Ansible\u4f7f\u7528firewalld\u6a21\u5757\u914d\u7f6e\u9632\u706b\u5899\u89c4\u5219\u3002\u6240\u6709\u670d\u52a1\u90fd\u662f\u57fa\u4e8eTCP\u6216UDP\u7684\u67d0\u4e9b\u7aef\u53e3\uff0c\u6bd4\u5982http\u670d\u52a1\u57fa\u4e8eTCP80\u7aef\u53e3\uff0c\u914d\u7f6e\u670d\u52a1\u5668\u7684\u9632\u706b\u5899\uff0c\u53ea\u9700\u8981\u5728\u9632\u706b\u5899\u89c4\u5219\u4e2d\u6dfb\u52a0\u6216\u5220\u9664\u670d\u52a1\u6216\u7aef\u53e3\u5373\u53ef\u3002\u9632\u706b\u5899\u8bbe\u7f6e\u9ed8\u8ba4\u89c4\u5219\u4e3a\u62d2\u7edd\uff0c\u6ca1\u6709\u660e\u786e\u5f00\u653e\u7684\uff0c\u90fd\u9ed8\u8ba4\u62d2\u7edd\u3002<\/strong><\/p>\n firewalld\u6a21\u5757\u5e38\u7528\u9009\u9879\uff1a<\/strong><\/p>\n \u914d\u7f6e\u9632\u706b\u5899\u89c4\u5219\uff0c\u653e\u884chttp\u534f\u8bae\uff0c\u4ee3\u7801\u793a\u610f\u5982\u4e0b\uff1a<\/strong><\/p>\n firewalld\u6a21\u5757\u4ecb\u7ecd Ansible\u4f7f\u7528firewalld\u6a21\u5757\u914d\u7f6e\u9632\u706b\u5899\u89c4\u5219\u3002\u6240\u6709\u670d\u52a1\u90fd\u662f\u57fa\u4e8eTCP\u6216UDP\u7684\u67d0\u4e9b\u7aef\u53e3\uff0c\u6bd4\u5982http\u670d\u52a1\u57fa\u4e8eTCP80\u7aef\u53e3\uff0c\u914d\u7f6e\u670d\u52a1\u5668\u7684\u9632\u706b\u5899\uff0c\u53ea\u9700\u8981\u5728\u9632\u706b\u5899\u89c4\u5219\u4e2d\u6dfb\u52a0\u6216\u5220\u9664\u670d\u52a1\u6216\u7aef\u53e3\u5373\u53ef\u3002\u9632\u706b\u5899\u8bbe\u7f6e\u9ed8\u8ba4\u89c4\u5219\u4e3a\u62d2\u7edd\uff0c\u6ca1\u6709\u660e\u786e\u5f00\u653e\u7684\uff0c\u90fd\u9ed8\u8ba4\u62d2\u7edd\u3002 firewalld\u6a21\u5757\u5e38\u7528\u9009\u9879\uff1a port\uff1a\u58f0\u660e\u7aef\u53e3 permanent\uff1a\u6c38\u4e45\u751f\u6548\uff0c\u4f46\u4e0d\u4f1a\u7acb\u5373\u751f\u6548 immediate\uff1a\u7acb\u5373\u751f\u6548\uff0c\u4e34\u65f6\u751f\u6548 state\uff1aenabled\uff0c\u653e\u884c\uff1bdisabled\u62d2\u7edd \u914d\u7f6e\u9632\u706b\u5899\u89c4\u5219\uff0c\u653e\u884chttp\u534f\u8bae\uff0c\u4ee3\u7801\u793a\u610f\u5982\u4e0b\uff1a [root@pubserver ansible]# vim firewall.yml — – name: configure webservers hosts: webservers tasks: – name: install nginx pkg yum: # \u8c03\u7528yum\u6a21\u5757\u5b89\u88c5nginx name: nginx state: present – name: start nginx service service: # \u5f00\u542fnginx\u670d\u52a1\uff0c\u5e76\u8bbe\u7f6e\u5f00\u673a\u81ea\u542f name: nginx state: started enabled: yes – name: install firewalld pkg yum: # \u8c03\u7528yum\u6a21\u5757\u5b89\u88c5firewalld name: firewalld state: present – name: start firewalld service service: # \u542f\u52a8firewalld\u670d\u52a1\uff0c\u5e76\u8bbe\u7f6e\u5f00\u673a\u81ea\u542f name: firewalld state: started enabled: yes – name: set firewalld rules firewalld: # \u8bbe\u7f6e\u9632\u706b\u5899\uff0c\u5f00\u542f80\u7aef\u53e3 port: 80\/tcp permanent: yes immediate: yes state: enabled # \u8fd0\u884cplaybook [root@pubserver ansible]# ansible-playbook firewall.yml PLAY [configure webservers] *********************************************************************************************************************** TASK [Gathering Facts] **************************************************************************************************************************** ok: [web2] ok: [web1] TASK [install nginx pkg] ************************************************************************************************************************** changed: [web2] changed: [web1] TASK [start nginx service] ************************************************************************************************************************ changed: [web2] changed: [web1] TASK [install firewalld pkg] ********************************************************************************************************************** ok: [web2] ok: [web1] TASK [start firewalld service] ******************************************************************************************************************** ok: [web2] ok: [web1] TASK [set firewalld rules] ****************************************…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6],"tags":[],"class_list":["post-222","post","type-post","status-publish","format-standard","hentry","category-lixx"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/xianyijitan.top\/index.php?rest_route=\/wp\/v2\/posts\/222","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/xianyijitan.top\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xianyijitan.top\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xianyijitan.top\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/xianyijitan.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=222"}],"version-history":[{"count":2,"href":"https:\/\/xianyijitan.top\/index.php?rest_route=\/wp\/v2\/posts\/222\/revisions"}],"predecessor-version":[{"id":224,"href":"https:\/\/xianyijitan.top\/index.php?rest_route=\/wp\/v2\/posts\/222\/revisions\/224"}],"wp:attachment":[{"href":"https:\/\/xianyijitan.top\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=222"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xianyijitan.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=222"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xianyijitan.top\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=222"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
[root@pubserver ansible]# vim firewall.yml\n---\n- name: configure webservers\n hosts: webservers\n tasks:\n - name: install nginx pkg\n yum: # \u8c03\u7528yum\u6a21\u5757\u5b89\u88c5nginx\n name: nginx\n state: present\n\n - name: start nginx service\n service: # \u5f00\u542fnginx\u670d\u52a1\uff0c\u5e76\u8bbe\u7f6e\u5f00\u673a\u81ea\u542f\n name: nginx\n state: started\n enabled: yes\n\n - name: install firewalld pkg\n yum: # \u8c03\u7528yum\u6a21\u5757\u5b89\u88c5firewalld\n name: firewalld\n state: present\n\n - name: start firewalld service\n service: # \u542f\u52a8firewalld\u670d\u52a1\uff0c\u5e76\u8bbe\u7f6e\u5f00\u673a\u81ea\u542f\n name: firewalld\n state: started\n enabled: yes\n\n - name: set firewalld rules\n firewalld: # \u8bbe\u7f6e\u9632\u706b\u5899\uff0c\u5f00\u542f80\u7aef\u53e3\n port: 80\/tcp\n permanent: yes\n immediate: yes\n state: enabled\n\n# \u8fd0\u884cplaybook\n[root@pubserver ansible]# ansible-playbook firewall.yml \n\nPLAY [configure webservers] ***********************************************************************************************************************\n\nTASK [Gathering Facts] ****************************************************************************************************************************\nok: [web2]\nok: [web1]\n\nTASK [install nginx pkg] **************************************************************************************************************************\nchanged: [web2]\nchanged: [web1]\n\nTASK [start nginx service] ************************************************************************************************************************\nchanged: [web2]\nchanged: [web1]\n\nTASK [install firewalld pkg] **********************************************************************************************************************\nok: [web2]\nok: [web1]\n\nTASK [start firewalld service] ********************************************************************************************************************\nok: [web2]\nok: [web1]\n\nTASK [set firewalld rules] ************************************************************************************************************************\nchanged: [web2]\nchanged: [web1]\n\nPLAY RECAP ****************************************************************************************************************************************\nweb1 : ok=6 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 \nweb2 : ok=6 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"