sr2/ansible-collection-apps
4
0
Fork 0
Code Issues 11 Pull requests Projects Releases Packages Wiki Activity Actions

feat(podman_link): hub/spoke elasticsearch network access

Browse source 
Fixes: #9
This commit is contained in:
Iain Learmonth 2025-12-20 13:30:31 +00:00
parent c72e513154
commit d1707adb0c
3 changed files with 23 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
roles/podman_link/defaults/main.yml
View file

@ -26,3 +26,5 @@ podman_link_zammad_api_token: ""
podman_link_postgres_zammad_postgresql_host: zammad-postgresql podman_link_postgres_zammad_postgresql_host: zammad-postgresql
podman_link_postgres_zammad_es_host: opensearch podman_link_postgres_zammad_es_host: opensearch
podman_link_postgres_zammad_memcached_server: zammad-memcached:11211 podman_link_postgres_zammad_memcached_server: zammad-memcached:11211
# podman_link_opensearch_hub_ip:
# podman_link_opensearch_spoke_ip:

17
roles/podman_link/tasks/main.yml
View file

@ -8,6 +8,23 @@
mode: "0444" mode: "0444"
become: true become: true
- name: Allow access from hub to spoke to Opensearch using firewalld rich rule
ansible.posix.firewalld:
rich_rule: >-
rule family="ipv4"
source address="{{ podman_link_opensearch_hub_ip }}"
destination address="{{ podman_link_opensearch_spoke_ip }}"
port protocol="tcp" port="{{ item }}" accept
permanent: yes
state: enabled
with_items:
- 9200
- 9300
when:
- podman_link_opensearch_hub_ip is defined
- podman_link_opensearch_spoke_ip is defined
become: true
- name: Podman CDR Link | PATCH | Install podman and verify rootless podman user - name: Podman CDR Link | PATCH | Install podman and verify rootless podman user
ansible.builtin.include_role: ansible.builtin.include_role:
role: sr2c.core.podman_host role: sr2c.core.podman_host

4
roles/podman_link/templates/home/config/containers/systemd/zammad-opensearch.container
View file

@ -18,6 +18,10 @@ Environment=compatibility.override_main_response_version=true
Image=registry.gitlab.com/digiresilience/link/link-stack/opensearch:{{ podman_link_stack_version }} Image=registry.gitlab.com/digiresilience/link/link-stack/opensearch:{{ podman_link_stack_version }}
PublishPort=127.0.0.1:9200:9200 PublishPort=127.0.0.1:9200:9200
PublishPort=127.0.0.1:9600:9600 PublishPort=127.0.0.1:9600:9600
{% if podman_link_opensearch_spoke_ip is defined %}
PublishPort={{ podman_link_opensearch_spoke_ip }}:9200:9200
PublishPort={{ podman_link_opensearch_spoke_ip }}:9300:9300
{% endif %}
Volume=/home/{{ podman_link_podman_rootless_user }}/opensearch-data:/usr/share/opensearch/data:rw,Z Volume=/home/{{ podman_link_podman_rootless_user }}/opensearch-data:/usr/share/opensearch/data:rw,Z
Volume=/home/{{ podman_link_podman_rootless_user }}/opensearch-config.yml:/usr/share/opensearch/config/opensearch-security/config.yml:rw,Z Volume=/home/{{ podman_link_podman_rootless_user }}/opensearch-config.yml:/usr/share/opensearch/config/opensearch-security/config.yml:rw,Z
Network=zammad.network Network=zammad.network