diff options
author | Jason DeTiberus <detiber@gmail.com> | 2016-11-22 11:50:12 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-11-22 11:50:12 -0500 |
commit | 2969e4ede4e6337df0f4f48520b4c38b99d4eb1a (patch) | |
tree | dd609ce452071c660b56c26f6693d9239eb39e2c /roles/os_firewall/tasks/firewall/iptables.yml | |
parent | 134c6200d1c24131da456808a7b8b7f59a14f91d (diff) | |
parent | 6c5349d8970d9767cde68eab3a2b58f644453795 (diff) | |
download | openshift-2969e4ede4e6337df0f4f48520b4c38b99d4eb1a.tar.gz openshift-2969e4ede4e6337df0f4f48520b4c38b99d4eb1a.tar.bz2 openshift-2969e4ede4e6337df0f4f48520b4c38b99d4eb1a.tar.xz openshift-2969e4ede4e6337df0f4f48520b4c38b99d4eb1a.zip |
Merge pull request #2817 from mtnbikenc/os_firewall-refactor
Refactor os_firewall role
Diffstat (limited to 'roles/os_firewall/tasks/firewall/iptables.yml')
-rw-r--r-- | roles/os_firewall/tasks/firewall/iptables.yml | 54 |
1 files changed, 9 insertions, 45 deletions
diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml index 366ede8fd..704819d8a 100644 --- a/roles/os_firewall/tasks/firewall/iptables.yml +++ b/roles/os_firewall/tasks/firewall/iptables.yml @@ -1,64 +1,28 @@ --- -- name: Check if firewalld is installed - command: rpm -q firewalld - args: - # Disables the following warning: - # Consider using yum, dnf or zypper module rather than running rpm - warn: no - register: pkg_check - failed_when: pkg_check.rc > 1 - changed_when: no - name: Ensure firewalld service is not enabled - service: + systemd: name: firewalld state: stopped enabled: no - when: pkg_check.rc == 0 - -# TODO: submit PR upstream to add mask/unmask to service module -- name: Mask firewalld service - command: systemctl mask firewalld - register: result - changed_when: "'firewalld' in result.stdout" - when: pkg_check.rc == 0 - ignore_errors: yes + masked: yes + register: task_result + failed_when: "task_result|failed and 'Could not find' not in task_result.msg" - name: Install iptables packages package: name={{ item }} state=present with_items: - - iptables - - iptables-services - register: install_result + - iptables + - iptables-services when: not openshift.common.is_atomic | bool -- name: Reload systemd units - command: systemctl daemon-reload - when: install_result | changed - -- name: Determine if iptables service masked - command: > - systemctl is-enabled {{ item }} - with_items: - - iptables - - ip6tables - register: os_firewall_iptables_masked_output - changed_when: false - failed_when: false - -- name: Unmask iptables service - command: > - systemctl unmask {{ item }} - with_items: - - iptables - - ip6tables - when: "'masked' in os_firewall_iptables_masked_output.results | map(attribute='stdout')" - - name: Start and enable iptables service - service: + systemd: name: iptables state: started enabled: yes + masked: no + daemon_reload: yes register: result - name: need to pause here, otherwise the iptables service starting can sometimes cause ssh to fail |