firewall -> cloud_firewall

vitabaks · Aug 13, 2024 · e6a6ce4 · e6a6ce4
1 parent ad0fa03
commit e6a6ce4
Show file tree

Hide file tree

Showing 6 changed files with 15 additions and 15 deletions.
diff --git a/roles/cloud-resources/defaults/main.yml b/roles/cloud-resources/defaults/main.yml
@@ -21,8 +21,8 @@ ssh_key_name: ""  # Name of the SSH key to be added to the server.
 # Note: If not provided, all cloud available SSH keys will be added (applicable to DigitalOcean, Hetzner).
 ssh_key_content: ""  # (optional) If provided, the public key content will be added to the cloud (directly to the server for GCP).
 
-# Security Group / Firewall
-firewall: true  # Specify 'false' if you don't want to configure Firewall rules, or want to manage them yourself.
+# Firewall / Security Group
+cloud_firewall: true  # Specify 'false' if you don't want to configure Firewall rules, or want to manage them yourself.
 
 ssh_public_access: true  # Allow public ssh access (required for deployment from the public network).
 ssh_public_allowed_ips: ""  # (comma-separated list of IP addresses in CIDR format) If empty, then public access is allowed for any IP address.

diff --git a/roles/cloud-resources/tasks/aws.yml b/roles/cloud-resources/tasks/aws.yml
@@ -193,7 +193,7 @@
             }]
           }}
       register: ec2_security_group_result
-      when: firewall | bool
+      when: cloud_firewall | bool
 
     # Server and volume
     - name: "AWS: Create or modify EC2 instance"
@@ -206,7 +206,7 @@
         image_id: "{{ server_image }}"
         key_name: "{{ ssh_key_name }}"
         region: "{{ server_location }}"
-        security_groups: "{{ ([] if not firewall | bool else [patroni_cluster_name + '-security-group']) }}"
+        security_groups: "{{ ([] if not cloud_firewall | bool else [patroni_cluster_name + '-security-group']) }}"
         vpc_subnet_id: "{{ server_network }}"
         network:
           assign_public_ip: true

diff --git a/roles/cloud-resources/tasks/azure.yml b/roles/cloud-resources/tasks/azure.yml
@@ -179,7 +179,7 @@
               'direction': 'Inbound'
             }]
           }}
-      when: firewall | bool
+      when: cloud_firewall | bool
 
     # Load Balancer
     - name: "Azure: Create public IP address for Load Balancer"

diff --git a/roles/cloud-resources/tasks/digitalocean.yml b/roles/cloud-resources/tasks/digitalocean.yml
@@ -283,7 +283,7 @@
             ] if database_public_access | bool and (not with_haproxy_load_balancing | bool and not pgbouncer_install | bool) else [])
           }}
       when:
-        - firewall | bool
+        - cloud_firewall | bool
         - (ssh_public_access | bool or netdata_public_access | bool or database_public_access | bool)
 
     - name: "DigitalOcean: Create or modify Postgres cluster firewall"
@@ -452,7 +452,7 @@
               }
             ] if dcs_type == 'consul' else [])
           }}
-      when: firewall | bool
+      when: cloud_firewall | bool
 
     # Server and volume
     - name: "DigitalOcean: Create or modify Droplet"

diff --git a/roles/cloud-resources/tasks/gcp.yml b/roles/cloud-resources/tasks/gcp.yml
@@ -109,7 +109,7 @@
         state: present
       when:
         - ssh_public_access | bool
-        - firewall | bool
+        - cloud_firewall | bool
 
     - name: "GCP: Create or modify Netdata public firewall rule"
       google.cloud.gcp_compute_firewall:
@@ -131,7 +131,7 @@
       when:
         - netdata_install | bool
         - netdata_public_access | bool
-        - firewall | bool
+        - cloud_firewall | bool
 
     - name: "GCP: Create or modify Database public firewall rule"
       google.cloud.gcp_compute_firewall:
@@ -161,7 +161,7 @@
           }}
       when:
         - database_public_access | bool
-        - firewall | bool
+        - cloud_firewall | bool
 
     - name: "GCP: Create or modify Postgres cluster firewall rule"
       google.cloud.gcp_compute_firewall:
@@ -201,7 +201,7 @@
               consul_ports_serf_wan | default('8302'),
               consul_ports_server | default('8300')] if dcs_type == 'consul' else [])
           }}
-      when: firewall | bool
+      when: cloud_firewall | bool
 
     # if 'cloud_load_balancer' is 'true'
     # https://cloud.google.com/load-balancing/docs/tcp#firewall-rules

diff --git a/roles/cloud-resources/tasks/hetzner.yml b/roles/cloud-resources/tasks/hetzner.yml
@@ -253,7 +253,7 @@
             ] if database_public_access | bool and (not with_haproxy_load_balancing | bool and not pgbouncer_install | bool) else [])
           }}
       when:
-        - firewall | bool
+        - cloud_firewall | bool
         - (ssh_public_access | bool or netdata_public_access | bool or database_public_access | bool)
 
     - name: "Hetzner Cloud: Create or modify Postgres cluster firewall"
@@ -400,7 +400,7 @@
             ] if dcs_type == 'consul' else [])
           }}
       when:
-        - firewall | bool
+        - cloud_firewall | bool
 
     # Server and volume
     - name: "Hetzner Cloud: Create or modify server"
@@ -427,9 +427,9 @@
       vars:
         firewalls_list: >-
           {{
-            ([patroni_cluster_name + '-public-firewall'] if firewall | bool and
+            ([patroni_cluster_name + '-public-firewall'] if cloud_firewall | bool and
               (ssh_public_access | bool or netdata_public_access | bool or database_public_access | bool) else []) +
-            ([patroni_cluster_name + '-firewall'] if firewall | bool else [])
+            ([patroni_cluster_name + '-firewall'] if cloud_firewall | bool else [])
           }}
 
     - name: "Hetzner Cloud: Add server to network '{{ server_network }}'"