Add verify_chain action to os_firewall_manage_iptables module

- Add verify_chain action to os_firewall_manage_iptables module
- Update os_firewall module to use os_firewall_manage_iptables for creating
  the DOCKER chain.

1 files changed, 7 insertions, 13 deletions

diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml
index 3d46d6e2d..72a3401cf 100644
--- a/roles/os_firewall/tasks/firewall/iptables.yml
+++ b/roles/os_firewall/tasks/firewall/iptables.yml
@@ -41,19 +41,13 @@
   changed_when: "'firewalld' in result.stdout"
   when: pkg_check.rc == 0
 
-- name: Check for DOCKER chain
-  shell: iptables -L |grep '^Chain DOCKER'
-  ignore_errors: yes
-  register: check_for_chain
-
-- name: Create DOCKER chain
-  command: iptables -N DOCKER
-  register: create_chain
-  when: check_for_chain.rc != 0
-
-- name: Persist DOCKER chain
-  command: service iptables save
-  when: create_chain.rc == 0
+# Workaround for Docker 1.4 to create DOCKER chain
+- name: Add DOCKER chain
+  os_firewall_manage_iptables:
+    name: "DOCKER chain"
+    action: verify_chain
+    create_jump_rule: no
+# End of Docker 1.4 workaround
 
 - name: Add iptables allow rules
   os_firewall_manage_iptables: