diff options
author | Bartek Grzybowski <b.grzybowski@partner.samsung.com> | 2019-02-25 16:00:46 +0100 |
---|---|---|
committer | Bartek Grzybowski <b.grzybowski@partner.samsung.com> | 2019-02-28 11:34:56 +0100 |
commit | 8bd90d9023e43ae59effb75caef2a68cc00abe3a (patch) | |
tree | 3f3de36d40d6ce262c30e8f75d59835f9df04cb7 | |
parent | 41a20c145b30e9eebf395742b986bfed2ed7ca60 (diff) |
Use 'package_facts' module in firewall role
Centos iso image doesn't have 'yum-utils' package with
'repoquery' binary which causes 'yum' module to crash.
Using more generic 'package_facts' fixes that.
This patch also introduces more general compatibility with
RedHat/Debian based distros.
Issue-ID: OOM-1632
Change-Id: Ica026c0f9a9ffa9e307f7cba589900962b0db4e7
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
-rw-r--r-- | ansible/infrastructure.yml | 2 | ||||
-rw-r--r-- | ansible/roles/firewall/defaults/main.yml | 6 | ||||
-rw-r--r-- | ansible/roles/firewall/tasks/firewall-disable.yml | 14 | ||||
-rw-r--r-- | ansible/roles/firewall/tasks/main.yml | 2 |
4 files changed, 13 insertions, 11 deletions
diff --git a/ansible/infrastructure.yml b/ansible/infrastructure.yml index e4715a9c..a0bc7011 100644 --- a/ansible/infrastructure.yml +++ b/ansible/infrastructure.yml @@ -24,8 +24,6 @@ hosts: infrastructure, kubernetes roles: - role: firewall - vars: - state: disable - name: Setup infrastructure servers hosts: infrastructure diff --git a/ansible/roles/firewall/defaults/main.yml b/ansible/roles/firewall/defaults/main.yml new file mode 100644 index 00000000..7cc9ae96 --- /dev/null +++ b/ansible/roles/firewall/defaults/main.yml @@ -0,0 +1,6 @@ +--- +firewall: + state: disable + package_name: + RedHat: 'firewalld' + Debian: 'ufw' diff --git a/ansible/roles/firewall/tasks/firewall-disable.yml b/ansible/roles/firewall/tasks/firewall-disable.yml index 9a8a2c10..f406d943 100644 --- a/ansible/roles/firewall/tasks/firewall-disable.yml +++ b/ansible/roles/firewall/tasks/firewall-disable.yml @@ -1,16 +1,14 @@ --- -- name: Check if firewalld is installed - yum: - list: firewalld - disablerepo: "*" - register: firewalld_check +- name: Get installed packages list + package_facts: + manager: "auto" -- name: Stop and disable firewalld if exists +- name: Stop and disable default OS firewall if exists service: - name: firewalld + name: "{{ firewall.package_name[ansible_facts.os_family] }}" state: stopped enabled: no - when: firewalld_check.results|selectattr('yumstate', 'match', 'installed')|list|length != 0 + when: firewall.package_name[ansible_facts.os_family] in ansible_facts.packages - name: Flush iptables iptables: diff --git a/ansible/roles/firewall/tasks/main.yml b/ansible/roles/firewall/tasks/main.yml index f7bb7c74..29ea1958 100644 --- a/ansible/roles/firewall/tasks/main.yml +++ b/ansible/roles/firewall/tasks/main.yml @@ -1,2 +1,2 @@ --- -- include_tasks: "firewall-{{ state }}.yml" +- include_tasks: "firewall-{{ firewall.state }}.yml" |