Additional os_firewall role refactoring

* Remove openshift_facts dependency
* Move firewall initialization from std_include.yml to
openshift_cluster/config.yml

Installing firewall packages is only necessary during OpenShift
installation.

1 files changed, 16 insertions, 9 deletions

diff --git a/roles/os_firewall/tasks/main.yml b/roles/os_firewall/tasks/main.yml
index 20efe5b0d..c477d386c 100644
--- a/roles/os_firewall/tasks/main.yml
+++ b/roles/os_firewall/tasks/main.yml
@@ -1,12 +1,19 @@
 ---
-- name: Assert - Do not use firewalld on Atomic Host
-  assert:
-    that: not os_firewall_use_firewalld | bool
-    msg: "Firewalld is not supported on Atomic Host"
-  when: openshift.common.is_atomic | bool
+- name: Detecting Atomic Host Operating System
+  stat:
+    path: /run/ostree-booted
+  register: r_os_firewall_ostree_booted
 
-- include: firewall/firewalld.yml
-  when: os_firewall_enabled | bool and os_firewall_use_firewalld | bool
+- name: Set fact r_os_firewall_is_atomic
+  set_fact:
+    r_os_firewall_is_atomic: "{{ r_os_firewall_ostree_booted.stat.exists }}"
 
-- include: firewall/iptables.yml
-  when: os_firewall_enabled | bool and not os_firewall_use_firewalld | bool
+- include: firewalld.yml
+  when:
+  - os_firewall_enabled | bool
+  - os_firewall_use_firewalld | bool
+
+- include: iptables.yml
+  when:
+  - os_firewall_enabled | bool
+  - not os_firewall_use_firewalld | bool