From cb192cf781b1d47eac49e6ba39a972eccc65c2d5 Mon Sep 17 00:00:00 2001
From: Christian Schwede <cschwede@redhat.com>
Date: Mon, 17 Nov 2025 11:19:01 +0100
Subject: [PATCH] [libvirt_manager] Fix firewalld config change in cleanup task

Disabling masquerade (or performing any other firewalld change) will
fail if firewalld is not yet started when running the cleanup job. This
patch ensures firewalld is enabled and started before.

Signed-off-by: Christian Schwede <cschwede@redhat.com>
---
 roles/libvirt_manager/tasks/clean_layout.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/roles/libvirt_manager/tasks/clean_layout.yml b/roles/libvirt_manager/tasks/clean_layout.yml
index 11d22bceff..cad572ae41 100644
--- a/roles/libvirt_manager/tasks/clean_layout.yml
+++ b/roles/libvirt_manager/tasks/clean_layout.yml
@@ -191,6 +191,13 @@
         immediate: true
       loop: "{{ cleanup_nets }}"
 
+    - name: Ensure firewalld is enabled and started
+      become: true
+      ansible.builtin.systemd_service:
+        name: firewalld
+        enabled: true
+        state: started
+
     - name: Disable masquerade in firewalld default zone
       become: true
       ansible.posix.firewalld: