1 00:00:07,210 --> 00:00:08,160 - All right. 2 00:00:08,160 --> 00:00:09,853 Well, let's create a solution. 3 00:00:13,130 --> 00:00:17,450 Let's call it filtwall.yaml. 4 00:00:18,720 --> 00:00:21,693 And we start with the play, Heather. 5 00:00:27,950 --> 00:00:29,420 In fact, it's all about providing 6 00:00:29,420 --> 00:00:31,160 some default values, right? 7 00:00:31,160 --> 00:00:33,733 So the hosts, let's do this on rocky. 8 00:00:34,657 --> 00:00:37,400 And I'm going to start with the variables. 9 00:00:37,400 --> 00:00:40,240 So the variables, that's what it's all about. 10 00:00:40,240 --> 00:00:41,763 Let's call it firewall_rules. 11 00:00:43,260 --> 00:00:47,740 And in firewall_rules, I am going to define a service, 12 00:00:47,740 --> 00:00:52,740 HTTPS, no for further options, and a service FTP. 13 00:00:54,340 --> 00:00:59,058 And for the service FTP, I want the state to be disabled. 14 00:00:59,058 --> 00:01:02,130 So that is really enough. 15 00:01:02,130 --> 00:01:05,463 So this is a variable that contains a list. 16 00:01:06,930 --> 00:01:11,930 And for service HTTPS, we just have HTTPS. 17 00:01:12,320 --> 00:01:14,740 For FTP we have the state disabled. 18 00:01:14,740 --> 00:01:19,640 After all, we want to work with default values. 19 00:01:19,640 --> 00:01:22,843 Now what this is about, this is all about default filter. 20 00:01:23,770 --> 00:01:25,670 And let me show you. 21 00:01:25,670 --> 00:01:28,910 So we are going to do a tasks name, 22 00:01:28,910 --> 00:01:31,463 enable firewalld services, 23 00:01:32,890 --> 00:01:37,640 and firewalld obviously is a model that we are going to use. 24 00:01:37,640 --> 00:01:41,370 And then we are going to use a service. 25 00:01:41,370 --> 00:01:46,160 I think it's a good idea to start with the loop. 26 00:01:46,160 --> 00:01:47,900 So I want a loop, 27 00:01:47,900 --> 00:01:52,823 and in this loop I am going to use firewall_rules. 28 00:02:02,374 --> 00:02:03,957 Oh, there's a typo. 29 00:02:07,500 --> 00:02:10,080 I want to put a conditional as well, 30 00:02:10,080 --> 00:02:15,080 when item.service is defined. 31 00:02:15,200 --> 00:02:17,850 So we want to do something if the service is defined. 32 00:02:17,850 --> 00:02:20,970 Now, what exactly are we going to do in there? 33 00:02:20,970 --> 00:02:25,970 Well, we are going to set the service to item.service. 34 00:02:26,700 --> 00:02:30,593 So item.service refers to the HTTPS and the FTP. 35 00:02:31,640 --> 00:02:34,433 Then we are going to set the zone. 36 00:02:35,360 --> 00:02:37,460 So what are we going to do with the zone? 37 00:02:37,460 --> 00:02:41,410 Well, item.zone, we use a default filter 38 00:02:41,410 --> 00:02:45,320 with the default filter argument omit. 39 00:02:45,320 --> 00:02:47,860 That is nice about default filter. 40 00:02:47,860 --> 00:02:51,180 You can specify omit if you just wanna skip it, 41 00:02:51,180 --> 00:02:52,490 if it doesn't exist. 42 00:02:52,490 --> 00:02:57,030 And you can specify any text string to set that 43 00:02:57,030 --> 00:03:00,400 as an argument. 44 00:03:00,400 --> 00:03:02,630 So here I'm using permanent yes. 45 00:03:02,630 --> 00:03:05,500 That makes sense, of course, in state. 46 00:03:05,500 --> 00:03:10,500 We set state to item.state, again, with default enabled. 47 00:03:14,840 --> 00:03:17,390 So if we do not specify anything else, 48 00:03:17,390 --> 00:03:20,124 we want the default state to be enabled. 49 00:03:20,124 --> 00:03:22,640 Now, if you use a playbook like this, 50 00:03:22,640 --> 00:03:24,970 it's also nice to use a handler, 51 00:03:24,970 --> 00:03:28,830 because after adding the rules to the firewall, 52 00:03:28,830 --> 00:03:32,600 you need to do something with the firewall to update it. 53 00:03:32,600 --> 00:03:36,873 So let's define a handler with the name reload firewall. 54 00:03:38,030 --> 00:03:40,950 So now we can define the handlers themselves. 55 00:03:40,950 --> 00:03:44,720 In the handler's name, reload firewall. 56 00:03:44,720 --> 00:03:48,110 You know, that handlers come pretty precise. 57 00:03:48,110 --> 00:03:51,690 The notify and the name of the handler need to correspond. 58 00:03:51,690 --> 00:03:53,420 Then we have the service, 59 00:03:53,420 --> 00:03:57,360 and the service is going to be set to name firewalld, 60 00:03:57,360 --> 00:04:00,510 and state reloaded. 61 00:04:00,510 --> 00:04:01,410 There we go. 62 00:04:01,410 --> 00:04:03,080 And it's time for a test run. 63 00:04:03,080 --> 00:04:06,627 So ansible.playbook on filtwall.yaml 64 00:04:10,280 --> 00:04:11,869 is bringing us this. 65 00:04:11,869 --> 00:04:14,560 And again, ansible1 has a pseudo password. 66 00:04:14,560 --> 00:04:16,352 You wanna see it working on ansible1, 67 00:04:16,352 --> 00:04:19,720 let's do the pseudo password. 68 00:04:19,720 --> 00:04:23,240 Apparently ansible2, at some point in this course 69 00:04:23,240 --> 00:04:25,860 has been setup for casting pseudo passwords 70 00:04:25,860 --> 00:04:27,240 for a longer period 71 00:04:27,240 --> 00:04:29,648 which has never happened on ansible1. 72 00:04:29,648 --> 00:04:31,580 That's a minor detail, 73 00:04:31,580 --> 00:04:35,430 and you will learn about it in lesson nine, 74 00:04:35,430 --> 00:04:36,543 in case you missed it.