add config validation task
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Robert Kaussow 2022-06-19 23:33:05 +02:00
parent f6a2053355
commit db846ddaf8
Signed by: xoxys
GPG Key ID: 4E692A2EAECC03C0
3 changed files with 17 additions and 8 deletions

View File

@ -80,4 +80,13 @@ firewalld_services: []
# set: # set:
# limit: "" # limit: ""
# end # end
firewalld_zones: [] firewalld_zones:
- name: "public"
short: "Public"
description: >-
For use in public areas. You do not trust the other computers on networks
to not harm your computer. Only selected incoming connections are accepted.
service:
- name: ssh
- name: dhcpv6-client
- name: cockpit

View File

@ -95,6 +95,12 @@
notify: __firewalld_reload notify: __firewalld_reload
when: (item | basename | splitext | first) not in (firewalld_zones | map(attribute='name') | list) when: (item | basename | splitext | first) not in (firewalld_zones | map(attribute='name') | list)
- name: Validate deployed configuration
command: firewall-offline-cmd --check-config
register: __firewalld_check
changed_when: False
failed_when: __firewalld_check.rc != 0
- name: Ensure service is up and running - name: Ensure service is up and running
service: service:
name: firewalld name: firewalld

View File

@ -1,12 +1,10 @@
#jinja2: lstrip_blocks: True #jinja2: lstrip_blocks: True
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<zone{% if item.target is defined %} target="{{ item.target }}"{% endif %}> <zone{% if item.target is defined %} target="{{ item.target }}"{% endif %}>
<short>{{ item.short | default(item.name) | upper }}</short> <short>{{ item.short | default(item.name) | capitalize }}</short>
{% if item.description is defined %} {% if item.description is defined %}
<description>{{ item.description }}</description> <description>{{ item.description }}</description>
{% endif %} {% endif %}
{% if item | lenght > 0 %}
{% for tag in item %} {% for tag in item %}
{# Settings which can be used several times #} {# Settings which can be used several times #}
{% if tag in ["interface", "source", "service", "port", "protocol", "icmp-block", "forward-port", "source-port"] %} {% if tag in ["interface", "source", "service", "port", "protocol", "icmp-block", "forward-port", "source-port"] %}
@ -18,9 +16,6 @@
<{{ tag }}/> <{{ tag }}/>
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% endif %}
{% if item.rule | default([]) | length > 0 %}
{% for rule in item.rule | default([]) %} {% for rule in item.rule | default([]) %}
<rule{% if rule.family is defined %} family="{{ rule.family }}"{% endif %}> <rule{% if rule.family is defined %} family="{{ rule.family }}"{% endif %}>
{% for tag in rule %} {% for tag in rule %}
@ -36,5 +31,4 @@
{% endfor %} {% endfor %}
</rule> </rule>
{% endfor %} {% endfor %}
{% endif %}
</zone> </zone>