Merge pull request #3 from MartinVerges/master

pull from master

Author: ericsysmin

README.md

@@ -230,6 +230,30 @@ and routed updated.
       roles:
         - role: network
 
+9) This role can also optionally add network interfaces to firewalld zones. The
+core firewalld module (http://docs.ansible.com/ansible/latest/firewalld_module.html)
+can perform the same function, so if you make use of both modules then your
+playbooks may not be idempotent.  Consider this case, where only the firewalld
+module is used:
+
+  * network_interface role runs; with no firewalld_zone host var set then any
+    ZONE line will be removed from ifcfg-*
+  * firewalld module runs; adds a ZONE line to ifcfg-*
+  * On the next playbook run, the network_interface role runs and removes the
+    ZONE line again, and so the cycle repeats.
+
+In order for this role to manage firewalld zones, the system must be running a
+RHEL based distribution, and using NetworkManager to manage the network
+interfaces.  If those criteria are met, the following example shows how to add
+the eth0 interface to the public firewalld zone:
+
+       - device: eth0
+         bootproto: static
+         address: 192.168.10.18
+         netmask: 255.255.255.0
+         gateway: 192.168.10.1
+         firewalld_zone: public
+
 Note: Ansible needs network connectivity throughout the playbook process, you
 may need to have a control interface that you do *not* modify using this
 method while changeing IP Addresses so that Ansible has a stable connection

meta/main.yml

@@ -1,6 +1,6 @@
 ---
 galaxy_info:
-  author: "Benno Joy, Martin Verges"
+  author: "Benno Joy, Martin Verges, Luke Short"
   company: "AnsibleWorks, First Colo GmbH"
   license: "Simplified BSD License"
   min_ansible_version: 1.9

tasks/main.yml

@@ -58,6 +58,52 @@
 - include: restartscript.yml
   when: network_allow_service_restart and ansible_os_family == 'Debian'
 
-- name: Restart on RedHat Systems
-  service: name=network state=restarted
+- name: Checking if the "network" service is enabled
+  service: name=network enabled=yes
+  check_mode: yes
+  register: network_service
+  ignore_errors: true
+  when: network_allow_service_restart and ansible_os_family == 'RedHat'
+
+- set_fact:
+    network_service_enabled: "{{ not network_service.failed
+        and not network_service.changed }}"
   when: network_allow_service_restart and ansible_os_family == 'RedHat'
+
+- name: Checking if the "NetworkManager" service is enabled
+  service: name=NetworkManager enabled=yes
+  check_mode: yes
+  register: NetworkManager_service
+  ignore_errors: true
+  when: network_allow_service_restart and ansible_os_family == 'RedHat'
+
+- set_fact:
+    NetworkManager_service_enabled: "{{ not NetworkManager_service.failed
+        and not NetworkManager_service.changed }}"
+  when: network_allow_service_restart and ansible_os_family == 'RedHat'
+
+- name: Restart the "network" service on Red Hat systems
+  service: name=network state=restarted
+  when: >
+    (network_allow_service_restart
+     and ansible_os_family == 'RedHat'
+     and network_service_enabled)
+     and (ether_result | changed
+          or bond_port_result | changed
+          or bond_result | changed
+          or vlan_result | changed
+          or bridge_result | changed
+          or bridge_port_result | changed)
+
+- name: Restart the "NetworkManager" service on Red Hat systems
+  service: name=network state=restarted
+  when: >
+    (network_allow_service_restart
+    and ansible_os_family == 'RedHat'
+    and NetworkManager_service_enabled) and
+    (ether_result | changed or
+     bond_port_result | changed or
+     bond_result | changed or
+     vlan_result | changed or
+     bridge_result | changed or
+     bridge_port_result | changed)

tasks/redhat.yml

@@ -24,3 +24,11 @@
   template: src=route_{{ ansible_os_family }}.j2 dest={{ net_path }}/route-{{ item.device }}
   with_items: "{{ network_bridge_interfaces }}"
   when: network_bridge_interfaces is defined and item.route is defined
+
+- name: Cleanup gateway dev that does not set to the one we want
+  lineinfile: dest=/etc/sysconfig/network regexp="^GATEWAYDEV=(?!{{ gateway_dev }})" state=absent
+  when: gateway_dev is defined
+
+- name: Explicitly set gateway dev    
+  lineinfile: dest=/etc/sysconfig/network line="GATEWAYDEV={{ gateway_dev }}"
+  when: gateway_dev is defined

templates/Debian_resolvconf.j2

@@ -2,9 +2,9 @@
     dns-nameservers        {{ item.dns_nameservers|join(' ') }}
 {% endif %}
 {% if item.dns_search is defined %}
-    dns-search             {{ item.dns-search }}
+    dns-search             {{ item.dns_search }}
 {% endif %}
 {% if item.dns_domain is defined %}
-    dns-domain             {{ item.dns-domain }}
+    dns-domain             {{ item.dns_domain }}
 {% endif %}
 

templates/bond_RedHat.j2

@@ -16,6 +16,7 @@ GATEWAY={{ item.gateway }}
 {% endif %}
 {% include "RedHat_bond_options.j2" %}
 {% endif %}
+
 {% if item.dns_nameservers is defined %}
 {% for dns_nameserver in item.dns_nameservers %}
 DNS{{ loop.index }}={{ dns_nameserver }}
@@ -53,3 +54,7 @@ BONDING_MASTER={{ item.bonding_master }}
 {% if item.bridge is defined %}
 BRIDGE={{ item.bridge }}
 {% endif %}
+
+{% if item.firewalld_zone is defined %}
+ZONE={{ item.firewalld_zone }}
+{% endif %}

templates/bridge_RedHat.j2

@@ -67,3 +67,7 @@ DEFROUTE={{ item.defroute | bool | ternary("yes", "no") }}
 {% if item.mtu is defined %}
 MTU={{ item.mtu }}
 {% endif %}
+
+{% if item.firewalld_zone is defined %}
+ZONE={{ item.firewalld_zone }}
+{% endif %}

templates/ethernet_RedHat.j2

@@ -62,3 +62,7 @@ DEFROUTE={{ item.defroute | bool | ternary("yes", "no") }}
 {% if item.mtu is defined %}
 MTU={{ item.mtu }}
 {% endif %}
+
+{% if item.firewalld_zone is defined %}
+ZONE={{ item.firewalld_zone }}
+{% endif %}