- name: Ensure firewall template directory exists
  file: path="{{ firewall_template_path }}" state="directory" mode=0644 owner=root group=root

#Just in case we already added but not reloaded yet
#- name: Reload firewalld rules
#  shell: firewall-cmd --reload

- name: Get list of existing firewalld services
  shell: "firewall-cmd --get-services | tr ' ' '\n'"
  changed_when: false
  register: services

- name: Configure missing firewalld services
  include_tasks: firewall_service.yml
  with_items: "{{ lookup('pipe', filesearch).split('\n') }}"
  vars:
    filesearch: "find {{ role_path }}/files/firewalld -name *.xml -mindepth 1 -maxdepth 1"
    service:  "{{ item | basename | regex_replace('\\.xml','') }}"
    servicelist: "{{ services.stdout_lines }}"

- name: Reload firewalld rules
  shell: firewall-cmd --reload

- name: Enable requested services
  firewalld: service="{{ item }}" state="enabled" permanent="true" immediate="true"
  when: ands_hostnet_db | default(false)
  with_items: "{{ firewall_enabled_services }}"
 

- name: Enable MySQL and Galera services if ands_hostnet_db is enabled
  firewalld: service="{{ item }}" state="enabled" permanent="true" immediate="true"
  when: ands_hostnet_db | default(false)
  with_items:
    - mysql
    - galera

- name: Reload firewalld rules
  shell: firewall-cmd --reload