summaryrefslogtreecommitdiffstats
path: root/roles/os_firewall
diff options
context:
space:
mode:
Diffstat (limited to 'roles/os_firewall')
-rw-r--r--roles/os_firewall/tasks/firewalld.yml12
-rw-r--r--roles/os_firewall/tasks/iptables.yml10
2 files changed, 13 insertions, 9 deletions
diff --git a/roles/os_firewall/tasks/firewalld.yml b/roles/os_firewall/tasks/firewalld.yml
index 1e27ebaf9..4eae31596 100644
--- a/roles/os_firewall/tasks/firewalld.yml
+++ b/roles/os_firewall/tasks/firewalld.yml
@@ -9,7 +9,7 @@
name: firewalld
state: present
register: result
- until: result | success
+ until: result is succeeded
- name: Ensure iptables services are not enabled
systemd:
@@ -21,12 +21,14 @@
- iptables
- ip6tables
register: task_result
- failed_when: task_result|failed and 'could not' not in task_result.msg|lower
+ failed_when:
+ - task_result is failed
+ - ('could not' not in task_result.msg|lower)
- name: Wait 10 seconds after disabling iptables
pause:
seconds: 10
- when: task_result | changed
+ when: task_result is changed
- name: Start and enable firewalld service
systemd:
@@ -40,13 +42,13 @@
- name: need to pause here, otherwise the firewalld service starting can sometimes cause ssh to fail
pause:
seconds: 10
- when: result | changed
+ when: result is changed
- name: Restart polkitd
systemd:
name: polkit
state: restarted
- when: result | changed
+ when: result is changed
# Fix suspected race between firewalld and polkit BZ1436964
- name: Wait for polkit action to have been created
diff --git a/roles/os_firewall/tasks/iptables.yml b/roles/os_firewall/tasks/iptables.yml
index a7c13e487..49d658d37 100644
--- a/roles/os_firewall/tasks/iptables.yml
+++ b/roles/os_firewall/tasks/iptables.yml
@@ -7,12 +7,14 @@
enabled: no
masked: yes
register: task_result
- failed_when: task_result|failed and 'could not' not in task_result.msg|lower
+ failed_when:
+ - task_result is failed
+ - ('could not' not in task_result.msg|lower)
- name: Wait 10 seconds after disabling firewalld
pause:
seconds: 10
- when: task_result | changed
+ when: task_result is changed
- name: Install iptables packages
package:
@@ -23,7 +25,7 @@
- iptables-services
when: not r_os_firewall_is_atomic | bool
register: result
- until: result | success
+ until: result is succeeded
- name: Start and enable iptables service
systemd:
@@ -40,4 +42,4 @@
- name: need to pause here, otherwise the iptables service starting can sometimes cause ssh to fail
pause:
seconds: 10
- when: result | changed
+ when: result is changed