shixiong
/
okd


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657
							---
- name: Fail - Firewalld is not supported on Atomic Host
  fail:
    msg: "Firewalld is not supported on Atomic Host"
  when: r_os_firewall_is_atomic | bool

- name: Install firewalld packages
  package:
    name: firewalld
    state: present

- name: Ensure iptables services are not enabled
  systemd:
    name: "{{ item }}"
    state: stopped
    enabled: no
    masked: yes
  with_items:
    - iptables
    - ip6tables
  register: task_result
  failed_when: task_result|failed and 'could not' not in task_result.msg|lower

- name: Wait 10 seconds after disabling iptables
  pause:
    seconds: 10
  when: task_result | changed

- name: Start and enable firewalld service
  systemd:
    name: firewalld
    state: started
    enabled: yes
    masked: no
    daemon_reload: yes
  register: result

- name: need to pause here, otherwise the firewalld service starting can sometimes cause ssh to fail
  pause:
    seconds: 10
  when: result | changed

- name: Restart polkitd
  systemd:
    name: polkit
    state: restarted
  when: result | changed

# Fix suspected race between firewalld and polkit BZ1436964
- name: Wait for polkit action to have been created
  command: pkaction --action-id=org.fedoraproject.FirewallD1.config.info
  ignore_errors: true
  register: pkaction
  changed_when: false
  until: pkaction.rc == 0
  retries: 6
  delay: 10