summaryrefslogtreecommitdiffstats
path: root/roles/os_firewall/tasks/firewalld.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/os_firewall/tasks/firewalld.yml')
-rw-r--r--roles/os_firewall/tasks/firewalld.yml17
1 files changed, 11 insertions, 6 deletions
diff --git a/roles/os_firewall/tasks/firewalld.yml b/roles/os_firewall/tasks/firewalld.yml
index 1e27ebaf9..fa933da51 100644
--- a/roles/os_firewall/tasks/firewalld.yml
+++ b/roles/os_firewall/tasks/firewalld.yml
@@ -2,14 +2,17 @@
- name: Fail - Firewalld is not supported on Atomic Host
fail:
msg: "Firewalld is not supported on Atomic Host"
- when: r_os_firewall_is_atomic | bool
+ when:
+ - r_os_firewall_is_atomic | bool
+ - not openshift_enable_unsupported_configurations | default(false)
- name: Install firewalld packages
package:
name: firewalld
state: present
register: result
- until: result | success
+ until: result is succeeded
+ when: not r_os_firewall_is_atomic | bool
- name: Ensure iptables services are not enabled
systemd:
@@ -21,12 +24,14 @@
- iptables
- ip6tables
register: task_result
- failed_when: task_result|failed and 'could not' not in task_result.msg|lower
+ failed_when:
+ - task_result is failed
+ - ('could not' not in task_result.msg|lower)
- name: Wait 10 seconds after disabling iptables
pause:
seconds: 10
- when: task_result | changed
+ when: task_result is changed
- name: Start and enable firewalld service
systemd:
@@ -40,13 +45,13 @@
- name: need to pause here, otherwise the firewalld service starting can sometimes cause ssh to fail
pause:
seconds: 10
- when: result | changed
+ when: result is changed
- name: Restart polkitd
systemd:
name: polkit
state: restarted
- when: result | changed
+ when: result is changed
# Fix suspected race between firewalld and polkit BZ1436964
- name: Wait for polkit action to have been created