states for firewalld and hostname

2021-09-22 16:33:46 +02:00 · 2021-09-22 16:33:46 +02:00 · 69d01048c1
commit 69d01048c1
parent 04bf1ccbc4
4 changed files with 83 additions and 0 deletions
--- a/salt/states/firewalld/init.sls
+++ b/salt/states/firewalld/init.sls
@ -0,0 +1,31 @@
+Configure firewalld for external interface:
+  firewalld.present:
+    - name: external
+    - masquerade: True
+    - prune_ports: True
+    - prune_services: True
+    - prune_interfaces: True
+    - interfaces:
+      - {{ pillar['network']['interface']['external'] }}
+    - services:
+      - ssh
+
+Configure firewalld for internal networks:
+  firewalld.present:
+    - name: internal
+    - prune_ports: True
+    - prune_services: True
+    - prune_interfaces: True
+    - interfaces:
+      - {{ pillar['network']['interface']['internal'] }}
+      {% for vlan in pillar['network']['vlan'] -%}
+      - vlan.{{ vlan['id'] }}
+      {% endfor %}
+    - services:
+      - ssh
+      - dhcp
+      - tftp
+      - http
+      - https
+      - dns
+      - ntp
--- a/salt/states/hostname/files/hostname.jinja
+++ b/salt/states/hostname/files/hostname.jinja
@ -0,0 +1,2 @@
+{% set hostname = pillar['network']['hostname'] -%}
+{{ hostname }}
--- a/salt/states/hostname/files/hosts.jinja
+++ b/salt/states/hostname/files/hosts.jinja
@ -0,0 +1,26 @@
+{% set ip = pillar['network']['ip'] -%}
+{% set hostname = pillar['network']['hostname'] -%}
+{% set domain = pillar['network']['domain'] -%}
+#
+# hosts         This file describes a number of hostname-to-address
+#               mappings for the TCP/IP subsystem.  It is mostly
+#               used at boot time, when no name servers are running.
+#               On small systems, this file can be used instead of a
+#               "named" name server.
+# Syntax:
+#    
+# IP-Address  Full-Qualified-Hostname  Short-Hostname
+#
+
+127.0.0.1	localhost
+{{ ip }}	{{ hostname }}.{{ domain }}	{{ hostname }}
+# special IPv6 addresses
+::1             localhost ipv6-localhost ipv6-loopback
+
+fe00::0         ipv6-localnet
+
+ff00::0         ipv6-mcastprefix
+ff02::1         ipv6-allnodes
+ff02::2         ipv6-allrouters
+ff02::3         ipv6-allhosts
+
--- a/salt/states/hostname/init.sls
+++ b/salt/states/hostname/init.sls
@ -0,0 +1,24 @@
+Configure hosts file:
+  file.managed:
+    - name: /etc/hosts
+    - source: salt://hostname/files/hosts.jinja
+    - template: jinja
+    - user: root
+    - group: root
+    - mode: "0644"
+
+Configure hostname file:
+  file.managed:
+    - name: /etc/hostname
+    - source: salt://hostname/files/hostname.jinja
+    - template: jinja
+    - user: root
+    - group: root
+    - mode: "0644"
+
+Run hostname command:
+  cmd.run:
+    - name: hostname {{ pillar['network']['hostname'] }}
+    - onchanges:
+      - file: Configure hosts file
+      - file: Configure hostname file