From: Zack Cerza <zack@redhat.com>
Date: Wed, 15 Jul 2015 16:31:44 +0000 (-0600)
Subject: Manage the firewall on RHEL/CentOS 6/7
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=a2241e9b0e1aeb6267003c884b91ab90ea77e396;p=ceph-cm-ansible.git

Manage the firewall on RHEL/CentOS 6/7

On EL7, poke holes for http and https. On EL6, just stop iptables.

Signed-off-by: Zack Cerza <zack@redhat.com>
---

diff --git a/roles/cobbler/tasks/redhat/rhel_6.yml b/roles/cobbler/tasks/redhat/rhel_6.yml
new file mode 100644
index 0000000..a1820bd
--- /dev/null
+++ b/roles/cobbler/tasks/redhat/rhel_6.yml
@@ -0,0 +1,5 @@
+---
+- name: Stop iptables
+  service:
+    name: iptables
+    state: stopped
diff --git a/roles/cobbler/tasks/redhat/rhel_7.yml b/roles/cobbler/tasks/redhat/rhel_7.yml
new file mode 100644
index 0000000..4552fe8
--- /dev/null
+++ b/roles/cobbler/tasks/redhat/rhel_7.yml
@@ -0,0 +1,11 @@
+---
+- name: Enable http and https using firewalld
+  firewalld:
+    service: "{{ item }}"
+    state: enabled
+    permanent: yes
+  with_items:
+    - http
+    - https
+  tags:
+    - firewall
diff --git a/roles/cobbler/tasks/setup-redhat.yml b/roles/cobbler/tasks/setup-redhat.yml
new file mode 100644
index 0000000..667e4cd
--- /dev/null
+++ b/roles/cobbler/tasks/setup-redhat.yml
@@ -0,0 +1,8 @@
+---
+- name: Include rhel 7.x specific tasks.
+  include: redhat/rhel_7.yml
+  when: ansible_distribution_major_version == "7"
+
+- name: Include rhel 6.x specific tasks.
+  include: redhat/rhel_6.yml
+  when: ansible_distribution_major_version == "6"
diff --git a/roles/cobbler/tasks/yum_systems.yml b/roles/cobbler/tasks/yum_systems.yml
index 56c9473..305d0e0 100644
--- a/roles/cobbler/tasks/yum_systems.yml
+++ b/roles/cobbler/tasks/yum_systems.yml
@@ -11,3 +11,7 @@
     state: latest
   with_items: cobbler_extra_packages
   when: cobbler_extra_packages|length > 0
+
+# configure red hat specific things
+- include: setup-redhat.yml
+  when: ansible_distribution in ('RedHat', 'CentOS')