diff --git a/README.md b/README.md index 5efbd088..f0c995f0 100644 --- a/README.md +++ b/README.md @@ -155,6 +155,7 @@ ipaserver_install_packages=no ipaserver_setup_firewalld=no ``` The installation of packages and also the configuration of the firewall are by default enabled. +Note that it is not enough to mask systemd firewalld service to skip the firewalld configuration. You need to set the variable to `no`. For more server settings, please have a look at the [server role documentation](roles/ipaserver/README.md). diff --git a/roles/ipaserver/tasks/install.yml b/roles/ipaserver/tasks/install.yml index 268f5d36..85df9a7d 100644 --- a/roles/ipaserver/tasks/install.yml +++ b/roles/ipaserver/tasks/install.yml @@ -19,6 +19,19 @@ state: present when: ipaserver_setup_adtrust | bool + - name: Install - Ensure that firewall packages installed + package: + name: "{{ ipaserver_packages_firewalld }}" + state: present + when: ipaserver_setup_firewalld | bool + + - name: Firewalld service - Ensure that firewalld is running + systemd: + name: firewalld + enabled: yes + state: started + when: ipaserver_setup_firewalld | bool + when: ipaserver_install_packages | bool #- name: Install - Include Python2/3 import test diff --git a/roles/ipaserver/vars/CentOS-7.yml b/roles/ipaserver/vars/CentOS-7.yml index 079b719c..11863757 100644 --- a/roles/ipaserver/vars/CentOS-7.yml +++ b/roles/ipaserver/vars/CentOS-7.yml @@ -2,4 +2,5 @@ # vars/rhel.yml ipaserver_packages: [ "ipa-server", "libselinux-python" ] ipaserver_packages_dns: [ "ipa-server-dns" ] -ipaserver_packages_adtrust: [ "ipa-server-trust-ad" ] \ No newline at end of file +ipaserver_packages_adtrust: [ "ipa-server-trust-ad" ] +ipaserver_packages_firewalld: [ "firewalld" ] \ No newline at end of file diff --git a/roles/ipaserver/vars/Fedora-25.yml b/roles/ipaserver/vars/Fedora-25.yml index d97afb19..374056c0 100644 --- a/roles/ipaserver/vars/Fedora-25.yml +++ b/roles/ipaserver/vars/Fedora-25.yml @@ -1,3 +1,4 @@ ipaserver_packages: [ "ipa-server", "libselinux-python" ] ipaserver_packages_dns: [ "ipa-server-dns" ] -ipaserver_packages_adtrust: [ "ipa-server-trust-ad" ] \ No newline at end of file +ipaserver_packages_adtrust: [ "ipa-server-trust-ad" ] +ipaserver_packages_firewalld: [ "firewalld" ] \ No newline at end of file diff --git a/roles/ipaserver/vars/Fedora-26.yml b/roles/ipaserver/vars/Fedora-26.yml index d97afb19..374056c0 100644 --- a/roles/ipaserver/vars/Fedora-26.yml +++ b/roles/ipaserver/vars/Fedora-26.yml @@ -1,3 +1,4 @@ ipaserver_packages: [ "ipa-server", "libselinux-python" ] ipaserver_packages_dns: [ "ipa-server-dns" ] -ipaserver_packages_adtrust: [ "ipa-server-trust-ad" ] \ No newline at end of file +ipaserver_packages_adtrust: [ "ipa-server-trust-ad" ] +ipaserver_packages_firewalld: [ "firewalld" ] \ No newline at end of file diff --git a/roles/ipaserver/vars/Fedora-27.yml b/roles/ipaserver/vars/Fedora-27.yml index fa21e34c..b8bfb577 100644 --- a/roles/ipaserver/vars/Fedora-27.yml +++ b/roles/ipaserver/vars/Fedora-27.yml @@ -1,3 +1,4 @@ ipaserver_packages: [ "ipa-server", "libselinux-python" ] ipaserver_packages_dns: [ "ipa-server-dns" ] ipaserver_packages_adtrust: [ "ipa-server-trust-ad" ] +ipaserver_packages_firewalld: [ "firewalld" ] diff --git a/roles/ipaserver/vars/Fedora.yml b/roles/ipaserver/vars/Fedora.yml index 9db4446a..55a38382 100644 --- a/roles/ipaserver/vars/Fedora.yml +++ b/roles/ipaserver/vars/Fedora.yml @@ -1,3 +1,4 @@ ipaserver_packages: [ "freeipa-server", "python3-libselinux" ] ipaserver_packages_dns: [ "freeipa-server-dns" ] -ipaserver_packages_adtrust: [ "freeipa-server-trust-ad" ] \ No newline at end of file +ipaserver_packages_adtrust: [ "freeipa-server-trust-ad" ] +ipaserver_packages_firewalld: [ "firewalld" ] \ No newline at end of file diff --git a/roles/ipaserver/vars/RedHat-7.3.yml b/roles/ipaserver/vars/RedHat-7.3.yml index 079b719c..11863757 100644 --- a/roles/ipaserver/vars/RedHat-7.3.yml +++ b/roles/ipaserver/vars/RedHat-7.3.yml @@ -2,4 +2,5 @@ # vars/rhel.yml ipaserver_packages: [ "ipa-server", "libselinux-python" ] ipaserver_packages_dns: [ "ipa-server-dns" ] -ipaserver_packages_adtrust: [ "ipa-server-trust-ad" ] \ No newline at end of file +ipaserver_packages_adtrust: [ "ipa-server-trust-ad" ] +ipaserver_packages_firewalld: [ "firewalld" ] \ No newline at end of file diff --git a/roles/ipaserver/vars/RedHat-7.yml b/roles/ipaserver/vars/RedHat-7.yml index 079b719c..11863757 100644 --- a/roles/ipaserver/vars/RedHat-7.yml +++ b/roles/ipaserver/vars/RedHat-7.yml @@ -2,4 +2,5 @@ # vars/rhel.yml ipaserver_packages: [ "ipa-server", "libselinux-python" ] ipaserver_packages_dns: [ "ipa-server-dns" ] -ipaserver_packages_adtrust: [ "ipa-server-trust-ad" ] \ No newline at end of file +ipaserver_packages_adtrust: [ "ipa-server-trust-ad" ] +ipaserver_packages_firewalld: [ "firewalld" ] \ No newline at end of file diff --git a/roles/ipaserver/vars/RedHat-8.yml b/roles/ipaserver/vars/RedHat-8.yml index 5b9caac1..7f5ae464 100644 --- a/roles/ipaserver/vars/RedHat-8.yml +++ b/roles/ipaserver/vars/RedHat-8.yml @@ -3,3 +3,4 @@ ipaserver_packages: [ "@idm:DL1/server" ] ipaserver_packages_dns: [ "@idm:DL1/dns" ] ipaserver_packages_adtrust: [ "@idm:DL1/adtrust" ] +ipaserver_packages_firewalld: [ "firewalld" ] diff --git a/roles/ipaserver/vars/Ubuntu.yml b/roles/ipaserver/vars/Ubuntu.yml index b3944a92..d0e01ea8 100644 --- a/roles/ipaserver/vars/Ubuntu.yml +++ b/roles/ipaserver/vars/Ubuntu.yml @@ -2,3 +2,4 @@ ipaserver_packages: [ "freeipa-server" ] ipaserver_packages_dns: [ "freeipa-server-dns" ] ipaserver_packages_adtrust: [ "freeipa-server-trust-ad" ] +ipaserver_packages_firewalld: [ "firewalld" ] diff --git a/roles/ipaserver/vars/default.yml b/roles/ipaserver/vars/default.yml index eb5c4894..9f6d58a4 100644 --- a/roles/ipaserver/vars/default.yml +++ b/roles/ipaserver/vars/default.yml @@ -3,3 +3,4 @@ ipaserver_packages: [ "ipa-server", "python3-libselinux" ] ipaserver_packages_dns: [ "ipa-server-dns" ] ipaserver_packages_adtrust: [ "freeipa-server-trust-ad" ] +ipaserver_packages_firewalld: [ "firewalld" ]