add task for opening ports on firewall

Signed-off-by: Jakub Sokołowski <[email protected]>
status-im · Sep 22, 2022 · ebf86bf · ebf86bf
1 parent 1a049ec
commit ebf86bf
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 0 deletions.
diff --git a/meta/main.yml b/meta/main.yml
@@ -10,6 +10,9 @@ galaxy_info:
       versions:
         - xenial
   dependencies:
+    - name: open-ports
+      src: [email protected]:status-im/infra-role-open-ports.git
+      scm: git
     - name: systemd-timer
       src: [email protected]:status-im/infra-role-systemd-timer.git
       scm: git

diff --git a/tasks/firewall.yml b/tasks/firewall.yml
@@ -0,0 +1,9 @@
+---
+- name: Open service ports in iptables
+  include_role: name=open-ports
+  vars:
+    open_ports_default_comment: '{{ validator_client_service_name }}'
+    open_ports_default_chain: 'VPN'
+    open_ports_list:
+      - { port: '{{ validator_client_metrics_port }}',    ipset: 'metrics.hq' }
+      - { port: '{{ validator_client_keymanager_port }}', ipset: '{{ env }}.{{ stage }}' }
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -6,4 +6,5 @@
 - include_tasks: service.yml
 - import_tasks: validators.yml
   when: validator_client_dist_validators_enabled
+- include_tasks: firewall.yml
 #- include_tasks: consul.yml