Use images with firewalld from dockerhub

Centos7-Dockerfile

@@ -1,2 +1,3 @@
 FROM docker.io/pycontribs/centos:7
-RUN yum install -y iproute
+RUN yum install -y iproute firewalld python-firewall net-tools && \
+    systemctl enable firewalld

Centos8-Dockerfile

@@ -0,0 +1,7 @@
+# Centos8-Dockerfile
+FROM docker.io/pycontribs/centos:8
+RUN yum install -y iproute firewalld net-tools && \
+    sed -i 's/FirewallBackend=nftables/FirewallBackend=iptables/' /etc/firewalld/firewalld.conf && \
+    sed -i 's/IPv6_rpfilter=yes/IPv6_rpfilter=no/' /etc/firewalld/firewalld.conf && \
+    systemctl enable firewalld
+

defaults/main.yml

@@ -3,11 +3,15 @@ cmk_add_host: false # Should be true/false whether we should automatically add h
 cmk_omd_protocol: http # Should be http or https
 cmk_omd_host: your-checkmk-hostname
 cmk_omd_site: your-checkmk-site # e.g the first piece after the / following your hostname
+
 # If you have created a folder in WATO already you want hosts to be put in when registered
 # uncomment cmk_folder below and specify the folder to use.  Otherwise the role creates and 
 # adds new hosts by default to Unsorted folder
 # cmk_folder: your_folder_in_WATO
+
+# Copy paste the link address for rpm agent from CheckMK
 cmk_rpm_agent: http://url-from-your-agent-bakery-in-checkmk.rpm
+# Copy paste the link address for MSI (Windows) agent from CheckMK
 cmk_msi_agent: http://url-from-your-agent-bakery-in-checkmk.msi
 
 
@@ -18,6 +22,7 @@ cmk_username: some-username
 # I recommend encrypting this with ansible-vault. 
 # Example: ansible-vault encrypt_string somesecret_string --name cmk_secret
 cmk_secret: some-secret
+
 # Combined string required for unattended actions
 cmk_auth: "&_username={{ cmk_username }}&_secret={{ cmk_secret }}"
 

handlers/main.yml

@@ -8,4 +8,14 @@
 
 - name: cmk fresh install
   set_fact:
-    cmk_fresh_install: True
+    cmk_fresh_install: True
+
+- name: ensure firewall open
+  firewalld:
+    port: 6556/tcp
+    state: enabled
+    permanent: yes
+
+- name: ensure firewall reloaded
+  command: firewall-cmd --reload
+  changed_when: false

molecule/default/molecule.yml

@@ -5,20 +5,21 @@ driver:
   name: docker
 platforms:
   - name: rhel8
-    image: docker.io/pycontribs/centos:8
+    image: guisea/centos8-ansible:latest
+    #dockerfile: Centos8-Dockerfile
     privileged: True
     volume_mounts:
       - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
     command: "/usr/sbin/init"
     pre_build_image: true
   - name: rhel7
-    image: docker.io/pycontribs/centos:7
+    image: guisea/centos7-ansible:latest
-    dockerfile: Centos7-Dockerfile
+    # dockerfile: Centos7-Dockerfile
     privileged: True
     volume_mounts:
       - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
     command: "/usr/sbin/init"
-    pre_build_image: false
+    pre_build_image: true
 provisioner:
   name: ansible
 verifier:

tasks/RedHat.yml

@@ -24,6 +24,8 @@
       notify:
         - restart xinetd
         - cmk fresh install
+        - ensure firewall open
+        - ensure firewall reloaded
 
     - name: Remove agent Download
       file: