Hi,
Suppose I have a set of profiles, each delivering a specific service to a node. For example:
profile_lms - installs Logitech Media Server
profile_plex - installed plex
Each service requires a different set of ports to be opened on the node firewall.
How can I make it so that adding a profile to a node results in any firewalld::services defined in that profile being added to the same zone on the node?
So, suppose profile_lms looks like this:
class profile_lms{
firewalld::service{'lms':
description => 'Logitech Media Server',
ports => [
# Logitech Media Server
{ port => '9000', protocol => 'tcp' },
{ port => '3483', protocol => 'tcp' },
{ port => '3483', protocol => 'udp' },
# LMS Spotify plugin
{ port => '9005', protocol => 'tcp' },
],
}
}
and profile_plex looks like this:
class profile_plex{
firewalld::service{'lms':
description => 'PLEX',
ports => [
{ port => '32400', protocol => 'tcp' },
],
}
}
And on the node in question, I include those nodes like this:
node 'media_server' {
include ::profile_lms
include ::profile_plex
}
I need to define the public zone, using something like:
firewalld::zone { 'public':
services => ['dhcpv6-client', 'ssh', 'lms', 'plex'],
}
Is there someway to "collect" all the services defined in the various profiles and add them to the public zone? Or do I need to do this somewhat differently and, say, define a new zone for each service?
R.