Hi again,
another issue with firewalld:
To get ansible's firewalld module working, firewalld has to be
started. When I am using a ssh port different from the standard,
firewalld gets started and the rest of the play fails, as no ssh
connection can be established, as the non-standard-port is closed by
firewalld.
So, before starting firewalld I have to add my non-standard-port to
the public.xml file, so the host can be reached after starting firewalld.
My idea was to check if firewalld is running, so it has been installed
before. That means ansible just has to make sure the configuration is
up to date, but firewalld has been provisioned some time ago.
If it's not running, I guess it has just been installed and I have to
adapt the config to ensure connectivity.
This works:
- name: "check if firewalld is running "
shell: systemctl is-active firewalld
register: firewalld_already running
always_run: true
changed_when: false
failed_when: "'unknown' in firewalld_already_running.stdout"
(The systemctl command gives active or inactive, if the service is
known. If it is unkown, i.e. firewalld is not installed, it gives unknown)
I said this works, but it only works in real-life-mode, not in
ansible's check mode (--check). Because we're in check mode, firewalld
has not been installed, even if it is not installed already. Thus the
systemctl command gives "unknown".
Using the ansible_check_mode variable works in my 2.0.x (in other
plays), even if it should only work in 2.1 up.
But in this case, this fails:
...
failed_when: "'unknown' in firewalld_already_running.stdout and
ansible_check_mode is undefined"
Is my syntax wrong? Would this work in 2.1?
Or is there any other solution?
Thanks
Johannes