Make the net ansible section never
run and add appropriate warnings
This commit is contained in:
parent
5d3fdfbc16
commit
78f452587a
3 changed files with 25 additions and 7 deletions
|
@ -1,24 +1,31 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- hosts: cluster_nodes
|
- hosts: cluster_nodes
|
||||||
#serial: 1
|
|
||||||
roles:
|
roles:
|
||||||
- role: common
|
- role: common
|
||||||
tags: base
|
tags: base
|
||||||
|
|
||||||
- role: users
|
- role: users
|
||||||
tags: account
|
tags: account
|
||||||
|
|
||||||
# UNSAFE
|
# UNSAFE!! This section is disabled by default, to run it the flags -t net should be added
|
||||||
# - role: network
|
# to the ansible playbook command line.
|
||||||
# tags: net
|
# Reason: when rules.{v4,v6} are changed, the whole iptables configuration is reloaded.
|
||||||
|
# This creates issues with Docker, which injects its own configuration in iptables when it starts.
|
||||||
|
# In practice, most (all?) containers will break if rules.{v4,v6} are changed,
|
||||||
|
# and docker will have to be restared.
|
||||||
|
- hosts: cluster_nodes
|
||||||
|
roles:
|
||||||
|
- role: network
|
||||||
|
tags: [ net, never ]
|
||||||
|
|
||||||
|
- hosts: cluster_nodes
|
||||||
|
serial: 1
|
||||||
|
roles:
|
||||||
- role: consul
|
- role: consul
|
||||||
tags: kv
|
tags: kv
|
||||||
|
|
||||||
- role: nomad
|
- role: nomad
|
||||||
tags: orchestrator
|
tags: orchestrator
|
||||||
|
|
||||||
# UNSAFE
|
# UNSAFE!! This section configures glusterfs. Once done, don't run it ever again as it may break stuff.
|
||||||
# - role: storage
|
# - role: storage
|
||||||
# tags: sto
|
# tags: sto
|
||||||
|
|
|
@ -1,3 +1,9 @@
|
||||||
|
# WARNING!! When rules.{v4,v6} are changed, the whole iptables configuration is reloaded.
|
||||||
|
# This creates issues with Docker, which injects its own configuration in iptables when it starts.
|
||||||
|
# In practice, most (all?) containers will break if rules.{v4,v6} are changed,
|
||||||
|
# and docker will have to be restared.
|
||||||
|
|
||||||
|
|
||||||
*filter
|
*filter
|
||||||
:INPUT DROP [0:0]
|
:INPUT DROP [0:0]
|
||||||
:FORWARD DROP [0:0]
|
:FORWARD DROP [0:0]
|
||||||
|
|
|
@ -1,3 +1,8 @@
|
||||||
|
# WARNING!! When rules.{v4,v6} are changed, the whole iptables configuration is reloaded.
|
||||||
|
# This creates issues with Docker, which injects its own configuration in iptables when it starts.
|
||||||
|
# In practice, most (all?) containers will break if rules.{v4,v6} are changed,
|
||||||
|
# and docker will have to be restared.
|
||||||
|
|
||||||
|
|
||||||
*filter
|
*filter
|
||||||
:INPUT DROP [0:0]
|
:INPUT DROP [0:0]
|
||||||
|
|
Reference in a new issue