diff options
Diffstat (limited to 'roles/os_firewall/tasks/firewall')
-rw-r--r-- | roles/os_firewall/tasks/firewall/firewalld.yml | 5 | ||||
-rw-r--r-- | roles/os_firewall/tasks/firewall/iptables.yml | 33 |
2 files changed, 18 insertions, 20 deletions
diff --git a/roles/os_firewall/tasks/firewall/firewalld.yml b/roles/os_firewall/tasks/firewall/firewalld.yml index 5089eb3e0..ac4600f83 100644 --- a/roles/os_firewall/tasks/firewall/firewalld.yml +++ b/roles/os_firewall/tasks/firewall/firewalld.yml @@ -1,8 +1,7 @@ --- - name: Install firewalld packages - yum: - name: firewalld - state: present + action: "{{ ansible_pkg_mgr }} name=firewalld state=present" + when: not openshift.common.is_containerized | bool register: install_result - name: Check if iptables-services is installed diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml index 9af9d8d29..3b584f8eb 100644 --- a/roles/os_firewall/tasks/firewall/iptables.yml +++ b/roles/os_firewall/tasks/firewall/iptables.yml @@ -1,13 +1,4 @@ --- -- name: Install iptables packages - yum: - name: "{{ item }}" - state: present - with_items: - - iptables - - iptables-services - register: install_result - - name: Check if firewalld is installed command: rpm -q firewalld register: pkg_check @@ -21,6 +12,22 @@ enabled: no when: pkg_check.rc == 0 +# TODO: submit PR upstream to add mask/unmask to service module +- name: Mask firewalld service + command: systemctl mask firewalld + register: result + changed_when: "'firewalld' in result.stdout" + when: pkg_check.rc == 0 + ignore_errors: yes + +- name: Install iptables packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: + - iptables + - iptables-services + register: install_result + when: not openshift.common.is_atomic | bool + - name: Reload systemd units command: systemctl daemon-reload when: install_result | changed @@ -36,14 +43,6 @@ pause: seconds=10 when: result | changed -# TODO: submit PR upstream to add mask/unmask to service module -- name: Mask firewalld service - command: systemctl mask firewalld - register: result - changed_when: "'firewalld' in result.stdout" - when: pkg_check.rc == 0 - ignore_errors: yes - - name: Add iptables allow rules os_firewall_manage_iptables: name: "{{ item.service }}" |