firewalld loop through services/ports/sources within zones

[kingfisher77]

Hi, we aim for a scenario which seems to be not so easy achievable.

We would like to kind of reset/automate the setup of firewalld on CentOS7. With walking through defined zones setting services/ports/sources.

What we have so far: 

FIREWALLD_ZONE_SERVICE:

  - ZONE: public

    SERVICES:

      - SERVICE: http

        SERVICE_STATE: disabled

      - SERVICE: https

        SERVICE_STATE: disabled

  - ZONE: trusted

    SERVICES:

      - SERVICE: http

        SERVICE_STATE: disabled

      - SERVICE: https

        SERVICE_STATE: disabled

- name: Debug FIREWALLD_ZONE_SERVICE

  debug:

    msg: "{{ item.0.ZONE }} {{ item.1.SERVICE }} {{ item.1.SERVICE_STATE }}"

  loop: "{{ FIREWALLD_ZONE_SERVICE|subelements('SERVICES')|list }}"

Works like expected. Each zone gets configured for all given services with the related state.

We would like to condense things further and loop through zones. Something like that:

FIREWALLD_ZONE_SERVICE:

  - ZONE:

     - public

     - trusted

  - SERVICES:

      - SERVICE: http

        SERVICE_STATE: enabled

      - SERVICE: https

        SERVICE_STATE: enabled

How would the loop directive look like to loop through all zones looping through all services?

[kingfisher77]

 

Solved it: 

vars:
  FIREWALLD_ZONE_SERVICE_CLEAR:
    ZONES:
      - public
      - trusted
    SERVICES:
      - SERVICE: http
        STATE: disabled
      - SERVICE: https
        STATE: disabled

Strokes at ZONES and SERVICES were wrong. They are not lists.

task:

  - name: Debug FIREWALLD_ZONE_SERVICE
    debug:

      msg: "{{ item.0 }} {{ item.1.SERVICE }}/{{ item.1.STATE }}"
    loop: "{{ FIREWALLD_ZONE_SERVICE.ZONES|product(FIREWALLD_ZONE_SERVICE.SERVICES)|list }}"