diff options
author | Brenton Leanhardt <bleanhar@redhat.com> | 2016-02-09 16:57:06 -0500 |
---|---|---|
committer | Brenton Leanhardt <bleanhar@redhat.com> | 2016-02-09 16:57:06 -0500 |
commit | b0d1a9f87b6587f6b42e8e0a44c53d192bcd1c4e (patch) | |
tree | 7a68fa77a1771b1d648e3f2f1606292a94561146 /roles | |
parent | 346dc20c9f6ed4476a91680156ffac3c52d86970 (diff) | |
parent | 7a8be59957169149d1b0daf6c11c4609095ac416 (diff) | |
download | openshift-b0d1a9f87b6587f6b42e8e0a44c53d192bcd1c4e.tar.gz openshift-b0d1a9f87b6587f6b42e8e0a44c53d192bcd1c4e.tar.bz2 openshift-b0d1a9f87b6587f6b42e8e0a44c53d192bcd1c4e.tar.xz openshift-b0d1a9f87b6587f6b42e8e0a44c53d192bcd1c4e.zip |
Merge pull request #1347 from detiber/fixFirewall
Fix enabling iptables for latest rhel versions
Diffstat (limited to 'roles')
-rw-r--r-- | roles/os_firewall/tasks/firewall/iptables.yml | 32 |
1 files changed, 16 insertions, 16 deletions
diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml index 5cf4bf7af..3b584f8eb 100644 --- a/roles/os_firewall/tasks/firewall/iptables.yml +++ b/roles/os_firewall/tasks/firewall/iptables.yml @@ -1,12 +1,4 @@ --- -- name: Install iptables packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: - - iptables - - iptables-services - register: install_result - when: not openshift.common.is_atomic | bool - - name: Check if firewalld is installed command: rpm -q firewalld register: pkg_check @@ -20,6 +12,22 @@ enabled: no when: pkg_check.rc == 0 +# TODO: submit PR upstream to add mask/unmask to service module +- name: Mask firewalld service + command: systemctl mask firewalld + register: result + changed_when: "'firewalld' in result.stdout" + when: pkg_check.rc == 0 + ignore_errors: yes + +- name: Install iptables packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: + - iptables + - iptables-services + register: install_result + when: not openshift.common.is_atomic | bool + - name: Reload systemd units command: systemctl daemon-reload when: install_result | changed @@ -35,14 +43,6 @@ pause: seconds=10 when: result | changed -# TODO: submit PR upstream to add mask/unmask to service module -- name: Mask firewalld service - command: systemctl mask firewalld - register: result - changed_when: "'firewalld' in result.stdout" - when: pkg_check.rc == 0 - ignore_errors: yes - - name: Add iptables allow rules os_firewall_manage_iptables: name: "{{ item.service }}" |