How to Reload Firewalld Service using Ansible

When managing a firewall like firewalld on CentOS or Red Hat Enterprise Linux via Ansible, you may need to reload the service for newly added rules to take effect. Here’s how:

The Challenge with Firewalling Rules in Ansible

Initially provided code uses an iteration loop over specified ports and attempts permanent addition of these port ranges using firewalld. However, it does not specify reloading firewaldd post-configuration changes. This is crucial for the service to apply newly added rules instantly on system startup or when triggered remotely via Ansible playbooks.

The Solution: Using Service Module in Ansible

To reload firewalld after making configuration updates with your own custom scripts, use an additional task involving the built-in service module of Ansible as suggested below:

# Reload Firewall on CentOS/RedHat using Ansible Service Module

Below is how you can integrate service reload into your playbook or role after setting up firewall rules with `firewalld`:

- Name the task appropriately, for example "Reload firewalls". 
- Use it in conjunction to apply and then immediately reapply changes:
  
```yaml
- name: Apply new port configurations permanently using FirewallD
  ansible.builtin.firewalld:
    zone: public_zone
    permanent: yes
    ports: "{{ item }}"
  loop: [80,22] # Example usage with specific TCP and UDP ports only; add your own here as needed
  
- name: Reload firewalls to apply changes immediately    
  ansible.builtin.service:
    name: firewalld
    state: reloaded

In this way, the firewall service (firewalla) will be dynamically updated with your new configurations without needing a system reboot or manual intervention through SSH commands such as sudo /etc/init.d/firewall restart. Ansible ensures that each time you rerun these tasks on CentOS systems using this code, the latest configuration is applied immediately and efficiently across all targeted machines in your network infrastructure.

Make sure to include proper exception handling if necessary for non-default configurations or specific firewalls setups when deploying with Ansible scripts/playbooks that control critical networking services like firewalld.

Previous Post
Declaring Configuration for Self Hosted Build Agen
Next Post
The Use and Impact of Common Workflow Language CW