Merge pull request #4797 from kwoodson/os_firewall_refactor

Refactor the firewall workflow.

1 files changed, 12 insertions, 0 deletions

diff --git a/roles/etcd/defaults/main.yaml b/roles/etcd/defaults/main.yaml
index c0d1d5946..d12d7a358 100644
--- a/roles/etcd/defaults/main.yaml
+++ b/roles/etcd/defaults/main.yaml
@@ -1,4 +1,7 @@
 ---
+r_etcd_firewall_enabled: True
+r_etcd_use_firewalld: False
+
 etcd_initial_cluster_state: new
 etcd_initial_cluster_token: etcd-cluster-1
 
@@ -7,4 +10,13 @@ etcd_listen_peer_urls: "{{ etcd_peer_url_scheme }}://{{ etcd_ip }}:{{ etcd_peer_
 etcd_advertise_client_urls: "{{ etcd_url_scheme }}://{{ etcd_ip }}:{{ etcd_client_port }}"
 etcd_listen_client_urls: "{{ etcd_url_scheme }}://{{ etcd_ip }}:{{ etcd_client_port }}"
 
+etcd_client_port: 2379
+etcd_peer_port: 2380
+
 etcd_systemd_dir: "/etc/systemd/system/{{ etcd_service }}.service.d"
+r_etcd_os_firewall_deny: []
+r_etcd_os_firewall_allow:
+- service: etcd
+  port: "{{etcd_client_port}}/tcp"
+- service: etcd peering
+  port: "{{ etcd_peer_port }}/tcp"