Disable firewall service

This is to keep setup workign in case of reboot. Change-Id: I6f741daa5e52ba71f67cfd15333e42fda8d29a50 Closes-Bug: #1766035
Juniper · Apr 28, 2018 · 73ce1de · 73ce1de
1 parent 7356e32
commit 73ce1de
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 0 deletions.
diff --git a/host_configuration/playbooks/roles/configure_container_hosts/tasks/install_software.yml b/host_configuration/playbooks/roles/configure_container_hosts/tasks/install_software.yml
@@ -113,5 +113,25 @@
 - name: sysctl -w net.bridge.bridge-nf-call-ip6tables=1
   shell: sysctl -w net.bridge.bridge-nf-call-ip6tables=1 && echo "net.bridge.bridge-nf-call-ip6tables=1" >> /etc/sysctl.conf
 
+- name: set firewall service name
+  set_fact:
+    firewall_svc_name: "{{ 'ufw' if ansible_os_family == 'Debian' else 'firewalld' }}"
+
+- name: stop and disable firewall service
+  service:
+    name: "{{ firewall_svc_name }}"
+    state: stopped
+    enabled: no
+  ignore_errors: yes
+
 - name: flush iptables
   shell: iptables -F
+  ignore_errors: yes
+
+- name: accept input
+  shell: iptables -P INPUT ACCEPT
+  ignore_errors: yes
+
+- name: accept forward
+  shell: iptables -P FORWARD ACCEPT
+  ignore_errors: yes
diff --git a/playbooks/roles/configure_instances/tasks/install_software.yml b/playbooks/roles/configure_instances/tasks/install_software.yml
@@ -143,5 +143,25 @@
     value: 5
     sysctl_set: yes
 
+- name: set firewall service name
+  set_fact:
+    firewall_svc_name: "{{ 'ufw' if ansible_os_family == 'Debian' else 'firewalld' }}"
+
+- name: stop and disable firewall service
+  service:
+    name: "{{ firewall_svc_name }}"
+    state: stopped
+    enabled: no
+  ignore_errors: yes
+
 - name: flush iptables
   shell: iptables -F
+  ignore_errors: yes
+
+- name: accept input
+  shell: iptables -P INPUT ACCEPT
+  ignore_errors: yes
+
+- name: accept forward
+  shell: iptables -P FORWARD ACCEPT
+  ignore_errors: yes