From a2241e9b0e1aeb6267003c884b91ab90ea77e396 Mon Sep 17 00:00:00 2001
From: Zack Cerza <zack@redhat.com>
Date: Wed, 15 Jul 2015 10:31:44 -0600
Subject: [PATCH] Manage the firewall on RHEL/CentOS 6/7

On EL7, poke holes for http and https. On EL6, just stop iptables.

Signed-off-by: Zack Cerza <zack@redhat.com>
---
 roles/cobbler/tasks/redhat/rhel_6.yml |  5 +++++
 roles/cobbler/tasks/redhat/rhel_7.yml | 11 +++++++++++
 roles/cobbler/tasks/setup-redhat.yml  |  8 ++++++++
 roles/cobbler/tasks/yum_systems.yml   |  4 ++++
 4 files changed, 28 insertions(+)
 create mode 100644 roles/cobbler/tasks/redhat/rhel_6.yml
 create mode 100644 roles/cobbler/tasks/redhat/rhel_7.yml
 create mode 100644 roles/cobbler/tasks/setup-redhat.yml

diff --git a/roles/cobbler/tasks/redhat/rhel_6.yml b/roles/cobbler/tasks/redhat/rhel_6.yml
new file mode 100644
index 00000000..a1820bd4
--- /dev/null
+++ b/roles/cobbler/tasks/redhat/rhel_6.yml
@@ -0,0 +1,5 @@
+---
+- name: Stop iptables
+  service:
+    name: iptables
+    state: stopped
diff --git a/roles/cobbler/tasks/redhat/rhel_7.yml b/roles/cobbler/tasks/redhat/rhel_7.yml
new file mode 100644
index 00000000..4552fe81
--- /dev/null
+++ b/roles/cobbler/tasks/redhat/rhel_7.yml
@@ -0,0 +1,11 @@
+---
+- name: Enable http and https using firewalld
+  firewalld:
+    service: "{{ item }}"
+    state: enabled
+    permanent: yes
+  with_items:
+    - http
+    - https
+  tags:
+    - firewall
diff --git a/roles/cobbler/tasks/setup-redhat.yml b/roles/cobbler/tasks/setup-redhat.yml
new file mode 100644
index 00000000..667e4cd1
--- /dev/null
+++ b/roles/cobbler/tasks/setup-redhat.yml
@@ -0,0 +1,8 @@
+---
+- name: Include rhel 7.x specific tasks.
+  include: redhat/rhel_7.yml
+  when: ansible_distribution_major_version == "7"
+
+- name: Include rhel 6.x specific tasks.
+  include: redhat/rhel_6.yml
+  when: ansible_distribution_major_version == "6"
diff --git a/roles/cobbler/tasks/yum_systems.yml b/roles/cobbler/tasks/yum_systems.yml
index 56c9473d..305d0e01 100644
--- a/roles/cobbler/tasks/yum_systems.yml
+++ b/roles/cobbler/tasks/yum_systems.yml
@@ -11,3 +11,7 @@
     state: latest
   with_items: cobbler_extra_packages
   when: cobbler_extra_packages|length > 0
+
+# configure red hat specific things
+- include: setup-redhat.yml
+  when: ansible_distribution in ('RedHat', 'CentOS')
-- 
2.47.3