| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051 |
- ---
- - name: Ensure firewalld service is not enabled
- systemd:
- name: firewalld
- state: stopped
- enabled: no
- masked: yes
- register: task_result
- failed_when: task_result|failed and 'could not' not in task_result.msg|lower
- - name: Wait 10 seconds after disabling firewalld
- pause:
- seconds: 10
- when: task_result | changed
- - name: Install iptables packages
- package: name={{ item }} state=present
- with_items:
- - iptables
- - iptables-services
- when: not openshift.common.is_atomic | bool
- - name: Start and enable iptables service
- systemd:
- name: iptables
- state: started
- enabled: yes
- masked: no
- daemon_reload: yes
- register: result
- - name: need to pause here, otherwise the iptables service starting can sometimes cause ssh to fail
- pause: seconds=10
- when: result | changed
- - name: Add iptables allow rules
- os_firewall_manage_iptables:
- name: "{{ item.service }}"
- action: add
- protocol: "{{ item.port.split('/')[1] }}"
- port: "{{ item.port.split('/')[0] }}"
- with_items: "{{ os_firewall_allow }}"
- - name: Remove iptables rules
- os_firewall_manage_iptables:
- name: "{{ item.service }}"
- action: remove
- protocol: "{{ item.port.split('/')[1] }}"
- port: "{{ item.port.split('/')[0] }}"
- with_items: "{{ os_firewall_deny }}"
|
