diff options
author | Jason DeTiberus <jdetiber@redhat.com> | 2016-02-08 00:16:54 -0500 |
---|---|---|
committer | Jason DeTiberus <jdetiber@redhat.com> | 2016-02-08 00:16:54 -0500 |
commit | 7a8be59957169149d1b0daf6c11c4609095ac416 (patch) | |
tree | ed0a9f94fc1b21ffe491d33e2bc9f04731b47735 /roles/os_firewall | |
parent | a87dfdd698f251d3892ef98f189b9f08539039f5 (diff) | |
download | openshift-7a8be59957169149d1b0daf6c11c4609095ac416.tar.gz openshift-7a8be59957169149d1b0daf6c11c4609095ac416.tar.bz2 openshift-7a8be59957169149d1b0daf6c11c4609095ac416.tar.xz openshift-7a8be59957169149d1b0daf6c11c4609095ac416.zip |
Fix enabling iptables for latest rhel versions
Diffstat (limited to 'roles/os_firewall')
-rw-r--r-- | roles/os_firewall/tasks/firewall/iptables.yml | 32 |
1 files changed, 16 insertions, 16 deletions
diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml index 5cf4bf7af..3b584f8eb 100644 --- a/roles/os_firewall/tasks/firewall/iptables.yml +++ b/roles/os_firewall/tasks/firewall/iptables.yml @@ -1,12 +1,4 @@ --- -- name: Install iptables packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: - - iptables - - iptables-services - register: install_result - when: not openshift.common.is_atomic | bool - - name: Check if firewalld is installed command: rpm -q firewalld register: pkg_check @@ -20,6 +12,22 @@ enabled: no when: pkg_check.rc == 0 +# TODO: submit PR upstream to add mask/unmask to service module +- name: Mask firewalld service + command: systemctl mask firewalld + register: result + changed_when: "'firewalld' in result.stdout" + when: pkg_check.rc == 0 + ignore_errors: yes + +- name: Install iptables packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: + - iptables + - iptables-services + register: install_result + when: not openshift.common.is_atomic | bool + - name: Reload systemd units command: systemctl daemon-reload when: install_result | changed @@ -35,14 +43,6 @@ pause: seconds=10 when: result | changed -# TODO: submit PR upstream to add mask/unmask to service module -- name: Mask firewalld service - command: systemctl mask firewalld - register: result - changed_when: "'firewalld' in result.stdout" - when: pkg_check.rc == 0 - ignore_errors: yes - - name: Add iptables allow rules os_firewall_manage_iptables: name: "{{ item.service }}" |