internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-05-08 14:23:11 +00:00
Code Issues Projects Releases Wiki Activity

Install and enable firewalld if it is configured for ipaserver role

Browse Source 
ipaserver role by default tries to configure firewalld but it didn't
check if firewalld related packages were installed.

Similar to DNS and trust to AD features, install firewalld-related
packages before trying to configure firewalld.

Additionally, enable and start firewalld.service because otherwise
firewall-cmd cannot communicate with firewalld itself (it is not
starting on demand).

If and administrator considers not to use firewalld, a default for
ipaserver_setup_firewalld variable has to be set to 'no'.

Fixes: https://github.com/freeipa/ansible-freeipa/issues/116
This commit is contained in:
Alexander Bokovoy
2019-12-09 18:27:12 +02:00
parent bf1e53cb70
commit 2136c73409
12 changed files with 30 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
roles/ipaserver/tasks/install.yml
View File

@@ -19,6 +19,19 @@
state: present
when: ipaserver_setup_adtrust | bool
- name: Install - Ensure that firewall packages installed
package:
name: "{{ ipaserver_packages_firewalld }}"
state: present
when: ipaserver_setup_firewalld | bool
- name: Firewalld service - Ensure that firewalld is running
systemd:
name: firewalld
enabled: yes
state: started
when: ipaserver_setup_firewalld | bool
when: ipaserver_install_packages | bool
#- name: Install - Include Python2/3 import test

3
roles/ipaserver/vars/CentOS-7.yml
View File

@@ -2,4 +2,5 @@
# vars/rhel.yml
ipaserver_packages: [ "ipa-server", "libselinux-python" ]
ipaserver_packages_dns: [ "ipa-server-dns" ]
ipaserver_packages_adtrust: [ "ipa-server-trust-ad" ]
ipaserver_packages_adtrust: [ "ipa-server-trust-ad" ]
ipaserver_packages_firewalld: [ "firewalld" ]

3
roles/ipaserver/vars/Fedora-25.yml
View File

@@ -1,3 +1,4 @@
ipaserver_packages: [ "ipa-server", "libselinux-python" ]
ipaserver_packages_dns: [ "ipa-server-dns" ]
ipaserver_packages_adtrust: [ "ipa-server-trust-ad" ]
ipaserver_packages_adtrust: [ "ipa-server-trust-ad" ]
ipaserver_packages_firewalld: [ "firewalld" ]

3
roles/ipaserver/vars/Fedora-26.yml
View File

@@ -1,3 +1,4 @@
ipaserver_packages: [ "ipa-server", "libselinux-python" ]
ipaserver_packages_dns: [ "ipa-server-dns" ]
ipaserver_packages_adtrust: [ "ipa-server-trust-ad" ]
ipaserver_packages_adtrust: [ "ipa-server-trust-ad" ]
ipaserver_packages_firewalld: [ "firewalld" ]

1
roles/ipaserver/vars/Fedora-27.yml
View File

@@ -1,3 +1,4 @@
ipaserver_packages: [ "ipa-server", "libselinux-python" ]
ipaserver_packages_dns: [ "ipa-server-dns" ]
ipaserver_packages_adtrust: [ "ipa-server-trust-ad" ]
ipaserver_packages_firewalld: [ "firewalld" ]

3
roles/ipaserver/vars/Fedora.yml
View File

@@ -1,3 +1,4 @@
ipaserver_packages: [ "freeipa-server", "python3-libselinux" ]
ipaserver_packages_dns: [ "freeipa-server-dns" ]
ipaserver_packages_adtrust: [ "freeipa-server-trust-ad" ]
ipaserver_packages_adtrust: [ "freeipa-server-trust-ad" ]
ipaserver_packages_firewalld: [ "firewalld" ]

3
roles/ipaserver/vars/RedHat-7.3.yml
View File

@@ -2,4 +2,5 @@
# vars/rhel.yml
ipaserver_packages: [ "ipa-server", "libselinux-python" ]
ipaserver_packages_dns: [ "ipa-server-dns" ]
ipaserver_packages_adtrust: [ "ipa-server-trust-ad" ]
ipaserver_packages_adtrust: [ "ipa-server-trust-ad" ]
ipaserver_packages_firewalld: [ "firewalld" ]

3
roles/ipaserver/vars/RedHat-7.yml
View File

@@ -2,4 +2,5 @@
# vars/rhel.yml
ipaserver_packages: [ "ipa-server", "libselinux-python" ]
ipaserver_packages_dns: [ "ipa-server-dns" ]
ipaserver_packages_adtrust: [ "ipa-server-trust-ad" ]
ipaserver_packages_adtrust: [ "ipa-server-trust-ad" ]
ipaserver_packages_firewalld: [ "firewalld" ]

1
roles/ipaserver/vars/RedHat-8.yml
View File

@@ -3,3 +3,4 @@
ipaserver_packages: [ "@idm:DL1/server" ]
ipaserver_packages_dns: [ "@idm:DL1/dns" ]
ipaserver_packages_adtrust: [ "@idm:DL1/adtrust" ]
ipaserver_packages_firewalld: [ "firewalld" ]

1
roles/ipaserver/vars/Ubuntu.yml
View File

@@ -2,3 +2,4 @@
ipaserver_packages: [ "freeipa-server" ]
ipaserver_packages_dns: [ "freeipa-server-dns" ]
ipaserver_packages_adtrust: [ "freeipa-server-trust-ad" ]
ipaserver_packages_firewalld: [ "firewalld" ]

1
roles/ipaserver/vars/default.yml
View File

@@ -3,3 +3,4 @@
ipaserver_packages: [ "ipa-server", "python3-libselinux" ]
ipaserver_packages_dns: [ "ipa-server-dns" ]
ipaserver_packages_adtrust: [ "freeipa-server-trust-ad" ]
ipaserver_packages_firewalld: [ "firewalld" ]