fix: manage firewall on qnetd hosts

linux-system-roles · Dec 1, 2023 · 4172401 · 4172401
1 parent c67ab25
commit 4172401
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 6 deletions.
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -35,6 +35,15 @@
 - name: Configure pcs / pcsd
   include_tasks: shell_{{ ha_cluster_pacemaker_shell }}/pcs-configure-pcs-pcsd.yml  # yamllint disable-line rule:line-length
 
+- name: Configure firewall and selinux
+  when: ha_cluster_cluster_present | bool or ha_cluster_qnetd.present | d(false)
+  block:
+    - name: Configure firewall
+      include_tasks: firewall.yml
+
+    - name: Configure selinux
+      include_tasks: selinux.yml
+
 - name: Install and configure HA cluster
   when: ha_cluster_cluster_present | bool
   block:
@@ -54,12 +63,6 @@
         use: "{{ (__ha_cluster_is_ostree | d(false)) |
                  ternary('ansible.posix.rhel_rpm_ostree', omit) }}"
 
-    - name: Configure firewall
-      include_tasks: firewall.yml
-
-    - name: Configure selinux
-      include_tasks: selinux.yml
-
     - name: Distribute fence-virt authkey
       include_tasks: distribute-fence-virt-key.yml
       when:

diff --git a/tests/tests_qnetd.yml b/tests/tests_qnetd.yml
@@ -7,6 +7,8 @@
     ha_cluster_cluster_present: false
     ha_cluster_qnetd:
       present: true
+    ha_cluster_manage_firewall: true
+    ha_cluster_manage_selinux: true
   tasks:
     - name: Run test
       tags: tests::verify
@@ -35,3 +37,6 @@
                 == "enabled"
               - ansible_facts.services["corosync-qnetd.service"].state
                  == "running"
+
+        - name: Check firewall and selinux state
+          include_tasks: tasks/check_firewall_selinux.yml