From ffd6ad7c12d86286221a13c3729d7df55d146647 Mon Sep 17 00:00:00 2001 From: Saurabh Date: Fri, 8 Sep 2017 20:40:16 +0530 Subject: [PATCH] [fix] setup firewall and change ssh port via bench --- bench/commands/setup.py | 31 ++++++++++++++++-------- playbooks/production/change_ssh_port.yml | 5 ++++ playbooks/production/setup_firewall.yml | 7 ++++-- 3 files changed, 31 insertions(+), 12 deletions(-) diff --git a/bench/commands/setup.py b/bench/commands/setup.py index 74327d35..b0db827f 100755 --- a/bench/commands/setup.py +++ b/bench/commands/setup.py @@ -76,24 +76,35 @@ def setup_env(): setup_env() @click.command('firewall') -def setup_firewall(): +@click.option('--ssh_port') +@click.option('--force') +def setup_firewall(ssh_port=None, force=False): "Setup firewall" from bench.utils import run_playbook - click.confirm('Setting up the firewall will block all ports except 80, 443 and 22\n' - 'Do you want to continue?', - abort=True) - run_playbook('production/setup_firewall.yml') + + if not force: + click.confirm('Setting up the firewall will block all ports except 80, 443 and 22\n' + 'Do you want to continue?', + abort=True) + + if not ssh_port: + ssh_port = 22 + + run_playbook('production/setup_firewall.yml', {"ssh_port": ssh_port}) @click.command('ssh-port') @click.argument('port') -def set_ssh_port(port): +@click.option('--force') +def set_ssh_port(port, force=False): "Set SSH Port" from bench.utils import run_playbook - click.confirm('This will change your SSH Port to {}\n' - 'Do you want to continue?'.format(port), - abort=True) - run_playbook('production/change_ssh_port.yml', {"ssh_port": port}) + if not force: + click.confirm('This will change your SSH Port to {}\n' + 'Do you want to continue?'.format(port), + abort=True) + + run_playbook('production/change_ssh_port.yml', {"ssh_port": port}) @click.command('lets-encrypt') @click.argument('site') diff --git a/playbooks/production/change_ssh_port.yml b/playbooks/production/change_ssh_port.yml index a0bd21f8..715a98d0 100755 --- a/playbooks/production/change_ssh_port.yml +++ b/playbooks/production/change_ssh_port.yml @@ -12,3 +12,8 @@ - name: restart ssh service: name=sshd state=reloaded + + - name: Change ansible ssh port to 2332 + set_fact: + ansible_ssh_port: '{{ ssh_port }}' + diff --git a/playbooks/production/setup_firewall.yml b/playbooks/production/setup_firewall.yml index 00b6b893..e9242eb3 100755 --- a/playbooks/production/setup_firewall.yml +++ b/playbooks/production/setup_firewall.yml @@ -4,6 +4,9 @@ tasks: # For CentOS + - name: Enable SELinux + selinux: policy=targeted state=permissive + - name: Install firewalld yum: name=firewalld state=present when: ansible_distribution == 'CentOS' @@ -17,7 +20,7 @@ with_items: - 80 - 443 - - 22 + - {{ ssh_port }} when: ansible_distribution == 'CentOS' - name: Restart Firewall @@ -38,6 +41,6 @@ with_items: - 80 - 443 - - 22 + - {{ ssh_port }} when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'