Merge pull request #188 from openshift/master

Merge master into stage
author: Wesley Hearn <wesley.s.hearn@gmail.com> 2015-04-24 14:06:12 -0400
committer: Wesley Hearn <wesley.s.hearn@gmail.com> 2015-04-24 14:06:12 -0400
commit: 519e097df31e2148ac520ab273d0bd2fb2f7bb43 (patch)
tree: 4c5413c72a2dd2ec732730b6994a104cca6a9798 /roles/os_firewall/tasks
parent: db9cf8ef4f030f30391e021f360fe0c3db1dce74 (diff)
parent: 8ce5e1de898d2fd2c4aa4620f31b57b62ed0c5d6 (diff)
download: openshift-519e097df31e2148ac520ab273d0bd2fb2f7bb43.tar.gz
openshift-519e097df31e2148ac520ab273d0bd2fb2f7bb43.tar.bz2
openshift-519e097df31e2148ac520ab273d0bd2fb2f7bb43.tar.xz
openshift-519e097df31e2148ac520ab273d0bd2fb2f7bb43.zip
2 files changed, 14 insertions, 5 deletions
diff --git a/roles/os_firewall/tasks/firewall/firewalld.yml b/roles/os_firewall/tasks/firewall/firewalld.yml
index 469cfab6f..5089eb3e0 100644
--- a/roles/os_firewall/tasks/firewall/firewalld.yml
+++ b/roles/os_firewall/tasks/firewall/firewalld.yml
@@ -3,6 +3,7 @@
   yum:
     name: firewalld
     state: present
+  register: install_result
 
 - name: Check if iptables-services is installed
   command: rpm -q iptables-services
@@ -20,6 +21,10 @@
   - ip6tables
   when: pkg_check.rc == 0
 
+- name: Reload systemd units
+  command: systemctl daemon-reload
+  when: install_result | changed
+
 - name: Start and enable firewalld service
   service:
     name: firewalld
@@ -39,6 +44,7 @@
   - iptables
   - ip6tables
   when: pkg_check.rc == 0
+  ignore_errors: yes
 
 # TODO: Ansible 1.9 will eliminate the need for separate firewalld tasks for
 # enabling rules and making them permanent with the immediate flag
diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml
index 87e77c083..9af9d8d29 100644
--- a/roles/os_firewall/tasks/firewall/iptables.yml
+++ b/roles/os_firewall/tasks/firewall/iptables.yml
@@ -6,6 +6,7 @@
   with_items:
   - iptables
   - iptables-services
+  register: install_result
 
 - name: Check if firewalld is installed
   command: rpm -q firewalld
@@ -20,14 +21,15 @@
     enabled: no
   when: pkg_check.rc == 0
 
-- name: Start and enable iptables services
+- name: Reload systemd units
+  command: systemctl daemon-reload
+  when: install_result | changed
+
+- name: Start and enable iptables service
   service:
-    name: "{{ item }}"
+    name: iptables
     state: started
     enabled: yes
-  with_items:
-  - iptables
-  - ip6tables
   register: result
 
 - name: need to pause here, otherwise the iptables service starting can sometimes cause ssh to fail
@@ -40,6 +42,7 @@
   register: result
   changed_when: "'firewalld' in result.stdout"
   when: pkg_check.rc == 0
+  ignore_errors: yes
 
 - name: Add iptables allow rules
   os_firewall_manage_iptables:
author	Wesley Hearn <wesley.s.hearn@gmail.com>	2015-04-24 14:06:12 -0400
committer	Wesley Hearn <wesley.s.hearn@gmail.com>	2015-04-24 14:06:12 -0400
commit	519e097df31e2148ac520ab273d0bd2fb2f7bb43 (patch)
tree	4c5413c72a2dd2ec732730b6994a104cca6a9798 /roles/os_firewall/tasks
parent	db9cf8ef4f030f30391e021f360fe0c3db1dce74 (diff)
parent	8ce5e1de898d2fd2c4aa4620f31b57b62ed0c5d6 (diff)
download	openshift-519e097df31e2148ac520ab273d0bd2fb2f7bb43.tar.gz openshift-519e097df31e2148ac520ab273d0bd2fb2f7bb43.tar.bz2 openshift-519e097df31e2148ac520ab273d0bd2fb2f7bb43.tar.xz openshift-519e097df31e2148ac520ab273d0bd2fb2f7bb43.zip