servers/roles/ceph/tasks/firewall.yml

- name: Retrieve service list
  set_fact:
    services: '{{ query("netbox.netbox.nb_lookup", "clusters", raw_data=true, api_filter="name="+cluster) | map(attribute="custom_fields.services") | flatten }}'

- name: Install nftables
  package:
    name: nftables

- name: Configure nftables
  template:
    dest: /etc/nftables.conf
    src: nftables.conf.j2
    mode: 0644
  notify: reload nftables

- name: Enable nftables
  service:
    name: nftables
    enabled: true
    state: started
ceph: set up firewall Still need to drop the hardcoded allowed set. 2024-04-05 04:12:58 +00:00			`- name: Retrieve service list`
			`set_fact:`
			`services: '{{ query("netbox.netbox.nb_lookup", "clusters", raw_data=true, api_filter="name="+cluster) \| map(attribute="custom_fields.services") \| flatten }}'`

Add ceph role Just prepares the servers, all management is then done through cephadm. 2023-11-20 12:03:19 +00:00			`- name: Install nftables`
			`package:`
			`name: nftables`

			`- name: Configure nftables`
			`template:`
			`dest: /etc/nftables.conf`
			`src: nftables.conf.j2`
			`mode: 0644`
			`notify: reload nftables`

			`- name: Enable nftables`
			`service:`
			`name: nftables`
			`enabled: true`
			`state: started`