i was searching for a while now but ican only seem to find answers how to manage a firewall with ansible, but not how to set a firewall to allow an ansible server with blocked internet access to connect to galaxy to download modules.
So, here ist the question: in my organisation i have to make a formal change request to the firewall team that includes address and ports to open.
I have to put them into the form and then they will allow thos one server to access these ports on the given address.
what is address and ports i have to fill in for my internal server to reach ansible galaxy?
Hi, simply just ask to open this FQDN
galaxy.ansible.com on port 443
thank you, i will do that
Here are some IPs for that hostname, but we logged 188.8.131.52 (in AWS) and 169.254.169.254 (metadata) as well. Our policy is based on FQDNs, where is the documentation?
DNS says galaxy.ansible.com has address 184.108.40.206, 220.127.116.11, 18.104.22.168, 2606:4700:20::681a:1ea, 2606:4700:20::ac43:44fb, 2606:4700:20::681a:ea
galaxy.ansible.com:443 utilizes Cloudflare which lists their range of IP’s here: IP Ranges
Collections are stored and downloaded from AWS S3 via ansible-galaxy-ng.s3.dualstack.us-east-1.amazonaws.com:443. Amazon lists their range of IP’s here: https://ip-ranges.amazonaws.com/ip-ranges.json
Enabling these FQDN in your proxy is sufficient to download collections:
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.