diff options
author | Russell Teague <rteague@redhat.com> | 2016-11-16 14:15:52 -0500 |
---|---|---|
committer | Russell Teague <rteague@redhat.com> | 2016-11-21 09:25:50 -0500 |
commit | 6c5349d8970d9767cde68eab3a2b58f644453795 (patch) | |
tree | 90afab24b9e71513b0724156ab609d56d80e7538 /roles/os_firewall/tasks/firewall/iptables.yml | |
parent | f5d74f47e0c22c24ca9f34f9a979c730d8e6ffd3 (diff) | |
download | openshift-6c5349d8970d9767cde68eab3a2b58f644453795.tar.gz openshift-6c5349d8970d9767cde68eab3a2b58f644453795.tar.bz2 openshift-6c5349d8970d9767cde68eab3a2b58f644453795.tar.xz openshift-6c5349d8970d9767cde68eab3a2b58f644453795.zip |
Refactor os_firewall role
* Remove unneeded tasks duplicated by new module functionality
* Ansible systemd module has 'masked' and 'daemon_reload' options
* Ansible firewalld module has 'immediate' option
Diffstat (limited to 'roles/os_firewall/tasks/firewall/iptables.yml')
-rw-r--r-- | roles/os_firewall/tasks/firewall/iptables.yml | 54 |
1 files changed, 9 insertions, 45 deletions
diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml index 470d4f4f9..4c587495e 100644 --- a/roles/os_firewall/tasks/firewall/iptables.yml +++ b/roles/os_firewall/tasks/firewall/iptables.yml @@ -1,64 +1,28 @@ --- -- name: Check if firewalld is installed - command: rpm -q firewalld - args: - # Disables the following warning: - # Consider using yum, dnf or zypper module rather than running rpm - warn: no - register: pkg_check - failed_when: pkg_check.rc > 1 - changed_when: no - name: Ensure firewalld service is not enabled - service: + systemd: name: firewalld state: stopped enabled: no - when: pkg_check.rc == 0 - -# TODO: submit PR upstream to add mask/unmask to service module -- name: Mask firewalld service - command: systemctl mask firewalld - register: result - changed_when: "'firewalld' in result.stdout" - when: pkg_check.rc == 0 - ignore_errors: yes + masked: yes + register: task_result + failed_when: "task_result|failed and 'Could not find' not in task_result.msg" - name: Install iptables packages action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" with_items: - - iptables - - iptables-services - register: install_result + - iptables + - iptables-services when: not openshift.common.is_atomic | bool -- name: Reload systemd units - command: systemctl daemon-reload - when: install_result | changed - -- name: Determine if iptables service masked - command: > - systemctl is-enabled {{ item }} - with_items: - - iptables - - ip6tables - register: os_firewall_iptables_masked_output - changed_when: false - failed_when: false - -- name: Unmask iptables service - command: > - systemctl unmask {{ item }} - with_items: - - iptables - - ip6tables - when: "'masked' in os_firewall_iptables_masked_output.results | map(attribute='stdout')" - - name: Start and enable iptables service - service: + systemd: name: iptables state: started enabled: yes + masked: no + daemon_reload: yes register: result - name: need to pause here, otherwise the iptables service starting can sometimes cause ssh to fail |