From 8cc75f8505cb22eb7049aab9bce522a471a00ec7 Mon Sep 17 00:00:00 2001
From: Ryan Faircloth <ryan@dss-i.com>
Date: Thu, 5 Dec 2024 13:57:11 -0600
Subject: [PATCH] feat: support managing firewall rules

fix: port

fix: syntax

fix: RHEL not RedHat

fix: make immediate
---
 defaults/main.yml |  2 ++
 tasks/main.yml    | 16 ++++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/defaults/main.yml b/defaults/main.yml
index 7b23d40..2996328 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -6,6 +6,8 @@ kafka_version: 3.8.0
 kafka_scala_version: 2.13
 kafka_java_version: 17
 kafka_install_dependencies: false
+kafka_firewall_add_rules: false
+
 kafka_open_file_limit: 800000
 # if kafka_checksum is defined role will use that value instead getting checksum from kafka downloads page
 # kafka_checksum: >
diff --git a/tasks/main.yml b/tasks/main.yml
index 699538f..a6628d4 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -139,6 +139,22 @@
     create: true
   notify: Restart Kafka
 
+- name: Allow Firewall Controller Traffic
+  ansible.posix.firewalld:
+    port: 9093/tcp
+    permanent: true
+    state: enabled
+    immediate: true
+  when: "kafka_firewall_add_rules and ansible_os_family == 'RedHat' and 'controller' in (hostvars[item]['kafka_node_roles'] | default(kafka_node_roles))"
+
+- name: Allow Firewall Broker Traffic
+  ansible.posix.firewalld:
+    port: 9092/tcp
+    permanent: true
+    state: enabled
+    immediate: true
+  when: "kafka_firewall_add_rules and ansible_os_family == 'RedHat' and 'broker' in (hostvars[item]['kafka_node_roles'] | default(kafka_node_roles))"
+
 - name: Install Kafka service definition
   become: true
   ansible.builtin.template: