[fix] setup firewall and change ssh port via bench

2025-02-13 08:18:27 +00:00 · 2017-09-08 20:40:16 +05:30 · 2017-09-08 20:40:16 +05:30 · ffd6ad7c12
commit ffd6ad7c12
parent 57499b8500
3 changed files with 31 additions and 12 deletions
--- a/bench/commands/setup.py
+++ b/bench/commands/setup.py
@ -76,24 +76,35 @@ def setup_env():
 	setup_env()

@click.command('firewall')
-def setup_firewall():
+@click.option('--ssh_port')
+@click.option('--force')
+def setup_firewall(ssh_port=None, force=False):
 	"Setup firewall"
 	from bench.utils import run_playbook
-	click.confirm('Setting up the firewall will block all ports except 80, 443 and 22\n'
-		'Do you want to continue?',
-		abort=True)
-	run_playbook('production/setup_firewall.yml')
+
+	if not force:
+		click.confirm('Setting up the firewall will block all ports except 80, 443 and 22\n'
+			'Do you want to continue?',
+			abort=True)
+
+	if not ssh_port:
+		ssh_port = 22
+
+	run_playbook('production/setup_firewall.yml', {"ssh_port": ssh_port})

@click.command('ssh-port')
@click.argument('port')
-def set_ssh_port(port):
+@click.option('--force')
+def set_ssh_port(port, force=False):
 	"Set SSH Port"
 	from bench.utils import run_playbook
-	click.confirm('This will change your SSH Port to {}\n'
-		'Do you want to continue?'.format(port),
-		abort=True)
-	run_playbook('production/change_ssh_port.yml', {"ssh_port": port})

+	if not force:
+		click.confirm('This will change your SSH Port to {}\n'
+			'Do you want to continue?'.format(port),
+			abort=True)
+
+	run_playbook('production/change_ssh_port.yml', {"ssh_port": port})

@click.command('lets-encrypt')
@click.argument('site')
--- a/playbooks/production/change_ssh_port.yml
+++ b/playbooks/production/change_ssh_port.yml
@ -12,3 +12,8 @@

    - name: restart ssh
      service: name=sshd state=reloaded
+
+    - name: Change ansible ssh port to 2332
+      set_fact:
+        ansible_ssh_port: '{{ ssh_port }}'
+
--- a/playbooks/production/setup_firewall.yml
+++ b/playbooks/production/setup_firewall.yml
@ -4,6 +4,9 @@

  tasks:
      # For CentOS
+    - name: Enable SELinux
+      selinux: policy=targeted state=permissive
+
    - name: Install firewalld
      yum: name=firewalld state=present
      when: ansible_distribution == 'CentOS'
@ -17,7 +20,7 @@
      with_items:
        - 80
        - 443
-        - 22
+        - {{ ssh_port }}
      when: ansible_distribution == 'CentOS'

    - name: Restart Firewall
@ -38,6 +41,6 @@
      with_items:
        - 80
        - 443
-        - 22
+        - {{ ssh_port }}
      when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'