Merge "Use 'package_facts' module in firewall role"
diff --git a/ansible/infrastructure.yml b/ansible/infrastructure.yml
index 89d63e8..7d75dc7 100644
--- a/ansible/infrastructure.yml
+++ b/ansible/infrastructure.yml
@@ -4,8 +4,6 @@
roles:
- package-repository
- role: firewall
- vars:
- state: disable
- name: Setup infrastructure servers
hosts: infrastructure
diff --git a/ansible/roles/firewall/defaults/main.yml b/ansible/roles/firewall/defaults/main.yml
new file mode 100644
index 0000000..7cc9ae9
--- /dev/null
+++ b/ansible/roles/firewall/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+firewall:
+ state: disable
+ package_name:
+ RedHat: 'firewalld'
+ Debian: 'ufw'
diff --git a/ansible/roles/firewall/tasks/firewall-disable.yml b/ansible/roles/firewall/tasks/firewall-disable.yml
index 9a8a2c1..f406d94 100644
--- a/ansible/roles/firewall/tasks/firewall-disable.yml
+++ b/ansible/roles/firewall/tasks/firewall-disable.yml
@@ -1,16 +1,14 @@
---
-- name: Check if firewalld is installed
- yum:
- list: firewalld
- disablerepo: "*"
- register: firewalld_check
+- name: Get installed packages list
+ package_facts:
+ manager: "auto"
-- name: Stop and disable firewalld if exists
+- name: Stop and disable default OS firewall if exists
service:
- name: firewalld
+ name: "{{ firewall.package_name[ansible_facts.os_family] }}"
state: stopped
enabled: no
- when: firewalld_check.results|selectattr('yumstate', 'match', 'installed')|list|length != 0
+ when: firewall.package_name[ansible_facts.os_family] in ansible_facts.packages
- name: Flush iptables
iptables:
diff --git a/ansible/roles/firewall/tasks/main.yml b/ansible/roles/firewall/tasks/main.yml
index f7bb7c7..29ea195 100644
--- a/ansible/roles/firewall/tasks/main.yml
+++ b/ansible/roles/firewall/tasks/main.yml
@@ -1,2 +1,2 @@
---
-- include_tasks: "firewall-{{ state }}.yml"
+- include_tasks: "firewall-{{ firewall.state }}.yml"