summaryrefslogtreecommitdiffstats
path: root/roles/os_firewall/tasks
diff options
context:
space:
mode:
authorBrenton Leanhardt <bleanhar@redhat.com>2016-02-09 16:57:06 -0500
committerBrenton Leanhardt <bleanhar@redhat.com>2016-02-09 16:57:06 -0500
commitb0d1a9f87b6587f6b42e8e0a44c53d192bcd1c4e (patch)
tree7a68fa77a1771b1d648e3f2f1606292a94561146 /roles/os_firewall/tasks
parent346dc20c9f6ed4476a91680156ffac3c52d86970 (diff)
parent7a8be59957169149d1b0daf6c11c4609095ac416 (diff)
downloadopenshift-b0d1a9f87b6587f6b42e8e0a44c53d192bcd1c4e.tar.gz
openshift-b0d1a9f87b6587f6b42e8e0a44c53d192bcd1c4e.tar.bz2
openshift-b0d1a9f87b6587f6b42e8e0a44c53d192bcd1c4e.tar.xz
openshift-b0d1a9f87b6587f6b42e8e0a44c53d192bcd1c4e.zip
Merge pull request #1347 from detiber/fixFirewall
Fix enabling iptables for latest rhel versions
Diffstat (limited to 'roles/os_firewall/tasks')
-rw-r--r--roles/os_firewall/tasks/firewall/iptables.yml32
1 files changed, 16 insertions, 16 deletions
diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml
index 5cf4bf7af..3b584f8eb 100644
--- a/roles/os_firewall/tasks/firewall/iptables.yml
+++ b/roles/os_firewall/tasks/firewall/iptables.yml
@@ -1,12 +1,4 @@
---
-- name: Install iptables packages
- action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
- with_items:
- - iptables
- - iptables-services
- register: install_result
- when: not openshift.common.is_atomic | bool
-
- name: Check if firewalld is installed
command: rpm -q firewalld
register: pkg_check
@@ -20,6 +12,22 @@
enabled: no
when: pkg_check.rc == 0
+# TODO: submit PR upstream to add mask/unmask to service module
+- name: Mask firewalld service
+ command: systemctl mask firewalld
+ register: result
+ changed_when: "'firewalld' in result.stdout"
+ when: pkg_check.rc == 0
+ ignore_errors: yes
+
+- name: Install iptables packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items:
+ - iptables
+ - iptables-services
+ register: install_result
+ when: not openshift.common.is_atomic | bool
+
- name: Reload systemd units
command: systemctl daemon-reload
when: install_result | changed
@@ -35,14 +43,6 @@
pause: seconds=10
when: result | changed
-# TODO: submit PR upstream to add mask/unmask to service module
-- name: Mask firewalld service
- command: systemctl mask firewalld
- register: result
- changed_when: "'firewalld' in result.stdout"
- when: pkg_check.rc == 0
- ignore_errors: yes
-
- name: Add iptables allow rules
os_firewall_manage_iptables:
name: "{{ item.service }}"