From: Bartek Grzybowski Date: Mon, 25 Feb 2019 15:00:46 +0000 (+0100) Subject: Use 'package_facts' module in firewall role X-Git-Tag: 6.0.0-ONAP~298^2 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=8bd90d9023e43ae59effb75caef2a68cc00abe3a;p=oom%2Foffline-installer.git Use 'package_facts' module in firewall role Centos iso image doesn't have 'yum-utils' package with 'repoquery' binary which causes 'yum' module to crash. Using more generic 'package_facts' fixes that. This patch also introduces more general compatibility with RedHat/Debian based distros. Issue-ID: OOM-1632 Change-Id: Ica026c0f9a9ffa9e307f7cba589900962b0db4e7 Signed-off-by: Bartek Grzybowski --- diff --git a/ansible/infrastructure.yml b/ansible/infrastructure.yml index e4715a9c..a0bc7011 100644 --- a/ansible/infrastructure.yml +++ b/ansible/infrastructure.yml @@ -24,8 +24,6 @@ hosts: infrastructure, kubernetes roles: - role: firewall - vars: - state: disable - name: Setup infrastructure servers hosts: infrastructure diff --git a/ansible/roles/firewall/defaults/main.yml b/ansible/roles/firewall/defaults/main.yml new file mode 100644 index 00000000..7cc9ae96 --- /dev/null +++ b/ansible/roles/firewall/defaults/main.yml @@ -0,0 +1,6 @@ +--- +firewall: + state: disable + package_name: + RedHat: 'firewalld' + Debian: 'ufw' diff --git a/ansible/roles/firewall/tasks/firewall-disable.yml b/ansible/roles/firewall/tasks/firewall-disable.yml index 9a8a2c10..f406d943 100644 --- a/ansible/roles/firewall/tasks/firewall-disable.yml +++ b/ansible/roles/firewall/tasks/firewall-disable.yml @@ -1,16 +1,14 @@ --- -- name: Check if firewalld is installed - yum: - list: firewalld - disablerepo: "*" - register: firewalld_check +- name: Get installed packages list + package_facts: + manager: "auto" -- name: Stop and disable firewalld if exists +- name: Stop and disable default OS firewall if exists service: - name: firewalld + name: "{{ firewall.package_name[ansible_facts.os_family] }}" state: stopped enabled: no - when: firewalld_check.results|selectattr('yumstate', 'match', 'installed')|list|length != 0 + when: firewall.package_name[ansible_facts.os_family] in ansible_facts.packages - name: Flush iptables iptables: diff --git a/ansible/roles/firewall/tasks/main.yml b/ansible/roles/firewall/tasks/main.yml index f7bb7c74..29ea1958 100644 --- a/ansible/roles/firewall/tasks/main.yml +++ b/ansible/roles/firewall/tasks/main.yml @@ -1,2 +1,2 @@ --- -- include_tasks: "firewall-{{ state }}.yml" +- include_tasks: "firewall-{{ firewall.state }}.yml"