File tree Expand file tree Collapse file tree
ansible/roles/oonidata_clickhouse/tasks Expand file tree Collapse file tree Original file line number Diff line number Diff line change 88 set_fact :
99 ch_nft_rule : ' {{ ch_nft_rule | default([]) + ['' add rule inet filter input ip saddr '' + item.ip + '' tcp dport 9000 counter accept comment "incoming clickhouse from '' + item.fqdn + '' "'' ] }}'
1010 loop : " {{ nftables_clickhouse_allow | rejectattr('fqdn', 'eq', inventory_hostname) | list }}"
11+ tags :
12+ - nftables
1113
1214- name : Create nftables rule for clickhouse inter-server communication
1315 set_fact :
1416 is_nft_rule : ' {{ is_nft_rule | default([]) + ['' add rule inet filter input ip saddr '' + item.ip + '' tcp dport 9009 counter accept comment "incoming clickhouse from '' + item.fqdn + '' "'' ] }}'
1517 loop : " {{ nftables_clickhouse_allow | rejectattr('fqdn', 'eq', inventory_hostname) | list }}"
18+ tags :
19+ - nftables
1620
1721- name : Create nftables rule for zookeeper
1822 set_fact :
1923 zk_nft_rule : ' {{ zk_nft_rule | default([]) + ['' add rule inet filter input ip saddr '' + item.ip + '' tcp dport 9181 counter accept comment "incoming zookeeper from '' + item.fqdn + '' "'' ] }}'
2024 loop : " {{ nftables_zookeeper_allow | rejectattr('fqdn', 'eq', inventory_hostname) | list }}"
25+ tags :
26+ - nftables
2127
2228- name : Create nftables rule for raft port
2329 set_fact :
2430 raft_nft_rule : ' {{ raft_nft_rule | default([]) + ['' add rule inet filter input ip saddr '' + item.ip + '' tcp dport 9234 counter accept comment "incoming raft from '' + item.fqdn + '' "'' ] }}'
2531 loop : " {{ nftables_zookeeper_allow | rejectattr('fqdn', 'eq', inventory_hostname) | list }}"
32+ tags :
33+ - nftables
2634
2735- ansible.builtin.include_role :
2836 name : nftables
You can’t perform that action at this time.
0 commit comments