我具有以下基础结构(3台服务器运行Windows 2016 Server Edition),其中主服务器在端口80(示例)上运行IIS服务,并且需要2个代理连接到它们。为了进行通信,我需要添加Windows防火墙规则以将IP地址列入白名单
我需要通过ansible执行的任务是,我只需要在主服务器上添加以下防火墙规则,而不能在代理主机上运行。如何仅在主服务器上运行以下任务,以便在配置防火墙规则时使用代理(agt)机器的ip地址详细信息。
- hosts: mas, agt
tasks:
- name: Firewall Rule Modifications
win_firewall_rule:
name: "IIS port"
localport: "80"
direction: in
action: allow
remoteip: "{{ansible_ip_addresses[0]}}"
protocol: "tcp"
description: "Allow agents"
enabled: yes
state: present
答案 0 :(得分:0)
我能够创建一个解决方案(使用带有centos 7的无用的测试设置),但是我认为应该有一种更简单的方法来实现这一目标:-)
库存文件:
[master]
mas
[agents]
agt1
agt2
剧本:
- name: Configure Iptables
hosts: all
serial: 1
tasks:
- name: create a file to store inventory IP's
file:
dest: /tmp/foo
state: touch
force: yes
delegate_to: localhost
- name: Register IP address
shell: echo "{{ ansible_enp0s8.ipv4.address }}"
register: op
delegate_to: localhost
- name: write IP's to a temp file
lineinfile:
dest: /tmp/foo
line: "{{ op.stdout_lines[0] }}"
insertafter: EOF
delegate_to: localhost
- name: Add firewall rules
iptables:
chain: INPUT
source: "{{item}}"
protocol: tcp
destination_port: 80
jump: ACCEPT
with_lines: cat /tmp/foo
when: ansible_hostname == 'mas'