_selinux }}"
sshd_manage_firewall: true sshd_manage_firewall: "{{ __sshd_test_firewall }}"
sshd: sshd:
Port: 22 Port: 22
@ -45,8 +63,8 @@
ansible.builtin.include_role: ansible.builtin.include_role:
name: ansible-sshd name: ansible-sshd
vars: vars:
sshd_manage_firewall: true sshd_manage_firewall: "{{ __sshd_test_firewall }}"
sshd_manage_selinux: true sshd_manage_selinux: "{{ __sshd_test_selinux }}"
sshd: sshd:
Port: 222 Port: 222
@ -73,8 +91,8 @@
ansible.builtin.include_role: ansible.builtin.include_role:
name: ansible-sshd name: ansible-sshd
vars: vars:
sshd_manage_firewall: true sshd_manage_firewall: "{{ __sshd_test_firewall }}"
sshd_manage_selinux: true sshd_manage_selinux: "{{ __sshd_test_selinux }}"
sshd: sshd:
Port: Port:
- 22 - 22
@ -109,13 +127,11 @@
firewall: firewall:
- port: "222/tcp" - port: "222/tcp"
state: disabled state: disabled
when: when: __sshd_test_firewall
- ansible_facts['os_family'] == 'RedHat'
- ansible_virtualization_type | default(None) not in __sshd_skip_virt_env
- name: Remove the modification to the selinux policy - name: Remove the modification to the selinux policy
ansible.builtin.include_role: ansible.builtin.include_role:
name: fedora.linux_system_roles.firewall name: fedora.linux_system_roles.selinux
vars: vars:
selinux: selinux:
port: 222 port: 222
@ -123,6 +139,4 @@
setype: ssh_port_t setype: ssh_port_t
state: absent state: absent
local: true local: true
when: when: __sshd_test_selinux
- ansible_facts['os_family'] == 'RedHat'
- ansible_virtualization_type | default(None) not in __sshd_skip_virt_env