Merge "Use 'package_facts' module in firewall role"

3 files changed, 13 insertions, 9 deletions

diff --git a/ansible/roles/firewall/defaults/main.yml b/ansible/roles/firewall/defaults/main.yml
new file mode 100644
index 00000000..7cc9ae96
--- /dev/null
+++ b/ansible/roles/firewall/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+firewall:
+  state: disable
+  package_name:
+    RedHat: 'firewalld'
+    Debian: 'ufw'
diff --git a/ansible/roles/firewall/tasks/firewall-disable.yml b/ansible/roles/firewall/tasks/firewall-disable.yml
index 9a8a2c10..f406d943 100644
--- a/ansible/roles/firewall/tasks/firewall-disable.yml
+++ b/ansible/roles/firewall/tasks/firewall-disable.yml
@@ -1,16 +1,14 @@
 ---
-- name: Check if firewalld is installed
-  yum:
-    list: firewalld
-    disablerepo: "*"
-  register: firewalld_check
+- name: Get installed packages list
+  package_facts:
+    manager: "auto"
 
-- name: Stop and disable firewalld if exists
+- name: Stop and disable default OS firewall if exists
   service:
-    name: firewalld
+    name: "{{ firewall.package_name[ansible_facts.os_family] }}"
     state: stopped
     enabled: no
-  when: firewalld_check.results|selectattr('yumstate', 'match', 'installed')|list|length != 0
+  when: firewall.package_name[ansible_facts.os_family] in ansible_facts.packages
 
 - name: Flush iptables
   iptables:
diff --git a/ansible/roles/firewall/tasks/main.yml b/ansible/roles/firewall/tasks/main.yml
index f7bb7c74..29ea1958 100644
--- a/ansible/roles/firewall/tasks/main.yml
+++ b/ansible/roles/firewall/tasks/main.yml
@@ -1,2 +1,2 @@
 ---
-- include_tasks: "firewall-{{ state }}.yml"
+- include_tasks: "firewall-{{ firewall.state }}.yml"