sap.sap_operations.firewall role – Configure firewall for SAP instances

Note

This role is part of the sap.sap_operations collection.

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it use: ansible-galaxy collection install sap.sap_operations.

To use it in a playbook, specify: sap.sap_operations.firewall.

Entry point __author__ – Author Information

Synopsis

• Kirill Satarin (@kksat)

Entry point __dependencies__ – Dependencies

Synopsis

• Role has no dependencies to other roles.

Entry point __examples__ – Example Playbooks

Synopsis

• • name: Configure firewall for SAP instances

• ansible.builtin.include_role:

• name: sap.sap_operations.firewall

Entry point __license__ – License

Synopsis

• GPL-3.0-only

Entry point __limitations__ – Limitations

Synopsis

• Only takes into account SAP instances, not databases

Entry point main – Configure firewall for SAP instances

Synopsis

• Role will fail if no firewalld service exist and running

• Role requires root access

• Role will list all SAP instances on the host and enable/disable firewalld configuration for ports exposed in AccessPointList for the instance

• Only SAP instances are taken into account, not installed databases

• Role is idempotent

Parameters

Parameter	Comments
firewall_immediate boolean	If set to true firewall configuration will be immediate Choices: false true ← (default)
firewall_permanent boolean	If set to true firewall configuration will be permanent Choices: false true ← (default)
firewall_protocol string	Firewall protocol to configure Choices: "tcp" ← (default) "udp" "sctp" "dccp"
firewall_state string	Enable or disable specified firewalld configuration Choices: "enabled" ← (default) "disabled"
firewall_zone string	Firewall zone to configure Choices: "drop" "block" "public" ← (default) "external" "dmz" "work" "home" "internal" "trusted"