From 69d01048c1a27e53c69605ff66bbca40483d39d1 Mon Sep 17 00:00:00 2001 From: Jonas Forsberg Date: Wed, 22 Sep 2021 16:33:46 +0200 Subject: [PATCH] states for firewalld and hostname --- salt/states/firewalld/init.sls | 31 +++++++++++++++++++++++ salt/states/hostname/files/hostname.jinja | 2 ++ salt/states/hostname/files/hosts.jinja | 26 +++++++++++++++++++ salt/states/hostname/init.sls | 24 ++++++++++++++++++ 4 files changed, 83 insertions(+) create mode 100644 salt/states/firewalld/init.sls create mode 100644 salt/states/hostname/files/hostname.jinja create mode 100644 salt/states/hostname/files/hosts.jinja create mode 100644 salt/states/hostname/init.sls diff --git a/salt/states/firewalld/init.sls b/salt/states/firewalld/init.sls new file mode 100644 index 0000000..ced4987 --- /dev/null +++ b/salt/states/firewalld/init.sls @@ -0,0 +1,31 @@ +Configure firewalld for external interface: + firewalld.present: + - name: external + - masquerade: True + - prune_ports: True + - prune_services: True + - prune_interfaces: True + - interfaces: + - {{ pillar['network']['interface']['external'] }} + - services: + - ssh + +Configure firewalld for internal networks: + firewalld.present: + - name: internal + - prune_ports: True + - prune_services: True + - prune_interfaces: True + - interfaces: + - {{ pillar['network']['interface']['internal'] }} + {% for vlan in pillar['network']['vlan'] -%} + - vlan.{{ vlan['id'] }} + {% endfor %} + - services: + - ssh + - dhcp + - tftp + - http + - https + - dns + - ntp diff --git a/salt/states/hostname/files/hostname.jinja b/salt/states/hostname/files/hostname.jinja new file mode 100644 index 0000000..c79e134 --- /dev/null +++ b/salt/states/hostname/files/hostname.jinja @@ -0,0 +1,2 @@ +{% set hostname = pillar['network']['hostname'] -%} +{{ hostname }} diff --git a/salt/states/hostname/files/hosts.jinja b/salt/states/hostname/files/hosts.jinja new file mode 100644 index 0000000..5acbc62 --- /dev/null +++ b/salt/states/hostname/files/hosts.jinja @@ -0,0 +1,26 @@ +{% set ip = pillar['network']['ip'] -%} +{% set hostname = pillar['network']['hostname'] -%} +{% set domain = pillar['network']['domain'] -%} +# +# hosts This file describes a number of hostname-to-address +# mappings for the TCP/IP subsystem. It is mostly +# used at boot time, when no name servers are running. +# On small systems, this file can be used instead of a +# "named" name server. +# Syntax: +# +# IP-Address Full-Qualified-Hostname Short-Hostname +# + +127.0.0.1 localhost +{{ ip }} {{ hostname }}.{{ domain }} {{ hostname }} +# special IPv6 addresses +::1 localhost ipv6-localhost ipv6-loopback + +fe00::0 ipv6-localnet + +ff00::0 ipv6-mcastprefix +ff02::1 ipv6-allnodes +ff02::2 ipv6-allrouters +ff02::3 ipv6-allhosts + diff --git a/salt/states/hostname/init.sls b/salt/states/hostname/init.sls new file mode 100644 index 0000000..8261a52 --- /dev/null +++ b/salt/states/hostname/init.sls @@ -0,0 +1,24 @@ +Configure hosts file: + file.managed: + - name: /etc/hosts + - source: salt://hostname/files/hosts.jinja + - template: jinja + - user: root + - group: root + - mode: "0644" + +Configure hostname file: + file.managed: + - name: /etc/hostname + - source: salt://hostname/files/hostname.jinja + - template: jinja + - user: root + - group: root + - mode: "0644" + +Run hostname command: + cmd.run: + - name: hostname {{ pillar['network']['hostname'] }} + - onchanges: + - file: Configure hosts file + - file: Configure hostname file