From: David Galloway <dgallowa@redhat.com>
Date: Thu, 21 Apr 2016 02:25:57 +0000 (-0400)
Subject: nameserver: Configure firewalld to allow DNS traffic
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=1ad8640cef71c5b82fc7930cbd30a600a374479a;p=ceph-cm-ansible.git

nameserver: Configure firewalld to allow DNS traffic

Signed-off-by: David Galloway <dgallowa@redhat.com>
---

diff --git a/roles/nameserver/tasks/firewall.yml b/roles/nameserver/tasks/firewall.yml
new file mode 100644
index 00000000..6ed628ad
--- /dev/null
+++ b/roles/nameserver/tasks/firewall.yml
@@ -0,0 +1,13 @@
+---
+- name: Enable firewalld
+  service:
+    name: firewalld
+    enabled: yes
+    state: started
+
+- name: Allow incoming DNS traffic
+  firewalld:
+    service: dns
+    permanent: true
+    immediate: yes
+    state: enabled
diff --git a/roles/nameserver/tasks/main.yml b/roles/nameserver/tasks/main.yml
index f487ee37..5a59d54b 100644
--- a/roles/nameserver/tasks/main.yml
+++ b/roles/nameserver/tasks/main.yml
@@ -4,6 +4,11 @@
   tags:
     - packages
 
+# Configure firewalld
+- include: firewall.yml
+  tags:
+    - firewall
+
 # Configure BIND
 - include: config.yml
   tags: