diff --git a/hosts b/hosts index 56313c0..39f0ca6 100644 --- a/hosts +++ b/hosts @@ -1431,7 +1431,6 @@ gw-d11.oopen.de gw-flr.oopen.de gw-replacement.local.netz gw-replacement2.local.netz -gw-replacement3.local.netz gw-replacement.wf.netz @@ -1453,6 +1452,8 @@ ga-st-gw.ga.netz ga-al-gw.ga.netz ga-nh-gw.ga.netz +gw-replacement3.local.netz + [warenform_server] diff --git a/roles/modify-ipt-gateway-ro/tasks/main.yml b/roles/modify-ipt-gateway-ro/tasks/main.yml index 73f1239..9118cd0 100644 --- a/roles/modify-ipt-gateway-ro/tasks/main.yml +++ b/roles/modify-ipt-gateway-ro/tasks/main.yml @@ -157,6 +157,47 @@ - nc_talk_out_ipv6_present is changed +# --- +# allow_webex_video_conference_out +# --- + +- name: Check if String 'allow_webex_video_conference_out..' (IPv4) is present + shell: grep -q -E "^allow_webex_video_conference_out=" /ro/etc/ipt-firewall/main_ipv4.conf + register: webex_video_conference_out_ipv4_present + when: main_ipv4_exists.stat.exists + failed_when: "webex_video_conference_out_ipv4_present.rc > 1" + changed_when: "webex_video_conference_out_ipv4_present.rc > 0" + +- name: Adjust file '/ro/etc/ipt-firewall/main_ipv4.conf' (webex) + lineinfile: + dest: /ro/etc/ipt-firewall/main_ipv4.conf + state: present + regexp: '^allow_webex_video_conference_out' + line: 'allow_webex_video_conference_out=true' + insertafter: '^#?\s*allow_bigbluebutton_video_conference_out' + when: + - main_ipv4_exists.stat.exists + - webex_video_conference_out_ipv4_present is changed + +- name: Check if String 'allow_webex_video_conference_out..' (IPv6) is present + shell: grep -q -E "^allow_webex_video_conference_out=" /ro/etc/ipt-firewall/main_ipv6.conf + register: webex_video_conference_out_ipv6_present + when: main_ipv6_exists.stat.exists + failed_when: "webex_video_conference_out_ipv6_present.rc > 1" + changed_when: "webex_video_conference_out_ipv6_present.rc > 0" + +- name: Adjust file '/ro/etc/ipt-firewall/main_ipv6.conf' (webex) + lineinfile: + dest: /ro/etc/ipt-firewall/main_ipv6.conf + state: present + regexp: '^allow_webex_video_conference_out' + line: 'allow_webex_video_conference_out=true' + insertafter: '^#?\s*allow_bigbluebutton_video_conference_out' + when: + - main_ipv6_exists.stat.exists + - webex_video_conference_out_ipv6_present is changed + + # --- # allow_alfaview_video_conference_out # --- @@ -553,6 +594,86 @@ - jitsi_service_ipv6_present is changed +# --- +# webex video conference service +# --- + +- name: Check if String 'webex_tcp_ports=..' (IPv4) is present + shell: grep -q -E "^webex_tcp_ports=" /ro/etc/ipt-firewall/main_ipv4.conf + register: webex_service_ipv4_present + when: main_ipv4_exists.stat.exists + failed_when: "webex_service_ipv4_present.rc > 1" + changed_when: "webex_service_ipv4_present.rc > 0" + +- name: Adjust file '/ro/etc/ipt-firewall/main_ipv4.conf' (webex service) + blockinfile: + path: /ro/etc/ipt-firewall/main_ipv4.conf + insertafter: '^#?\s*bigbluebutton_udp_ports' + block: | + + # ====== + # - Webex Meeting + # ====== + + # - Webex Meeting (Videokonferenz) + # - + # - TCP 80/443: Outbound Client Zugriffsport und Webes Events (Audiostreaming) + # - + # - UDP 9000: Outbound (VoIP and RTP) + # - + # - --- + # - + # - TCP 5004: Fall-back ports for media connectivity when UDP port 9000 + # - is not open in the firewall + # - + webex_tcp_ports="$standard_webex_tcp_ports" + webex_udp_ports="$standard_webex_udp_ports" + + webex_tcp_fall_back_ports="$standard_webex_tcp_fall_back_ports" + marker: "# Marker set by modify-ipt-gateway.yml (webex service)" + when: + - main_ipv4_exists.stat.exists + - webex_service_ipv4_present is changed + +- name: Check if String 'webex_tcp_ports=..' (IPv6) is present + shell: grep -q -E "^webex_tcp_ports=" /ro/etc/ipt-firewall/main_ipv6.conf + register: webex_service_ipv6_present + when: main_ipv6_exists.stat.exists + failed_when: "webex_service_ipv6_present.rc > 1" + changed_when: "webex_service_ipv6_present.rc > 0" + +- name: Adjust file '/ro/etc/ipt-firewall/main_ipv6.conf' (webex service) + blockinfile: + path: /ro/etc/ipt-firewall/main_ipv6.conf + insertafter: '^#?\s*bigbluebutton_udp_ports' + block: | + + # ====== + # - Webex Meeting + # ====== + + # - Webex Meeting (Videokonferenz) + # - + # - TCP 80/443: Outbound Client Zugriffsport und Webes Events (Audiostreaming) + # - + # - UDP 9000: Outbound (VoIP and RTP) + # - + # - --- + # - + # - TCP 5004: Fall-back ports for media connectivity when UDP port 9000 + # - is not open in the firewall + # - + webex_tcp_ports="$standard_webex_tcp_ports" + webex_udp_ports="$standard_webex_udp_ports" + + webex_tcp_fall_back_ports="$standard_webex_tcp_fall_back_ports" + marker: "# Marker set by modify-ipt-gateway.yml (webex service)" + when: + - main_ipv6_exists.stat.exists + - webex_service_ipv6_present is changed + + + # --- # alfaview video conference service # --- @@ -564,7 +685,7 @@ failed_when: "alfaview_service_ipv4_present.rc > 1" changed_when: "alfaview_service_ipv4_present.rc > 0" -- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (alfaview service) +- name: Adjust file '/ro/etc/ipt-firewall/main_ipv4.conf' (alfaview service) blockinfile: path: /ro/etc/ipt-firewall/main_ipv4.conf insertafter: '^#?\s*mumble_ports' @@ -721,7 +842,7 @@ # 1 -> changed # 2 -> not present failed_when: "diff_script_output.rc > 2" - when: git_firewall_repository is defined and git_firewall_repository > 0 + when: (git_firewall_repository is defined) and (git_firewall_repository|length > 0) loop: - default_ports.conf - include_functions.conf @@ -743,7 +864,7 @@ - logging_ipv6.conf - post_decalrations.conf when: - - git_firewall_repository is defined and git_firewall_repository > 0 + - (git_firewall_repository is defined) and (git_firewall_repository|length > 0) - diff_script_output.changed notify: - Restart IPv4 Firewall @@ -761,7 +882,7 @@ # 1 -> changed # 2 -> not present failed_when: "diff_script_output.rc > 2" - when: git_firewall_repository is defined and git_firewall_repository > 0 + when: (git_firewall_repository is defined) and (git_firewall_repository|length > 0) loop: - ipt-firewall-gateway - ip6t-firewall-gateway @@ -773,7 +894,7 @@ - ipt-firewall-gateway - ip6t-firewall-gateway when: - - git_firewall_repository is defined and git_firewall_repository > 0 + - (git_firewall_repository is defined) and (git_firewall_repository|length > 0) - diff_script_output.changed notify: - Restart IPv4 Firewall diff --git a/roles/modify-ipt-gateway/tasks/main.yml b/roles/modify-ipt-gateway/tasks/main.yml index ea1d8b6..cfe9e9c 100644 --- a/roles/modify-ipt-gateway/tasks/main.yml +++ b/roles/modify-ipt-gateway/tasks/main.yml @@ -206,6 +206,47 @@ - bigbluebutton_video_conference_out_ipv6_present is changed +# --- +# allow_webex_video_conference_out +# --- + +- name: Check if String 'allow_webex_video_conference_out..' (IPv4) is present + shell: grep -q -E "^allow_webex_video_conference_out=" /etc/ipt-firewall/main_ipv4.conf + register: webex_video_conference_out_ipv4_present + when: main_ipv4_exists.stat.exists + failed_when: "webex_video_conference_out_ipv4_present.rc > 1" + changed_when: "webex_video_conference_out_ipv4_present.rc > 0" + +- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (webex) + lineinfile: + dest: /etc/ipt-firewall/main_ipv4.conf + state: present + regexp: '^allow_webex_video_conference_out' + line: 'allow_webex_video_conference_out=true' + insertafter: '^#?\s*allow_bigbluebutton_video_conference_out' + when: + - main_ipv4_exists.stat.exists + - webex_video_conference_out_ipv4_present is changed + +- name: Check if String 'allow_webex_video_conference_out..' (IPv6) is present + shell: grep -q -E "^allow_webex_video_conference_out=" /etc/ipt-firewall/main_ipv6.conf + register: webex_video_conference_out_ipv6_present + when: main_ipv6_exists.stat.exists + failed_when: "webex_video_conference_out_ipv6_present.rc > 1" + changed_when: "webex_video_conference_out_ipv6_present.rc > 0" + +- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (webex) + lineinfile: + dest: /etc/ipt-firewall/main_ipv6.conf + state: present + regexp: '^allow_webex_video_conference_out' + line: 'allow_webex_video_conference_out=true' + insertafter: '^#?