From c47bb55b5a0d34e6a8fdd77ac209bbac60cb0884 Mon Sep 17 00:00:00 2001 From: David Galloway Date: Tue, 26 Jul 2016 11:08:57 -0400 Subject: [PATCH] testnode: Disable firewalld and iptables regardless of OS version iptables was recently found installed and running on a RHEL7 system. Previous testnode playbook runs wouldn't catch this since it shouldn't be installed in the first place. This change ensures firewalld and iptables are stopped on all RPM-based distros. Fixes: http://tracker.ceph.com/issues/16809 Signed-off-by: David Galloway --- roles/testnode/tasks/redhat/rhel_6.yml | 5 ----- roles/testnode/tasks/redhat/rhel_7.yml | 6 ------ roles/testnode/tasks/setup-centos.yml | 14 -------------- roles/testnode/tasks/setup-fedora.yml | 6 ------ roles/testnode/tasks/yum/firewall.yml | 18 ++++++++++++++++++ roles/testnode/tasks/yum_systems.yml | 3 +++ 6 files changed, 21 insertions(+), 31 deletions(-) create mode 100644 roles/testnode/tasks/yum/firewall.yml diff --git a/roles/testnode/tasks/redhat/rhel_6.yml b/roles/testnode/tasks/redhat/rhel_6.yml index 3704ca4..e71911e 100644 --- a/roles/testnode/tasks/redhat/rhel_6.yml +++ b/roles/testnode/tasks/redhat/rhel_6.yml @@ -2,9 +2,4 @@ - name: Fix broken cloud-init include: ../cloud-init.yml -- name: Stop iptables - service: - name: iptables - state: stopped - - include: ../imitate_ubuntu.yml diff --git a/roles/testnode/tasks/redhat/rhel_7.yml b/roles/testnode/tasks/redhat/rhel_7.yml index 94ef558..21a82b8 100644 --- a/roles/testnode/tasks/redhat/rhel_7.yml +++ b/roles/testnode/tasks/redhat/rhel_7.yml @@ -2,9 +2,3 @@ - include: ../nfs.yml tags: - nfs - -- name: Stop firewalld - service: - name: firewalld - state: stopped - enabled: no diff --git a/roles/testnode/tasks/setup-centos.yml b/roles/testnode/tasks/setup-centos.yml index a9c9965..03a467c 100644 --- a/roles/testnode/tasks/setup-centos.yml +++ b/roles/testnode/tasks/setup-centos.yml @@ -3,18 +3,4 @@ include: cloud-init.yml when: ansible_distribution_major_version == "6" -- name: Stop iptables - service: - name: iptables - state: stopped - enabled: no - when: ansible_distribution_major_version == "6" - -- name: Stop firewalld - service: - name: firewalld - state: stopped - enabled: no - when: ansible_distribution_major_version == "7" - - include: imitate_ubuntu.yml diff --git a/roles/testnode/tasks/setup-fedora.yml b/roles/testnode/tasks/setup-fedora.yml index 5663ca2..e393ddd 100644 --- a/roles/testnode/tasks/setup-fedora.yml +++ b/roles/testnode/tasks/setup-fedora.yml @@ -8,9 +8,3 @@ owner: root group: root mode: 0644 - -- name: Disable firewalld - service: - name: firewalld - state: stopped - enabled: no diff --git a/roles/testnode/tasks/yum/firewall.yml b/roles/testnode/tasks/yum/firewall.yml new file mode 100644 index 0000000..7835cae --- /dev/null +++ b/roles/testnode/tasks/yum/firewall.yml @@ -0,0 +1,18 @@ +--- +# There have been instances where iptables is installed on EL7 testnodes. +# This task will make sure both services are stopped and disabled regardless +# of OS version. + +- name: Stop and disable firewalld + service: + name: firewalld + state: stopped + enabled: no + ignore_errors: true + +- name: Stop and disable iptables + service: + name: iptables + state: stopped + enabled: no + ignore_errors: true diff --git a/roles/testnode/tasks/yum_systems.yml b/roles/testnode/tasks/yum_systems.yml index 5ca0d4e..ed02f5d 100644 --- a/roles/testnode/tasks/yum_systems.yml +++ b/roles/testnode/tasks/yum_systems.yml @@ -64,6 +64,9 @@ tags: - packages +- name: Disable firewall + include: yum/firewall.yml + - name: Enable SELinux selinux: state=permissive policy=targeted tags: -- 2.39.5