summaryrefslogtreecommitdiffstats
path: root/roles/os_firewall
diff options
context:
space:
mode:
authorRussell Teague <rteague@redhat.com>2017-08-14 15:25:28 -0400
committerRussell Teague <rteague@redhat.com>2017-08-15 10:12:07 -0400
commitece3cf9aa66e0974e7f30ffb5798b23c64fd04cc (patch)
tree2420111a6d0282743240203c68ba702ee54fdfc9 /roles/os_firewall
parent2dd904feeec57bcb46281a7066b26c140fadfef8 (diff)
downloadopenshift-ece3cf9aa66e0974e7f30ffb5798b23c64fd04cc.tar.gz
openshift-ece3cf9aa66e0974e7f30ffb5798b23c64fd04cc.tar.bz2
openshift-ece3cf9aa66e0974e7f30ffb5798b23c64fd04cc.tar.xz
openshift-ece3cf9aa66e0974e7f30ffb5798b23c64fd04cc.zip
Additional os_firewall role refactoring
* Remove openshift_facts dependency * Move firewall initialization from std_include.yml to openshift_cluster/config.yml Installing firewall packages is only necessary during OpenShift installation.
Diffstat (limited to 'roles/os_firewall')
-rw-r--r--roles/os_firewall/meta/main.yml16
-rw-r--r--roles/os_firewall/tasks/firewalld.yml (renamed from roles/os_firewall/tasks/firewall/firewalld.yml)8
-rw-r--r--roles/os_firewall/tasks/iptables.yml (renamed from roles/os_firewall/tasks/firewall/iptables.yml)9
-rw-r--r--roles/os_firewall/tasks/main.yml25
4 files changed, 29 insertions, 29 deletions
diff --git a/roles/os_firewall/meta/main.yml b/roles/os_firewall/meta/main.yml
deleted file mode 100644
index dca5fc5ff..000000000
--- a/roles/os_firewall/meta/main.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-galaxy_info:
- author: Jason DeTiberus
- description: os_firewall
- company: Red Hat, Inc.
- license: Apache License, Version 2.0
- min_ansible_version: 2.2
- platforms:
- - name: EL
- versions:
- - 7
- categories:
- - system
-allow_duplicates: yes
-dependencies:
- - role: openshift_facts
diff --git a/roles/os_firewall/tasks/firewall/firewalld.yml b/roles/os_firewall/tasks/firewalld.yml
index 2cc7af478..54430f402 100644
--- a/roles/os_firewall/tasks/firewall/firewalld.yml
+++ b/roles/os_firewall/tasks/firewalld.yml
@@ -1,4 +1,9 @@
---
+- name: Fail - Firewalld is not supported on Atomic Host
+ fail:
+ msg: "Firewalld is not supported on Atomic Host"
+ when: r_os_firewall_is_atomic | bool
+
- name: Install firewalld packages
package:
name: firewalld
@@ -31,7 +36,8 @@
register: result
- name: need to pause here, otherwise the firewalld service starting can sometimes cause ssh to fail
- pause: seconds=10
+ pause:
+ seconds: 10
when: result | changed
- name: Restart polkitd
diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/iptables.yml
index 7e1fa2c02..0af5abf38 100644
--- a/roles/os_firewall/tasks/firewall/iptables.yml
+++ b/roles/os_firewall/tasks/iptables.yml
@@ -15,11 +15,13 @@
when: task_result | changed
- name: Install iptables packages
- package: name={{ item }} state=present
+ package:
+ name: "{{ item }}"
+ state: present
with_items:
- iptables
- iptables-services
- when: not openshift.common.is_atomic | bool
+ when: not r_os_firewall_is_atomic | bool
- name: Start and enable iptables service
systemd:
@@ -34,5 +36,6 @@
with_items: "{{ ansible_play_hosts }}"
- name: need to pause here, otherwise the iptables service starting can sometimes cause ssh to fail
- pause: seconds=10
+ pause:
+ seconds: 10
when: result | changed
diff --git a/roles/os_firewall/tasks/main.yml b/roles/os_firewall/tasks/main.yml
index 20efe5b0d..c477d386c 100644
--- a/roles/os_firewall/tasks/main.yml
+++ b/roles/os_firewall/tasks/main.yml
@@ -1,12 +1,19 @@
---
-- name: Assert - Do not use firewalld on Atomic Host
- assert:
- that: not os_firewall_use_firewalld | bool
- msg: "Firewalld is not supported on Atomic Host"
- when: openshift.common.is_atomic | bool
+- name: Detecting Atomic Host Operating System
+ stat:
+ path: /run/ostree-booted
+ register: r_os_firewall_ostree_booted
-- include: firewall/firewalld.yml
- when: os_firewall_enabled | bool and os_firewall_use_firewalld | bool
+- name: Set fact r_os_firewall_is_atomic
+ set_fact:
+ r_os_firewall_is_atomic: "{{ r_os_firewall_ostree_booted.stat.exists }}"
-- include: firewall/iptables.yml
- when: os_firewall_enabled | bool and not os_firewall_use_firewalld | bool
+- include: firewalld.yml
+ when:
+ - os_firewall_enabled | bool
+ - os_firewall_use_firewalld | bool
+
+- include: iptables.yml
+ when:
+ - os_firewall_enabled | bool
+ - not os_firewall_use_firewalld | bool
generated by cgit v1.2.1 (git 2.18.0) at 2024-04-20 05:38:23 +0000