From 328b050ccb5affd5d5507a989be2bb5dc2063b1f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Th=C3=A9o?= <theo@le-filament.com>
Date: Mon, 26 Sep 2022 16:55:02 +0200
Subject: [PATCH] fix error when groups are missing

---
 templates/iptables.conf.j2 | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/templates/iptables.conf.j2 b/templates/iptables.conf.j2
index 06c2f75..086270f 100644
--- a/templates/iptables.conf.j2
+++ b/templates/iptables.conf.j2
@@ -3,11 +3,11 @@
 :INPUT DROP [0:0]
 :FORWARD DROP [0:0]
 :OUTPUT DROP [0:0]
-{% if inventory_hostname in groups.docker_elk %}
+{% if 'docker_elk' in groups and inventory_hostname in groups.docker_elk %}
 :DOCKER-USER - [0:0]
 {% endif %}
 :LOGGING - [0:0]
-{% if inventory_hostname in groups.docker_elk %}
+{% if 'docker_elk' in groups and inventory_hostname in groups.docker_elk %}
 ## DOCKER-USER chain
 # Autoriser les logs entrants des serveurs en maintenance
 {% for host in groups.full_maintenance %}
@@ -37,7 +37,7 @@
 -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
 {% endif %}
-{% if inventory_hostname in groups.docker_nagios %}
+{% if 'docker_gitlab' in groups and inventory_hostname in groups.docker_nagios %}
 -A INPUT -s 192.168.239.0/24 -p tcp -m tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
 {% endif %}
 # NRPE
@@ -72,7 +72,7 @@
 -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT
 {% endif %}
 -A OUTPUT -p tcp -m tcp --dport {{ default_sshd_port }} -j ACCEPT
-{% for host in groups.gitlab | union(groups.docker_gitlab) %}
+{% for host in groups.gitlab | union(groups.docker_gitlab | default([])) %}
 -A OUTPUT -d {{ hostvars[host].ansible_host }} -p tcp -m tcp --dport 22 -j ACCEPT
 -A OUTPUT -d {{ hostvars[host].ansible_host }} -p tcp -m tcp --dport 5050 -j ACCEPT
 {% endfor %}
@@ -100,7 +100,7 @@
 -A OUTPUT -p udp -m udp --dport 11371 -j ACCEPT
 {% if inventory_hostname in groups.full_maintenance %}
 # Log Server
-{% for host in groups.docker_elk %}
+{% for host in groups.docker_elk | default([]) %}
 -A OUTPUT -d {{ hostvars[host].ansible_host }} -p tcp -m tcp --dport {{ logstash_port }} -j ACCEPT
 {% endfor %}
 -A OUTPUT -d {{ logstash_public_ip }} -p tcp -m tcp --dport {{ logstash_port }} -j ACCEPT
-- 
GitLab