From b3d9f2b4a2e035011257d8e7975310c4a772e447 Mon Sep 17 00:00:00 2001
From: Kenichi Omichi <ken1ohmichi@gmail.com>
Date: Tue, 18 May 2021 06:45:30 -0700
Subject: [PATCH] Add contrib playbook to disable service firewall (#7431)

Basically we need to make necessary TCP/UDP ports open.
However the necessary ports are so many, and sometimes it is difficult
to figure out that is due to firewall issues or not if facing deployment
issues.
To distinguish a root problem on such situation, this adds contrib
playbook to disable the service firewall for Kubespray development
and test.
---
 contrib/os-services/os-services.yml           |  4 ++++
 .../roles/prepare/defaults/main.yml           |  2 ++
 .../os-services/roles/prepare/tasks/main.yml  | 23 +++++++++++++++++++
 3 files changed, 29 insertions(+)
 create mode 100644 contrib/os-services/os-services.yml
 create mode 100644 contrib/os-services/roles/prepare/defaults/main.yml
 create mode 100644 contrib/os-services/roles/prepare/tasks/main.yml

diff --git a/contrib/os-services/os-services.yml b/contrib/os-services/os-services.yml
new file mode 100644
index 000000000..34c9d8c4b
--- /dev/null
+++ b/contrib/os-services/os-services.yml
@@ -0,0 +1,4 @@
+---
+- hosts: all
+  roles:
+    - { role: prepare }
diff --git a/contrib/os-services/roles/prepare/defaults/main.yml b/contrib/os-services/roles/prepare/defaults/main.yml
new file mode 100644
index 000000000..9c4a14905
--- /dev/null
+++ b/contrib/os-services/roles/prepare/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+disable_service_firewall: false
diff --git a/contrib/os-services/roles/prepare/tasks/main.yml b/contrib/os-services/roles/prepare/tasks/main.yml
new file mode 100644
index 000000000..ddae80ce9
--- /dev/null
+++ b/contrib/os-services/roles/prepare/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+- block:
+  - name: List services
+    service_facts:
+
+  - name: Disable service firewalld
+    systemd:
+      name: firewalld
+      state: stopped
+      enabled: no
+    when:
+      "'firewalld.service' in services"
+
+  - name: Disable service ufw
+    systemd:
+      name: ufw
+      state: stopped
+      enabled: no
+    when:
+      "'ufw.service' in services"
+
+  when:
+  - disable_service_firewall