Make firewalld operations idempotent (#173)

* Use firewalld module instead of command module * Reload firewalld with systemd module * Convert firewalld reload to a handler * Explicit firewalld reload is not needed With immediate:true in ansible.posix.firewalld we don't need reload. Thanks @codyro * Add requirements.yml
2023-10-05 05:03:31 +05:30 · 2023-10-05 05:03:31 +05:30 · d7be6c3829
parent 6d610c9ee4
commit d7be6c3829
2 changed files with 14 additions and 10 deletions
--- a/lemmy-almalinux.yml
+++ b/lemmy-almalinux.yml
@ -44,6 +44,11 @@
      ansible.builtin.systemd:
        name: nginx
        state: reloaded
+
+    - name: Reload firewalld
+      ansible.builtin.systemd:
+        name: firewalld
+        state: reloaded
  vars:
    lemmy_port: "{{ 32767 | random(start=1024) }}"
  tasks:
@ -98,21 +103,17 @@
      tags:
        - firewalld

-    # TODO: Use ansible.posix.firewalld
    - name: Allow http/httpd traffic to public zone in firewalld
-      ansible.builtin.command: "firewall-cmd --zone=public --add-service={{ item }} --perm"
+      ansible.posix.firewalld:
+        service: "{{ item }}"
+        state: enabled
+        zone: public
+        permanent: true
+        immediate: true
      loop:
        - http
        - https
      when: "'firewalld.service' in ansible_facts.services and ansible_facts.services['firewalld.service'].state == 'running'"
-      changed_when: true
-      tags:
-        - firewalld
-
-    - name: Reload firewalld
-      ansible.builtin.command: firewall-cmd --reload
-      when: "'firewalld.service' in ansible_facts.services and ansible_facts.services['firewalld.service'].state == 'running'"
-      changed_when: true
      tags:
        - firewalld

--- a/requirements.yml
+++ b/requirements.yml
@ -0,0 +1,3 @@
+---
+collections:
+  - name: ansible.posix