From e2c7b1305ca8495065dcf40fd2092d7c698dd6ea Mon Sep 17 00:00:00 2001
From: "Suren A. Chilingaryan" <csa@suren.me>
Date: Tue, 20 Mar 2018 15:47:51 +0100
Subject: Local volumes and StatefulSet to provision Master/Slave MySQL and
 Galera cluster

---
 roles/ands_network/tasks/firewall.yml | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 roles/ands_network/tasks/firewall.yml

(limited to 'roles/ands_network/tasks/firewall.yml')

diff --git a/roles/ands_network/tasks/firewall.yml b/roles/ands_network/tasks/firewall.yml
new file mode 100644
index 0000000..d5ba5f3
--- /dev/null
+++ b/roles/ands_network/tasks/firewall.yml
@@ -0,0 +1,32 @@
+- name: Ensure firewall template directory exists
+  file: path="{{ firewall_template_path }}" state="directory" mode=0644 owner=root group=root
+
+#Just in case we already added but not reloaded yet
+#- name: Reload firewalld rules
+#  shell: firewall-cmd --reload
+
+- name: Get list of existing firewalld services
+  shell: "firewall-cmd --get-services | tr ' ' '\n'"
+  changed_when: false
+  register: services
+
+- name: Configure missing firewalld services
+  include_tasks: firewall_service.yml
+  with_items: "{{ firewall_services }}"
+  vars:
+    servicelist: "{{ services.stdout_lines }}"
+  loop_control:
+    loop_var: service
+
+- name: Reload firewalld rules
+  shell: firewall-cmd --reload
+
+- name: Enable MySQL and Galera services if ands_hostnet_db is enabled
+  firewalld: service="{{ item }}" state="enabled" permanent="true" immediate="true"
+  when: ands_hostnet_db | default(false)
+  with_items:
+    - mysql
+    - galera
+
+- name: Reload firewalld rules
+  shell: firewall-cmd --reload
-- 
cgit v1.2.3