Explicitly enable DHCP services on baremetal CentOS/RHEL

Apparently, we missed them when migrating to firewalld. The CI is not affected because these services are enabled in the libvirt zone, but changing the testing code as well for consistency. Also make sure the testing variable is treated as boolean. Change-Id: I204c539824319908098f67a49a8b15a24ba2cf6a
2020-08-21 18:03:47 +02:00 · 2020-08-21 18:03:47 +02:00 · 6e1bae9de4
commit 6e1bae9de4
parent 3a7ca47680
2 changed files with 18 additions and 1 deletions
--- a/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml
+++ b/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml
@ -352,10 +352,23 @@
    - 6385
  when: ansible_distribution not in ["CentOS", "RedHat"]

+- name: "Enable services in firewalld"
+  firewalld:
+    service: "{{ item }}"
+    zone: "{{ 'libvirt' if testing | bool else 'public' }}"
+    state: enabled
+    permanent: yes
+    immediate: yes
+  loop:
+    - dhcp
+    - dhcpv6
+    - tftp
+  when: ansible_distribution in ["CentOS", "RedHat"]
+
 - name: "Enable ports in firewalld"
  firewalld:
    port: "{{ item }}/tcp"
-    zone: "{{ 'libvirt' if testing else 'public' }}"
+    zone: "{{ 'libvirt' if testing | bool else 'public' }}"
    state: enabled
    permanent: yes
    immediate: yes
--- a/releasenotes/notes/firewalld-services-4c255c02d8d427f8.yaml
+++ b/releasenotes/notes/firewalld-services-4c255c02d8d427f8.yaml
@ -0,0 +1,4 @@
+---
+fixes:
+  - |
+    Automatically enables DHCP and TFTP services in firewalld on CentOS/RHEL.