Getting started

Example inventory

The debops.ferm role is part of the default DebOps playbook an run on all hosts which are part of the [debops_all_hosts] group. To use this role with DebOps it's therefore enough to add your host to the mentioned host group (which most likely it is already):

[debops_all_hosts]
hostname

Example playbook

Here's an example playbook which uses the debops.ferm role:

---

- name: Manage firewall using ferm
  collections: [ 'debops.debops', 'debops.roles01',
                 'debops.roles02', 'debops.roles03' ]
  hosts: [ 'debops_all_hosts', 'debops_service_ferm' ]
  become: True

  environment: '{{ inventory__environment | d({})
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'

  roles:

    - role: ferm
      tags: [ 'role::ferm', 'skip::ferm' ]

Ansible tags

You can use Ansible --tags or --skip-tags parameters to limit what tasks are performed during Ansible run. This can be used after a host was first configured to speed up playbook execution, when you are sure that most of the configuration is already in the desired state.

Available role tags:

role::ferm

Main role tag, should be used in the playbook to execute all of the role tasks as well as role dependencies.

role::ferm:custom_files

Copy custom ferm configuration files to remote hosts.

role::ferm:rules

Run tasks to add or remove ferm rules and configure IP packet forwarding.