Move db firewall config to molecule inventory (#93)

Changes: In PR #53 I added `firewalld_internal_zone_sources` and `firewalld_internal_zone_open_services` to `playbooks/group_vars/db.yml`. This PR reverts that change since it prevents SSH from working on the `db` host on a new deployment (because it overrides `firewalld_internal_zone_sources` set at the inventory level).
UCL-MIRSG · Apr 11, 2024 · 6e710ba · 6e710ba
1 parent 7684f11
commit 6e710ba
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 7 deletions.
diff --git a/playbooks/group_vars/db.yml b/playbooks/group_vars/db.yml
@@ -40,10 +40,3 @@ postgresql_ssl_certificate:
 firewalld_rich_rules:
   - zone: "internal"
     rule: "family=ipv4 source address={{ web_server.subnet | default(web_server.ip + '/32') }} port protocol=tcp port={{ db_server.port }} accept"
-
-# mirsg.infrastructure.firewalld
-firewalld_internal_zone_sources:
-  - "{{ web_server.subnet | default(web_server.ip + '/32') }}"
-
-firewalld_internal_zone_open_services:
-  - "postgresql"
diff --git a/playbooks/molecule/resources/omero/inventory/group_vars/db.yml b/playbooks/molecule/resources/omero/inventory/group_vars/db.yml
@@ -0,0 +1,7 @@
+---
+# mirsg.infrastructure.firewalld
+firewalld_internal_zone_sources:
+  - "{{ web_server.subnet | default(web_server.ip + '/32') }}"
+
+firewalld_internal_zone_open_services:
+  - postgresql
diff --git a/playbooks/molecule/resources/xnat/inventory/group_vars/db.yml b/playbooks/molecule/resources/xnat/inventory/group_vars/db.yml
@@ -0,0 +1,7 @@
+---
+# mirsg.infrastructure.firewalld
+firewalld_internal_zone_sources:
+  - "{{ web_server.subnet | default(web_server.ip + '/32') }}"
+
+firewalld_internal_zone_open_services:
+  - postgresql