What is the address and port i have to allow in the firewall for an ansible server to connect to ansible galaxy?

goorooj · December 15, 2023, 7:42am

Hello Forum,

i was searching for a while now but ican only seem to find answers how to manage a firewall with ansible, but not how to set a firewall to allow an ansible server with blocked internet access to connect to galaxy to download modules.

So, here ist the question: in my organisation i have to make a formal change request to the firewall team that includes address and ports to open.
I have to put them into the form and then they will allow thos one server to access these ports on the given address.

what is address and ports i have to fill in for my internal server to reach ansible galaxy?

motorbass · December 15, 2023, 9:00am

Hi, simply just ask to open this FQDN galaxy.ansible.com on port 443

goorooj · December 15, 2023, 9:05am

thank you, i will do that

bbaassssiiee · January 5, 2024, 2:19pm

Here are some IPs for that hostname, but we logged 52.216.44.234 (in AWS) and 169.254.169.254 (metadata) as well. Our policy is based on FQDNs, where is the documentation?

DNS says galaxy.ansible.com has address 104.26.1.234, 104.26.0.234, 172.67.68.251, 2606:4700:20::681a:1ea, 2606:4700:20::ac43:44fb, 2606:4700:20::681a:ea

drodowic · January 5, 2024, 2:49pm

galaxy.ansible.com:443 utilizes Cloudflare which lists their range of IP’s here: IP Ranges

Collections are stored and downloaded from AWS S3 via ansible-galaxy-ng.s3.dualstack.us-east-1.amazonaws.com:443. Amazon lists their range of IP’s here: https://ip-ranges.amazonaws.com/ip-ranges.json

bbaassssiiee · January 8, 2024, 8:44am

Enabling these FQDN in your proxy is sufficient to download collections:

galaxy.ansible.com
ansible-galaxy-ng.s3.dualstack.us-east-1.amazonaws.com

system · February 7, 2024, 8:44am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.