\s*allow_bigbluebutton_video_conference_out' + when: + - main_ipv6_exists.stat.exists + - webex_video_conference_out_ipv6_present is changed + + # --- # allow_alfaview_video_conference_out # --- @@ -601,6 +642,85 @@ - jitsi_service_ipv6_present is changed +# --- +# webex video conference service +# --- + +- name: Check if String 'webex_tcp_ports=..' (IPv4) is present + shell: grep -q -E "^webex_tcp_ports=" /etc/ipt-firewall/main_ipv4.conf + register: webex_service_ipv4_present + when: main_ipv4_exists.stat.exists + failed_when: "webex_service_ipv4_present.rc > 1" + changed_when: "webex_service_ipv4_present.rc > 0" + +- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (webex service) + blockinfile: + path: /etc/ipt-firewall/main_ipv4.conf + insertafter: '^#?\s*bigbluebutton_udp_ports' + block: | + + # ====== + # - Webex Meeting + # ====== + + # - Webex Meeting (Videokonferenz) + # - + # - TCP 80/443: Outbound Client Zugriffsport und Webes Events (Audiostreaming) + # - + # - UDP 9000: Outbound (VoIP and RTP) + # - + # - --- + # - + # - TCP 5004: Fall-back ports for media connectivity when UDP port 9000 + # - is not open in the firewall + # - + webex_tcp_ports="$standard_webex_tcp_ports" + webex_udp_ports="$standard_webex_udp_ports" + + webex_tcp_fall_back_ports="$standard_webex_tcp_fall_back_ports" + marker: "# Marker set by modify-ipt-gateway.yml (webex service)" + when: + - main_ipv4_exists.stat.exists + - webex_service_ipv4_present is changed + +- name: Check if String 'webex_tcp_ports=..' (IPv6) is present + shell: grep -q -E "^webex_tcp_ports=" /etc/ipt-firewall/main_ipv6.conf + register: webex_service_ipv6_present + when: main_ipv6_exists.stat.exists + failed_when: "webex_service_ipv6_present.rc > 1" + changed_when: "webex_service_ipv6_present.rc > 0" + +- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (webex service) + blockinfile: + path: /etc/ipt-firewall/main_ipv6.conf + insertafter: '^#?\s*bigbluebutton_udp_ports' + block: | + + # ====== + # - Webex Meeting + # ====== + + # - Webex Meeting (Videokonferenz) + # - + # - TCP 80/443: Outbound Client Zugriffsport und Webes Events (Audiostreaming) + # - + # - UDP 9000: Outbound (VoIP and RTP) + # - + # - --- + # - + # - TCP 5004: Fall-back ports for media connectivity when UDP port 9000 + # - is not open in the firewall + # - + webex_tcp_ports="$standard_webex_tcp_ports" + webex_udp_ports="$standard_webex_udp_ports" + + webex_tcp_fall_back_ports="$standard_webex_tcp_fall_back_ports" + marker: "# Marker set by modify-ipt-gateway.yml (webex service)" + when: + - main_ipv6_exists.stat.exists + - webex_service_ipv6_present is changed + + # --- # alfaview video conference service # --- @@ -847,7 +967,7 @@ # 1 -> changed # 2 -> not present failed_when: "diff_script_output.rc > 2" - when: git_firewall_repository is defined and git_firewall_repository > 0 + when: (git_firewall_repository is defined) and (git_firewall_repository|length > 0) loop: - default_ports.conf - include_functions.conf @@ -869,7 +989,7 @@ - logging_ipv6.conf - post_decalrations.conf when: - - git_firewall_repository is defined and git_firewall_repository > 0 + - (git_firewall_repository is defined) and (git_firewall_repository|length > 0) - diff_script_output.changed notify: - Restart IPv4 Firewall @@ -887,7 +1007,7 @@ # 1 -> changed # 2 -> not present failed_when: "diff_script_output.rc > 2" - when: git_firewall_repository is defined and git_firewall_repository > 0 + when: (git_firewall_repository is defined) and (git_firewall_repository|length > 0) loop: - ipt-firewall-gateway - ip6t-firewall-gateway @@ -899,7 +1019,7 @@ - ipt-firewall-gateway - ip6t-firewall-gateway when: - - git_firewall_repository is defined and git_firewall_repository > 0 + - (git_firewall_repository is defined) and (git_firewall_repository|length > 0) - diff_script_output.changed notify: - Restart IPv4 Firewall