summaryrefslogtreecommitdiffstats
path: root/roles/os_firewall
diff options
context:
space:
mode:
authorJason DeTiberus <jdetiber@redhat.com>2016-02-08 00:16:54 -0500
committerJason DeTiberus <jdetiber@redhat.com>2016-02-08 00:16:54 -0500
commit7a8be59957169149d1b0daf6c11c4609095ac416 (patch)
treeed0a9f94fc1b21ffe491d33e2bc9f04731b47735 /roles/os_firewall
parenta87dfdd698f251d3892ef98f189b9f08539039f5 (diff)
downloadopenshift-7a8be59957169149d1b0daf6c11c4609095ac416.tar.gz
openshift-7a8be59957169149d1b0daf6c11c4609095ac416.tar.bz2
openshift-7a8be59957169149d1b0daf6c11c4609095ac416.tar.xz
openshift-7a8be59957169149d1b0daf6c11c4609095ac416.zip
Fix enabling iptables for latest rhel versions
Diffstat (limited to 'roles/os_firewall')
-rw-r--r--roles/os_firewall/tasks/firewall/iptables.yml32
1 files changed, 16 insertions, 16 deletions
diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml
index 5cf4bf7af..3b584f8eb 100644
--- a/roles/os_firewall/tasks/firewall/iptables.yml
+++ b/roles/os_firewall/tasks/firewall/iptables.yml
@@ -1,12 +1,4 @@
---
-- name: Install iptables packages
- action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
- with_items:
- - iptables
- - iptables-services
- register: install_result
- when: not openshift.common.is_atomic | bool
-
- name: Check if firewalld is installed
command: rpm -q firewalld
register: pkg_check
@@ -20,6 +12,22 @@
enabled: no
when: pkg_check.rc == 0
+# TODO: submit PR upstream to add mask/unmask to service module
+- name: Mask firewalld service
+ command: systemctl mask firewalld
+ register: result
+ changed_when: "'firewalld' in result.stdout"
+ when: pkg_check.rc == 0
+ ignore_errors: yes
+
+- name: Install iptables packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items:
+ - iptables
+ - iptables-services
+ register: install_result
+ when: not openshift.common.is_atomic | bool
+
- name: Reload systemd units
command: systemctl daemon-reload
when: install_result | changed
@@ -35,14 +43,6 @@
pause: seconds=10
when: result | changed
-# TODO: submit PR upstream to add mask/unmask to service module
-- name: Mask firewalld service
- command: systemctl mask firewalld
- register: result
- changed_when: "'firewalld' in result.stdout"
- when: pkg_check.rc == 0
- ignore_errors: yes
-
- name: Add iptables allow rules
os_firewall_manage_iptables:
name: "{{ item.service }}"