summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBartek Grzybowski <b.grzybowski@partner.samsung.com>2019-02-25 16:00:46 +0100
committerBartek Grzybowski <b.grzybowski@partner.samsung.com>2019-02-28 11:34:56 +0100
commit8bd90d9023e43ae59effb75caef2a68cc00abe3a (patch)
tree3f3de36d40d6ce262c30e8f75d59835f9df04cb7
parent41a20c145b30e9eebf395742b986bfed2ed7ca60 (diff)
Use 'package_facts' module in firewall role
Centos iso image doesn't have 'yum-utils' package with 'repoquery' binary which causes 'yum' module to crash. Using more generic 'package_facts' fixes that. This patch also introduces more general compatibility with RedHat/Debian based distros. Issue-ID: OOM-1632 Change-Id: Ica026c0f9a9ffa9e307f7cba589900962b0db4e7 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
-rw-r--r--ansible/infrastructure.yml2
-rw-r--r--ansible/roles/firewall/defaults/main.yml6
-rw-r--r--ansible/roles/firewall/tasks/firewall-disable.yml14
-rw-r--r--ansible/roles/firewall/tasks/main.yml2
4 files changed, 13 insertions, 11 deletions
diff --git a/ansible/infrastructure.yml b/ansible/infrastructure.yml
index e4715a9c..a0bc7011 100644
--- a/ansible/infrastructure.yml
+++ b/ansible/infrastructure.yml
@@ -24,8 +24,6 @@
hosts: infrastructure, kubernetes
roles:
- role: firewall
- vars:
- state: disable
- name: Setup infrastructure servers
hosts: infrastructure
diff --git a/ansible/roles/firewall/defaults/main.yml b/ansible/roles/firewall/defaults/main.yml
new file mode 100644
index 00000000..7cc9ae96
--- /dev/null
+++ b/ansible/roles/firewall/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+firewall:
+ state: disable
+ package_name:
+ RedHat: 'firewalld'
+ Debian: 'ufw'
diff --git a/ansible/roles/firewall/tasks/firewall-disable.yml b/ansible/roles/firewall/tasks/firewall-disable.yml
index 9a8a2c10..f406d943 100644
--- a/ansible/roles/firewall/tasks/firewall-disable.yml
+++ b/ansible/roles/firewall/tasks/firewall-disable.yml
@@ -1,16 +1,14 @@
---
-- name: Check if firewalld is installed
- yum:
- list: firewalld
- disablerepo: "*"
- register: firewalld_check
+- name: Get installed packages list
+ package_facts:
+ manager: "auto"
-- name: Stop and disable firewalld if exists
+- name: Stop and disable default OS firewall if exists
service:
- name: firewalld
+ name: "{{ firewall.package_name[ansible_facts.os_family] }}"
state: stopped
enabled: no
- when: firewalld_check.results|selectattr('yumstate', 'match', 'installed')|list|length != 0
+ when: firewall.package_name[ansible_facts.os_family] in ansible_facts.packages
- name: Flush iptables
iptables:
diff --git a/ansible/roles/firewall/tasks/main.yml b/ansible/roles/firewall/tasks/main.yml
index f7bb7c74..29ea1958 100644
--- a/ansible/roles/firewall/tasks/main.yml
+++ b/ansible/roles/firewall/tasks/main.yml
@@ -1,2 +1,2 @@
---
-- include_tasks: "firewall-{{ state }}.yml"
+- include_tasks: "firewall-{{ firewall.state }}.yml"