From 8bd90d9023e43ae59effb75caef2a68cc00abe3a Mon Sep 17 00:00:00 2001
From: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
Date: Mon, 25 Feb 2019 16:00:46 +0100
Subject: Use 'package_facts' module in firewall role

Centos iso image doesn't have 'yum-utils' package with
'repoquery' binary which causes 'yum' module to crash.
Using more generic 'package_facts' fixes that.

This patch also introduces more general compatibility with
RedHat/Debian based distros.

Issue-ID: OOM-1632

Change-Id: Ica026c0f9a9ffa9e307f7cba589900962b0db4e7
Signed-off-by:  Bartek Grzybowski <b.grzybowski@partner.samsung.com>
---
 ansible/infrastructure.yml                        |  2 --
 ansible/roles/firewall/defaults/main.yml          |  6 ++++++
 ansible/roles/firewall/tasks/firewall-disable.yml | 14 ++++++--------
 ansible/roles/firewall/tasks/main.yml             |  2 +-
 4 files changed, 13 insertions(+), 11 deletions(-)
 create mode 100644 ansible/roles/firewall/defaults/main.yml

(limited to 'ansible')

diff --git a/ansible/infrastructure.yml b/ansible/infrastructure.yml
index e4715a9c..a0bc7011 100644
--- a/ansible/infrastructure.yml
+++ b/ansible/infrastructure.yml
@@ -24,8 +24,6 @@
   hosts: infrastructure, kubernetes
   roles:
     - role: firewall
-      vars:
-        state: disable
 
 - name: Setup infrastructure servers
   hosts: infrastructure
diff --git a/ansible/roles/firewall/defaults/main.yml b/ansible/roles/firewall/defaults/main.yml
new file mode 100644
index 00000000..7cc9ae96
--- /dev/null
+++ b/ansible/roles/firewall/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+firewall:
+  state: disable
+  package_name:
+    RedHat: 'firewalld'
+    Debian: 'ufw'
diff --git a/ansible/roles/firewall/tasks/firewall-disable.yml b/ansible/roles/firewall/tasks/firewall-disable.yml
index 9a8a2c10..f406d943 100644
--- a/ansible/roles/firewall/tasks/firewall-disable.yml
+++ b/ansible/roles/firewall/tasks/firewall-disable.yml
@@ -1,16 +1,14 @@
 ---
-- name: Check if firewalld is installed
-  yum:
-    list: firewalld
-    disablerepo: "*"
-  register: firewalld_check
+- name: Get installed packages list
+  package_facts:
+    manager: "auto"
 
-- name: Stop and disable firewalld if exists
+- name: Stop and disable default OS firewall if exists
   service:
-    name: firewalld
+    name: "{{ firewall.package_name[ansible_facts.os_family] }}"
     state: stopped
     enabled: no
-  when: firewalld_check.results|selectattr('yumstate', 'match', 'installed')|list|length != 0
+  when: firewall.package_name[ansible_facts.os_family] in ansible_facts.packages
 
 - name: Flush iptables
   iptables:
diff --git a/ansible/roles/firewall/tasks/main.yml b/ansible/roles/firewall/tasks/main.yml
index f7bb7c74..29ea1958 100644
--- a/ansible/roles/firewall/tasks/main.yml
+++ b/ansible/roles/firewall/tasks/main.yml
@@ -1,2 +1,2 @@
 ---
-- include_tasks: "firewall-{{ state }}.yml"
+- include_tasks: "firewall-{{ firewall.state }}.yml"
-- 
cgit 1.2.3-korg