Default os_firewall_use_firewalld to false in os_firewall and remove overrides.

roles/cockpit/defaults/main.yml

@@ -1,5 +1,4 @@
 ---
-os_firewall_use_firewalld: false
 os_firewall_allow:
 - service: cockpit-ws
   port: 9090/tcp

roles/etcd/defaults/main.yaml

@@ -15,7 +15,6 @@ etcd_listen_client_urls: "{{ etcd_url_scheme }}://{{ etcd_ip }}:{{ etcd_client_p
 
 etcd_data_dir: /var/lib/etcd/
 
-os_firewall_use_firewalld: False
 os_firewall_allow:
 - service: etcd
   port: "{{etcd_client_port}}/tcp"

roles/haproxy/defaults/main.yml

@@ -15,7 +15,6 @@ haproxy_backends:
     address: 127.0.0.1:9000
     opts: check
 
-os_firewall_use_firewalld: False
 os_firewall_allow:
 - service: haproxy stats
   port: "9000/tcp"

roles/openshift_common/vars/main.yml

@@ -1,7 +0,0 @@
----
-# TODO: Upstream kubernetes only supports iptables currently, if this changes,
-# then these variable should be moved to defaults
-# TODO: it might be possible to still use firewalld if we wire up the created
-# chains with the public zone (or the zone associated with the correct
-# interfaces)
-os_firewall_use_firewalld: False

roles/openshift_storage_nfs/defaults/main.yml

@@ -16,7 +16,6 @@ openshift:
           options: "*(rw,root_squash)"
         volume:
           name: "metrics"
-os_firewall_use_firewalld: False
 os_firewall_allow:
 - service: nfs
   port: "2049/tcp"

roles/os_firewall/defaults/main.yml

@@ -1,5 +1,9 @@
 ---
 os_firewall_enabled: True
-os_firewall_use_firewalld: True
+# TODO: Upstream kubernetes only supports iptables currently
+# TODO: it might be possible to still use firewalld if we wire up the created
+# chains with the public zone (or the zone associated with the correct
+# interfaces)
+os_firewall_use_firewalld: False
 os_firewall_allow: []
 os_firewall_deny: []