From bef66c1f8a5500a24ae41286c3f377c07f47cd30 Mon Sep 17 00:00:00 2001
From: Georg Pfuetzenreuter
Date: Sun, 12 Feb 2023 05:54:20 +0100
Subject: ha-node: allow vrrp in firewall

Needed for keepalived operation.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
---
 pillar/role/ha-netcup.sls | 2 ++
 pillar/role/ha-node.sls   | 5 +++++
 2 files changed, 7 insertions(+)
 create mode 100644 pillar/role/ha-netcup.sls
 create mode 100644 pillar/role/ha-node.sls

(limited to 'pillar/role')

diff --git a/pillar/role/ha-netcup.sls b/pillar/role/ha-netcup.sls
new file mode 100644
index 0000000..6c2e9a8
--- /dev/null
+++ b/pillar/role/ha-netcup.sls
@@ -0,0 +1,2 @@
+include:
+  - role.ha-node
diff --git a/pillar/role/ha-node.sls b/pillar/role/ha-node.sls
new file mode 100644
index 0000000..d52076a
--- /dev/null
+++ b/pillar/role/ha-node.sls
@@ -0,0 +1,5 @@
+firewalld:
+  zones:
+    internal:
+      services:
+        - vrrp
-- 
cgit v1.2.3


From c5ce94d7b5217265cc50b6aa98a2074f4885d5eb Mon Sep 17 00:00:00 2001
From: Georg Pfuetzenreuter
Date: Sun, 12 Feb 2023 06:04:16 +0100
Subject: Manage backend firewall zone

Configure backend firewall zones if applicable. Allow all UDP for
cluster traffic.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
---
 pillar/role/ha-node.sls | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'pillar/role')

diff --git a/pillar/role/ha-node.sls b/pillar/role/ha-node.sls
index d52076a..137e1af 100644
--- a/pillar/role/ha-node.sls
+++ b/pillar/role/ha-node.sls
@@ -3,3 +3,6 @@ firewalld:
     internal:
       services:
         - vrrp
+    backend:
+      protocols:
+        - udp
-- 
cgit v1.2.3