From 5a15f65db3dfb245919bdd534e93bd711db2eb60 Mon Sep 17 00:00:00 2001
From: "Suren A. Chilingaryan" <csa@suren.me>
Date: Sat, 24 Mar 2018 03:05:47 +0100
Subject: Minor tunning

---
 roles/ands_network/tasks/firewall.yml         | 12 +++++++++---
 roles/ands_network/tasks/firewall_service.yml |  2 +-
 2 files changed, 10 insertions(+), 4 deletions(-)

(limited to 'roles/ands_network/tasks')

diff --git a/roles/ands_network/tasks/firewall.yml b/roles/ands_network/tasks/firewall.yml
index d5ba5f3..280a172 100644
--- a/roles/ands_network/tasks/firewall.yml
+++ b/roles/ands_network/tasks/firewall.yml
@@ -12,15 +12,21 @@
 
 - name: Configure missing firewalld services
   include_tasks: firewall_service.yml
-  with_items: "{{ firewall_services }}"
+  with_items: "{{ lookup('pipe', filesearch).split('\n') }}"
   vars:
+    filesearch: "find {{ role_path }}/files/firewalld -name *.xml -mindepth 1 -maxdepth 1"
+    service:  "{{ item | basename | regex_replace('\\.xml','') }}"
     servicelist: "{{ services.stdout_lines }}"
-  loop_control:
-    loop_var: service
 
 - name: Reload firewalld rules
   shell: firewall-cmd --reload
 
+- name: Enable requested services
+  firewalld: service="{{ item }}" state="enabled" permanent="true" immediate="true"
+  when: ands_hostnet_db | default(false)
+  with_items: "{{ firewall_enabled_services }}"
+ 
+
 - name: Enable MySQL and Galera services if ands_hostnet_db is enabled
   firewalld: service="{{ item }}" state="enabled" permanent="true" immediate="true"
   when: ands_hostnet_db | default(false)
diff --git a/roles/ands_network/tasks/firewall_service.yml b/roles/ands_network/tasks/firewall_service.yml
index 98bc866..d3c6e9b 100644
--- a/roles/ands_network/tasks/firewall_service.yml
+++ b/roles/ands_network/tasks/firewall_service.yml
@@ -1,5 +1,5 @@
 - name: "Copy firewalld service '{{ service }}'"
-  copy: src="{{ service }}.xml" dest="{{ firewall_template_path }}/{{ service }}.xml" owner=root group=root mode="0644"
+  copy: src="firewalld/{{ service }}.xml" dest="{{ firewall_template_path }}/{{ service }}.xml" owner=root group=root mode="0644"
   register: result
 
 - name: "Delete old version of firewalld service '{{ service }}'"
-- 
cgit v1.2.3