diff options
author | Russell Teague <rteague@redhat.com> | 2017-08-14 15:25:28 -0400 |
---|---|---|
committer | Russell Teague <rteague@redhat.com> | 2017-08-15 10:12:07 -0400 |
commit | ece3cf9aa66e0974e7f30ffb5798b23c64fd04cc (patch) | |
tree | 2420111a6d0282743240203c68ba702ee54fdfc9 | |
parent | 2dd904feeec57bcb46281a7066b26c140fadfef8 (diff) | |
download | openshift-ece3cf9aa66e0974e7f30ffb5798b23c64fd04cc.tar.gz openshift-ece3cf9aa66e0974e7f30ffb5798b23c64fd04cc.tar.bz2 openshift-ece3cf9aa66e0974e7f30ffb5798b23c64fd04cc.tar.xz openshift-ece3cf9aa66e0974e7f30ffb5798b23c64fd04cc.zip |
Additional os_firewall role refactoring
* Remove openshift_facts dependency
* Move firewall initialization from std_include.yml to
openshift_cluster/config.yml
Installing firewall packages is only necessary during OpenShift
installation.
-rw-r--r-- | playbooks/common/openshift-cluster/config.yml | 4 | ||||
-rw-r--r-- | playbooks/common/openshift-cluster/std_include.yml | 4 | ||||
-rw-r--r-- | roles/os_firewall/meta/main.yml | 16 | ||||
-rw-r--r-- | roles/os_firewall/tasks/firewalld.yml (renamed from roles/os_firewall/tasks/firewall/firewalld.yml) | 8 | ||||
-rw-r--r-- | roles/os_firewall/tasks/iptables.yml (renamed from roles/os_firewall/tasks/firewall/iptables.yml) | 9 | ||||
-rw-r--r-- | roles/os_firewall/tasks/main.yml | 25 |
6 files changed, 33 insertions, 33 deletions
diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index 14d7d9822..5d5497acb 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -22,6 +22,10 @@ - docker_image_availability - docker_storage +- include: initialize_firewall.yml + tags: + - always + - hosts: localhost tasks: - fail: diff --git a/playbooks/common/openshift-cluster/std_include.yml b/playbooks/common/openshift-cluster/std_include.yml index 5a1187ec7..6cc56889a 100644 --- a/playbooks/common/openshift-cluster/std_include.yml +++ b/playbooks/common/openshift-cluster/std_include.yml @@ -18,7 +18,3 @@ - include: initialize_openshift_version.yml tags: - always - -- include: initialize_firewall.yml - tags: - - always diff --git a/roles/os_firewall/meta/main.yml b/roles/os_firewall/meta/main.yml deleted file mode 100644 index dca5fc5ff..000000000 --- a/roles/os_firewall/meta/main.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -galaxy_info: - author: Jason DeTiberus - description: os_firewall - company: Red Hat, Inc. - license: Apache License, Version 2.0 - min_ansible_version: 2.2 - platforms: - - name: EL - versions: - - 7 - categories: - - system -allow_duplicates: yes -dependencies: - - role: openshift_facts diff --git a/roles/os_firewall/tasks/firewall/firewalld.yml b/roles/os_firewall/tasks/firewalld.yml index 2cc7af478..54430f402 100644 --- a/roles/os_firewall/tasks/firewall/firewalld.yml +++ b/roles/os_firewall/tasks/firewalld.yml @@ -1,4 +1,9 @@ --- +- name: Fail - Firewalld is not supported on Atomic Host + fail: + msg: "Firewalld is not supported on Atomic Host" + when: r_os_firewall_is_atomic | bool + - name: Install firewalld packages package: name: firewalld @@ -31,7 +36,8 @@ register: result - name: need to pause here, otherwise the firewalld service starting can sometimes cause ssh to fail - pause: seconds=10 + pause: + seconds: 10 when: result | changed - name: Restart polkitd diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/iptables.yml index 7e1fa2c02..0af5abf38 100644 --- a/roles/os_firewall/tasks/firewall/iptables.yml +++ b/roles/os_firewall/tasks/iptables.yml @@ -15,11 +15,13 @@ when: task_result | changed - name: Install iptables packages - package: name={{ item }} state=present + package: + name: "{{ item }}" + state: present with_items: - iptables - iptables-services - when: not openshift.common.is_atomic | bool + when: not r_os_firewall_is_atomic | bool - name: Start and enable iptables service systemd: @@ -34,5 +36,6 @@ with_items: "{{ ansible_play_hosts }}" - name: need to pause here, otherwise the iptables service starting can sometimes cause ssh to fail - pause: seconds=10 + pause: + seconds: 10 when: result | changed diff --git a/roles/os_firewall/tasks/main.yml b/roles/os_firewall/tasks/main.yml index 20efe5b0d..c477d386c 100644 --- a/roles/os_firewall/tasks/main.yml +++ b/roles/os_firewall/tasks/main.yml @@ -1,12 +1,19 @@ --- -- name: Assert - Do not use firewalld on Atomic Host - assert: - that: not os_firewall_use_firewalld | bool - msg: "Firewalld is not supported on Atomic Host" - when: openshift.common.is_atomic | bool +- name: Detecting Atomic Host Operating System + stat: + path: /run/ostree-booted + register: r_os_firewall_ostree_booted -- include: firewall/firewalld.yml - when: os_firewall_enabled | bool and os_firewall_use_firewalld | bool +- name: Set fact r_os_firewall_is_atomic + set_fact: + r_os_firewall_is_atomic: "{{ r_os_firewall_ostree_booted.stat.exists }}" -- include: firewall/iptables.yml - when: os_firewall_enabled | bool and not os_firewall_use_firewalld | bool +- include: firewalld.yml + when: + - os_firewall_enabled | bool + - os_firewall_use_firewalld | bool + +- include: iptables.yml + when: + - os_firewall_enabled | bool + - not os_firewall_use_firewalld | bool |