From b847916c612963a8965949d3e5055a0db9819e7d Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Wed, 21 Mar 2018 12:38:01 +0100
Subject: [PATCH] Disable firewalld tasks

Disable firewall because python2 module is not avaible and the tasks
fail which makes the playbooks fail and leads to handlers not being run.

https://github.com/ansible/ansible/issues/24855

Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
 group_vars/all/firewall.yml       | 4 ++++
 roles/dbscripts/tasks/main.yml    | 2 ++
 roles/dovecot/tasks/main.yml      | 1 +
 roles/mariadb/tasks/main.yml      | 1 +
 roles/nginx/tasks/main.yml        | 1 +
 roles/postfix/tasks/main.yml      | 2 +-
 roles/postgres/tasks/main.yml     | 1 +
 roles/quassel/tasks/main.yml      | 1 +
 roles/sshd/tasks/main.yml         | 1 +
 roles/syncrepo/tasks/main.yml     | 1 +
 roles/zabbix-agent/tasks/main.yml | 1 +
 11 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 group_vars/all/firewall.yml

diff --git a/group_vars/all/firewall.yml b/group_vars/all/firewall.yml
new file mode 100644
index 00000000..d2cca546
--- /dev/null
+++ b/group_vars/all/firewall.yml
@@ -0,0 +1,4 @@
+---
+# disable firewall because python2 module is not avaible and the tasks fail
+# https://github.com/ansible/ansible/issues/24855
+configure_firewall: false
diff --git a/roles/dbscripts/tasks/main.yml b/roles/dbscripts/tasks/main.yml
index 6ecab6d4..a80e1b88 100644
--- a/roles/dbscripts/tasks/main.yml
+++ b/roles/dbscripts/tasks/main.yml
@@ -230,6 +230,7 @@
 
 - name: open firewall holes for rsync
   firewalld: service=rsyncd permanent=true state=enabled
+  when: configure_firewall
 
 - name: configure svnserve
   copy: dest=/etc/conf.d/svnserve content="SVNSERVE_ARGS=-R -r /srv/svn\n"
@@ -242,6 +243,7 @@
 
 - name: open firewall holes for svnserve
   firewalld: port=3690/tcp permanent=true state=enabled
+  when: configure_firewall
 
 - name: install systemd timers
   copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml
index 22bcdff2..dda33278 100644
--- a/roles/dovecot/tasks/main.yml
+++ b/roles/dovecot/tasks/main.yml
@@ -27,3 +27,4 @@
     - pop3s
     - imap
     - imaps
+  when: configure_firewall
diff --git a/roles/mariadb/tasks/main.yml b/roles/mariadb/tasks/main.yml
index c1309030..b6da3048 100644
--- a/roles/mariadb/tasks/main.yml
+++ b/roles/mariadb/tasks/main.yml
@@ -53,3 +53,4 @@
 - name: open firewall holes to other infrastructure hosts
   firewalld: service=mysql permanent=true state="{{'disabled' if mariadb_skip_networking else 'enabled'}}" source={{item}}
   with_items: "{{ groups['all'] }}"
+  when: configure_firewall
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 5bae7c6b..c24c7105 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -74,3 +74,4 @@
   with_items:
     - http
     - https
+  when: configure_firewall
diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml
index 46233ffd..dffb8b9e 100644
--- a/roles/postfix/tasks/main.yml
+++ b/roles/postfix/tasks/main.yml
@@ -76,4 +76,4 @@
   with_items:
     - smtp
     - smtp-submission
-  when: postfix_smtpd_public
+  when: postfix_smtpd_public and configure_firewall
diff --git a/roles/postgres/tasks/main.yml b/roles/postgres/tasks/main.yml
index 4ba63a19..726b485f 100644
--- a/roles/postgres/tasks/main.yml
+++ b/roles/postgres/tasks/main.yml
@@ -56,3 +56,4 @@
 - name: open firewall holes to known postgresql clients
   firewalld: service=postgresql permanent=true state=enabled source={{item}}
   with_items: "{{ postgres_ssl_hosts }}"
+  when: configure_firewall
diff --git a/roles/quassel/tasks/main.yml b/roles/quassel/tasks/main.yml
index 266d870d..d2a0f8df 100644
--- a/roles/quassel/tasks/main.yml
+++ b/roles/quassel/tasks/main.yml
@@ -71,3 +71,4 @@
 
 - name: open firewall holes
   firewalld: port=4242/tcp permanent=true state=enabled
+  when: configure_firewall
diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml
index 52fa118b..b97d6daa 100644
--- a/roles/sshd/tasks/main.yml
+++ b/roles/sshd/tasks/main.yml
@@ -22,3 +22,4 @@
 
 - name: open firewall holes
   firewalld: service=ssh permanent=true state=enabled
+  when: configure_firewall
diff --git a/roles/syncrepo/tasks/main.yml b/roles/syncrepo/tasks/main.yml
index 944d8a0a..02312b44 100644
--- a/roles/syncrepo/tasks/main.yml
+++ b/roles/syncrepo/tasks/main.yml
@@ -56,3 +56,4 @@
 
 - name: open firewall holes
   firewalld: service=rsyncd permanent=true state=enabled
+  when: configure_firewall
diff --git a/roles/zabbix-agent/tasks/main.yml b/roles/zabbix-agent/tasks/main.yml
index 93bf69f1..d70141d2 100644
--- a/roles/zabbix-agent/tasks/main.yml
+++ b/roles/zabbix-agent/tasks/main.yml
@@ -71,3 +71,4 @@
 
 - name: open firewall holes
   firewalld: service=zabbix-agent permanent=true state=enabled
+  when: configure_firewall