From 991b232e34f86a6a745bdc34d62b046abd2291e7 Mon Sep 17 00:00:00 2001
From: Jason DeTiberus <jdetiber@redhat.com>
Date: Mon, 20 Apr 2015 22:52:12 -0400
Subject: fixes to better deal with gce image defaults

- remove exception if INPUT rules are not found, gce centos-7 image is stripped of
  default rules
- ignore_errors for systemctl mask operation, fails with permission denied on
  gce centos-7 image.
---
 roles/os_firewall/tasks/firewall/firewalld.yml | 1 +
 roles/os_firewall/tasks/firewall/iptables.yml  | 1 +
 2 files changed, 2 insertions(+)

(limited to 'roles/os_firewall/tasks')

diff --git a/roles/os_firewall/tasks/firewall/firewalld.yml b/roles/os_firewall/tasks/firewall/firewalld.yml
index b6bddd5c5..5089eb3e0 100644
--- a/roles/os_firewall/tasks/firewall/firewalld.yml
+++ b/roles/os_firewall/tasks/firewall/firewalld.yml
@@ -44,6 +44,7 @@
   - iptables
   - ip6tables
   when: pkg_check.rc == 0
+  ignore_errors: yes
 
 # TODO: Ansible 1.9 will eliminate the need for separate firewalld tasks for
 # enabling rules and making them permanent with the immediate flag
diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml
index 7b5c00a9b..9af9d8d29 100644
--- a/roles/os_firewall/tasks/firewall/iptables.yml
+++ b/roles/os_firewall/tasks/firewall/iptables.yml
@@ -42,6 +42,7 @@
   register: result
   changed_when: "'firewalld' in result.stdout"
   when: pkg_check.rc == 0
+  ignore_errors: yes
 
 - name: Add iptables allow rules
   os_firewall_manage_iptables:
-- 
cgit v1.2.3