diff options
author | Russell Teague <rteague@redhat.com> | 2017-08-14 15:25:28 -0400 |
---|---|---|
committer | Russell Teague <rteague@redhat.com> | 2017-08-15 10:12:07 -0400 |
commit | ece3cf9aa66e0974e7f30ffb5798b23c64fd04cc (patch) | |
tree | 2420111a6d0282743240203c68ba702ee54fdfc9 /roles/os_firewall/tasks/firewall | |
parent | 2dd904feeec57bcb46281a7066b26c140fadfef8 (diff) | |
download | openshift-ece3cf9aa66e0974e7f30ffb5798b23c64fd04cc.tar.gz openshift-ece3cf9aa66e0974e7f30ffb5798b23c64fd04cc.tar.bz2 openshift-ece3cf9aa66e0974e7f30ffb5798b23c64fd04cc.tar.xz openshift-ece3cf9aa66e0974e7f30ffb5798b23c64fd04cc.zip |
Additional os_firewall role refactoring
* Remove openshift_facts dependency
* Move firewall initialization from std_include.yml to
openshift_cluster/config.yml
Installing firewall packages is only necessary during OpenShift
installation.
Diffstat (limited to 'roles/os_firewall/tasks/firewall')
-rw-r--r-- | roles/os_firewall/tasks/firewall/firewalld.yml | 51 | ||||
-rw-r--r-- | roles/os_firewall/tasks/firewall/iptables.yml | 38 |
2 files changed, 0 insertions, 89 deletions
diff --git a/roles/os_firewall/tasks/firewall/firewalld.yml b/roles/os_firewall/tasks/firewall/firewalld.yml deleted file mode 100644 index 2cc7af478..000000000 --- a/roles/os_firewall/tasks/firewall/firewalld.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -- name: Install firewalld packages - package: - name: firewalld - state: present - -- name: Ensure iptables services are not enabled - systemd: - name: "{{ item }}" - state: stopped - enabled: no - masked: yes - with_items: - - iptables - - ip6tables - register: task_result - failed_when: task_result|failed and 'could not' not in task_result.msg|lower - -- name: Wait 10 seconds after disabling iptables - pause: - seconds: 10 - when: task_result | changed - -- name: Start and enable firewalld service - systemd: - name: firewalld - state: started - enabled: yes - masked: no - daemon_reload: yes - register: result - -- name: need to pause here, otherwise the firewalld service starting can sometimes cause ssh to fail - pause: seconds=10 - when: result | changed - -- name: Restart polkitd - systemd: - name: polkit - state: restarted - when: result | changed - -# Fix suspected race between firewalld and polkit BZ1436964 -- name: Wait for polkit action to have been created - command: pkaction --action-id=org.fedoraproject.FirewallD1.config.info - ignore_errors: true - register: pkaction - changed_when: false - until: pkaction.rc == 0 - retries: 6 - delay: 10 diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml deleted file mode 100644 index 7e1fa2c02..000000000 --- a/roles/os_firewall/tasks/firewall/iptables.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- - -- name: Ensure firewalld service is not enabled - systemd: - name: firewalld - state: stopped - enabled: no - masked: yes - register: task_result - failed_when: task_result|failed and 'could not' not in task_result.msg|lower - -- name: Wait 10 seconds after disabling firewalld - pause: - seconds: 10 - when: task_result | changed - -- name: Install iptables packages - package: name={{ item }} state=present - with_items: - - iptables - - iptables-services - when: not openshift.common.is_atomic | bool - -- name: Start and enable iptables service - systemd: - name: iptables - state: started - enabled: yes - masked: no - daemon_reload: yes - register: result - delegate_to: "{{item}}" - run_once: true - with_items: "{{ ansible_play_hosts }}" - -- name: need to pause here, otherwise the iptables service starting can sometimes cause ssh to fail - pause: seconds=10 - when: result | changed |