Allow disabling firewall setup (#141)

* add flag to disable firewall setup * add documentation of the above
canonical · Aug 18, 2023 · 9bdcec7 · 9bdcec7
1 parent 9ab80c8
commit 9bdcec7
Show file tree

Hide file tree

Showing 8 changed files with 10 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -149,6 +149,8 @@ There are additional optional variables that can be passed to the playbooks:
 - **enable_tls**: Whether MAAS should enable TLS\
   Default: `false` (only valid for MAAS >= 3.2)
 
+- **enable_firewall**: Whether MAAS should configure the firewall\
+  Default: `true`
 - ### MAAS Vault (only valid for MAAS >= 3.3)
 
   - **vault_integration**: Whether MAAS Should use Vault for secret storage\

diff --git a/group_vars/all/01-maas b/group_vars/all/01-maas
@@ -3,6 +3,8 @@
 # Standard MAAS Variables
 enable_tls: false           # Use TLS for MAAS communication
 
+enable_firewall: true       # Run the firewall setup tasks.
+
 # Installation variables
 maas_install_deb: "{{ maas_installation_type == 'deb' }}"
 maas_snap_channel: "stable"     # if using snap, then the channel. ie: stable, beta, edge

diff --git a/roles/maas_pacemaker/tasks/main.yaml b/roles/maas_pacemaker/tasks/main.yaml
@@ -113,3 +113,4 @@
       - "{{ maas_pgsql_check_port|default(23267) }}"
     maas_pg_udp_ports:
       - 5405
+  when: enable_firewall
diff --git a/roles/maas_postgres/tasks/main.yaml b/roles/maas_postgres/tasks/main.yaml
@@ -22,4 +22,4 @@
   ansible.builtin.include_role:
     name: maas_firewall
     tasks_from: setup_firewall_rules
-  when: ('maas_region_controller' not in group_names) and ('maas_pacemaker' not in group_names)
+  when: ('maas_region_controller' not in group_names) and ('maas_pacemaker' not in group_names) and ( enable_firewall )
diff --git a/roles/maas_postgres_proxy/tasks/main.yaml b/roles/maas_postgres_proxy/tasks/main.yaml
@@ -23,4 +23,4 @@
   ansible.builtin.include_role:
     name: maas_firewall
     tasks_from: setup_firewall_rules
-  when: ('maas_region_controller' not in group_names and 'maas_rack_controller' not in group_names)
+  when: ('maas_region_controller' not in group_names and 'maas_rack_controller' not in group_names) and ( enable_firewall )
diff --git a/roles/maas_proxy/tasks/main.yml b/roles/maas_proxy/tasks/main.yml
@@ -23,4 +23,4 @@
   ansible.builtin.include_role:
     name: maas_firewall
     tasks_from: setup_firewall_rules
-  when: ('maas_region_controller' not in group_names and 'maas_rack_controller' not in group_names)
+  when: ('maas_region_controller' not in group_names and 'maas_rack_controller' not in group_names) and (enable_firewall)
diff --git a/roles/maas_rack_controller/tasks/main.yaml b/roles/maas_rack_controller/tasks/main.yaml
@@ -41,3 +41,4 @@
   ansible.builtin.include_role:
     name: maas_firewall
     tasks_from: setup_firewall_rules
+  when: enable_firewall
diff --git a/roles/maas_region_controller/tasks/main.yaml b/roles/maas_region_controller/tasks/main.yaml
@@ -65,3 +65,4 @@
   ansible.builtin.include_role:
     name: maas_firewall
     tasks_from: setup_firewall_rules
+  when: enable_firewall