Check and unmask iptables/firewalld.

author: Andrew Butcher <abutcher@redhat.com> 2016-05-02 14:57:15 -0400
committer: Andrew Butcher <abutcher@redhat.com> 2016-05-02 14:58:00 -0400
commit: 404cf230da83f91a5dd9df1f289da2c6c1b7fee7 (patch)
tree: d7a7b30df1f40534f583e1c119f971b3765e6a2e /roles/os_firewall/tasks/firewall/firewalld.yml
parent: 507a69ed1d1bb3f19ed49d21685840fbd95d1465 (diff)
download: openshift-404cf230da83f91a5dd9df1f289da2c6c1b7fee7.tar.gz
openshift-404cf230da83f91a5dd9df1f289da2c6c1b7fee7.tar.bz2
openshift-404cf230da83f91a5dd9df1f289da2c6c1b7fee7.tar.xz
openshift-404cf230da83f91a5dd9df1f289da2c6c1b7fee7.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/roles/os_firewall/tasks/firewall/firewalld.yml b/roles/os_firewall/tasks/firewall/firewalld.yml
index 241fa8823..5ddca1fc0 100644
--- a/roles/os_firewall/tasks/firewall/firewalld.yml
+++ b/roles/os_firewall/tasks/firewall/firewalld.yml
@@ -24,6 +24,18 @@
   command: systemctl daemon-reload
   when: install_result | changed
 
+- name: Determine if firewalld service masked
+  command: >
+    systemctl is-enabled firewalld
+  register: os_firewall_firewalld_masked_output
+  changed_when: false
+  failed_when: false
+
+- name: Unmask firewalld service
+  command: >
+    systemctl unmask firewalld
+  when: os_firewall_firewalld_masked_output.stdout == "masked"
+
 - name: Start and enable firewalld service
   service:
     name: firewalld
author	Andrew Butcher <abutcher@redhat.com>	2016-05-02 14:57:15 -0400
committer	Andrew Butcher <abutcher@redhat.com>	2016-05-02 14:58:00 -0400
commit	404cf230da83f91a5dd9df1f289da2c6c1b7fee7 (patch)
tree	d7a7b30df1f40534f583e1c119f971b3765e6a2e /roles/os_firewall/tasks/firewall/firewalld.yml
parent	507a69ed1d1bb3f19ed49d21685840fbd95d1465 (diff)
download	openshift-404cf230da83f91a5dd9df1f289da2c6c1b7fee7.tar.gz openshift-404cf230da83f91a5dd9df1f289da2c6c1b7fee7.tar.bz2 openshift-404cf230da83f91a5dd9df1f289da2c6c1b7fee7.tar.xz openshift-404cf230da83f91a5dd9df1f289da2c6c1b7fee7.zip