make all firewalld changes take effect immediately

1258e6b7 · Phillip Smith (fukawi2) · 153ad794 · 1258e6b7 · 1258e6b7 · 1258e6b7
Commit 1258e6b7 authored 6 years ago by Phillip Smith (fukawi2)
--- a/playbooks/apollo.yml
+++ b/playbooks/apollo.yml
@@ -49,4 +49,4 @@
    - { role: archwiki, tags: ["archwiki"] }
  tasks:
    - name: open firewall hole for hefurd
-      firewalld: port=6969/tcp permanent=true state=enabled
+      firewalld: port=6969/tcp permanent=true state=enabled immediate=yes
--- a/roles/dbscripts/tasks/main.yml
+++ b/roles/dbscripts/tasks/main.yml
@@ -225,7 +225,7 @@
  service: name=rsyncd.socket enabled=yes state=started

 - name: open firewall holes for rsync
-  firewalld: service=rsyncd permanent=true state=enabled
+  firewalld: service=rsyncd permanent=true state=enabled immediate=yes
  when: configure_firewall

 - name: configure svnserve
@@ -235,7 +235,7 @@
  service: name=svnserve enabled=yes state=started

 - name: open firewall holes for svnserve
-  firewalld: port=3690/tcp permanent=true state=enabled
+  firewalld: port=3690/tcp permanent=true state=enabled immediate=yes
  when: configure_firewall

 - name: install systemd timers

--- a/roles/dovecot/tasks/main.yml
+++ b/roles/dovecot/tasks/main.yml
@@ -18,7 +18,7 @@
  service: name=dovecot enabled=yes state=started

 - name: open firewall holes
-  firewalld: service={{item}} permanent=true state=enabled
+  firewalld: service={{item}} permanent=true state=enabled immediate=yes
  with_items:
    - pop3
    - pop3s

--- a/roles/mariadb/tasks/main.yml
+++ b/roles/mariadb/tasks/main.yml
@@ -48,6 +48,6 @@
  # the source addresses here could be tightened up more, but it's far better
  # than having mariadb open to the world
 - name: open firewall holes to other infrastructure hosts
-  firewalld: service=mysql permanent=true state="{{'disabled' if mariadb_skip_networking else 'enabled'}}" source={{item}}
+  firewalld: service=mysql permanent=true state="{{'disabled' if mariadb_skip_networking else 'enabled'}}" source={{item}} immediate=yes
  with_items: "{{ groups['all'] }}"
  when: configure_firewall
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -67,7 +67,7 @@
  service: name=nginx enabled=yes

 - name: open firewall holes
-  firewalld: service={{item}} permanent=true state=enabled
+  firewalld: service={{item}} permanent=true state=enabled immediate=yes
  with_items:
    - http
    - https

--- a/roles/oidentd/tasks/main.yml
+++ b/roles/oidentd/tasks/main.yml
@@ -12,5 +12,5 @@
    - oidentd.socket

 - name: open firewall holes
-  firewalld: port=113/tcp permanent=true state=enabled
+  firewalld: port=113/tcp permanent=true state=enabled immediate=yes
  when: configure_firewall
--- a/roles/postfix/tasks/main.yml
+++ b/roles/postfix/tasks/main.yml
@@ -86,7 +86,7 @@
    - compat_maps.db

 - name: open firewall holes
-  firewalld: service={{item}} permanent=true state=enabled
+  firewalld: service={{item}} permanent=true state=enabled immediate=yes
  with_items:
    - smtp
    - smtp-submission

--- a/roles/postgres/tasks/main.yml
+++ b/roles/postgres/tasks/main.yml
@@ -51,6 +51,6 @@
  when: postgres_ssl == 'on'

 - name: open firewall holes to known postgresql clients
-  firewalld: service=postgresql permanent=true state=enabled source={{item}}
+  firewalld: service=postgresql permanent=true state=enabled source={{item}} immediate=yes
  with_items: "{{ postgres_ssl_hosts }}"
  when: configure_firewall
--- a/roles/quassel/tasks/main.yml
+++ b/roles/quassel/tasks/main.yml
@@ -63,5 +63,5 @@
    - clean-quassel.timer

 - name: open firewall holes
-  firewalld: port=4242/tcp permanent=true state=enabled
+  firewalld: port=4242/tcp permanent=true state=enabled immediate=yes
  when: configure_firewall
--- a/roles/sshd/tasks/main.yml
+++ b/roles/sshd/tasks/main.yml
@@ -18,5 +18,5 @@
  service: name=sshd enabled=yes state=started

 - name: open firewall holes
-  firewalld: service=ssh permanent=true state=enabled
+  firewalld: service=ssh permanent=true state=enabled immediate=yes
  when: configure_firewall
--- a/roles/syncrepo/tasks/main.yml
+++ b/roles/syncrepo/tasks/main.yml
@@ -45,5 +45,5 @@
  tags: ['nginx']

 - name: open firewall holes
-  firewalld: service=rsyncd permanent=true state=enabled
+  firewalld: service=rsyncd permanent=true state=enabled immediate=yes
  when: configure_firewall
--- a/roles/zabbix-agent/tasks/main.yml
+++ b/roles/zabbix-agent/tasks/main.yml
@@ -63,5 +63,5 @@
  service: name=zabbix-agent enabled=yes state=started

 - name: open firewall holes
-  firewalld: service=zabbix-agent permanent=true state=enabled
+  firewalld: service=zabbix-agent permanent=true state=enabled immediate=yes
  when: configure_firewall