iptables was recently found installed and running on a RHEL7 system.
Previous testnode playbook runs wouldn't catch this since it shouldn't
be installed in the first place. This change ensures firewalld and
iptables are stopped on all RPM-based distros.
Fixes: http://tracker.ceph.com/issues/16809
Signed-off-by: David Galloway <dgallowa@redhat.com>
- name: Fix broken cloud-init
include: ../cloud-init.yml
-- name: Stop iptables
- service:
- name: iptables
- state: stopped
-
- include: ../imitate_ubuntu.yml
- include: ../nfs.yml
tags:
- nfs
-
-- name: Stop firewalld
- service:
- name: firewalld
- state: stopped
- enabled: no
include: cloud-init.yml
when: ansible_distribution_major_version == "6"
-- name: Stop iptables
- service:
- name: iptables
- state: stopped
- enabled: no
- when: ansible_distribution_major_version == "6"
-
-- name: Stop firewalld
- service:
- name: firewalld
- state: stopped
- enabled: no
- when: ansible_distribution_major_version == "7"
-
- include: imitate_ubuntu.yml
owner: root
group: root
mode: 0644
-
-- name: Disable firewalld
- service:
- name: firewalld
- state: stopped
- enabled: no
--- /dev/null
+---
+# There have been instances where iptables is installed on EL7 testnodes.
+# This task will make sure both services are stopped and disabled regardless
+# of OS version.
+
+- name: Stop and disable firewalld
+ service:
+ name: firewalld
+ state: stopped
+ enabled: no
+ ignore_errors: true
+
+- name: Stop and disable iptables
+ service:
+ name: iptables
+ state: stopped
+ enabled: no
+ ignore_errors: true
tags:
- packages
+- name: Disable firewall
+ include: yum/firewall.yml
+
- name: Enable SELinux
selinux: state=permissive policy=targeted
tags:
projects / ceph-cm-ansible.git / commitdiff