Disable firewalld tasks

Disable firewall because python2 module is not avaible and the tasks fail which makes the playbooks fail and leads to handlers not being run. https://github.com/ansible/ansible/issues/24855 Signed-off-by: Florian Pritz <bluewind@xinu.at>

Disable firewalld tasks
Disable firewall because python2 module is not avaible and the tasks fail which makes the playbooks fail and leads to handlers not being run. https://github.com/ansible/ansible/issues/24855 Signed-off-by: Florian Pritz <bluewind@xinu.at>
b847916c · Florian Pritz · a960e513 · b847916c · b847916c · b847916c
Verified Commit b847916c authored Mar 21, 2018 by Florian Pritz
--- a/group_vars/all/firewall.yml
+++ b/group_vars/all/firewall.yml
+---
+# disable firewall because python2 module is not avaible and the tasks fail
+# https://github.com/ansible/ansible/issues/24855
+configure_firewall: false
--- a/roles/dbscripts/tasks/main.yml
+++ b/roles/dbscripts/tasks/main.yml
@@ -230,6 +230,7 @@

 - name: open firewall holes for rsync
  firewalld: service=rsyncd permanent=true state=enabled
+  when: configure_firewall

 - name: configure svnserve
  copy: dest=/etc/conf.d/svnserve content="SVNSERVE_ARGS=-R -r /srv/svn\n"
@@ -242,6 +243,7 @@

 - name: open firewall holes for svnserve
  firewalld: port=3690/tcp permanent=true state=enabled
+  when: configure_firewall

 - name: install systemd timers
  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644

--- a/roles/dovecot/tasks/main.yml
+++ b/roles/dovecot/tasks/main.yml
@@ -27,3 +27,4 @@
    - pop3s
    - imap
    - imaps
+  when: configure_firewall
--- a/roles/mariadb/tasks/main.yml
+++ b/roles/mariadb/tasks/main.yml
@@ -53,3 +53,4 @@
 - name: open firewall holes to other infrastructure hosts
  firewalld: service=mysql permanent=true state="{{'disabled' if mariadb_skip_networking else 'enabled'}}" source={{item}}
  with_items: "{{ groups['all'] }}"
+  when: configure_firewall
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -74,3 +74,4 @@
  with_items:
    - http
    - https
+  when: configure_firewall
--- a/roles/postfix/tasks/main.yml
+++ b/roles/postfix/tasks/main.yml
@@ -76,4 +76,4 @@
  with_items:
    - smtp
    - smtp-submission
-  when: postfix_smtpd_public
+  when: postfix_smtpd_public and configure_firewall
--- a/roles/postgres/tasks/main.yml
+++ b/roles/postgres/tasks/main.yml
@@ -56,3 +56,4 @@
 - name: open firewall holes to known postgresql clients
  firewalld: service=postgresql permanent=true state=enabled source={{item}}
  with_items: "{{ postgres_ssl_hosts }}"
+  when: configure_firewall
--- a/roles/quassel/tasks/main.yml
+++ b/roles/quassel/tasks/main.yml
@@ -71,3 +71,4 @@

 - name: open firewall holes
  firewalld: port=4242/tcp permanent=true state=enabled
+  when: configure_firewall
--- a/roles/sshd/tasks/main.yml
+++ b/roles/sshd/tasks/main.yml
@@ -22,3 +22,4 @@

 - name: open firewall holes
  firewalld: service=ssh permanent=true state=enabled
+  when: configure_firewall
--- a/roles/syncrepo/tasks/main.yml
+++ b/roles/syncrepo/tasks/main.yml
@@ -56,3 +56,4 @@

 - name: open firewall holes
  firewalld: service=rsyncd permanent=true state=enabled
+  when: configure_firewall
--- a/roles/zabbix-agent/tasks/main.yml
+++ b/roles/zabbix-agent/tasks/main.yml
@@ -71,3 +71,4 @@

 - name: open firewall holes
  firewalld: service=zabbix-agent permanent=true state=enabled
+  when: configure_firewall