install.yml

---
- name: Update apt cache
  apt:
    update_cache: yes
  become: True
  when: ansible_facts.os_family == 'Debian'

# TODO(inc0): Gates don't seem to have ufw executable, check for it instead of ignore errors
- block:
    - name: Set firewall default policy
      become: True
      ufw:
        state: disabled
        policy: allow
      when: ansible_facts.os_family == 'Debian'
      ignore_errors: yes

    - name: Check if firewalld is installed
      command: rpm -q firewalld
      register: firewalld_check
      changed_when: false
      failed_when: firewalld_check.rc > 1
      args:
        warn: false
      when: ansible_facts.os_family == 'RedHat'

    - name: Disable firewalld
      become: True
      service:
        name: "{{ item }}"
        enabled: false
        state: stopped
      with_items:
        - firewalld
      when:
        - ansible_facts.os_family == 'RedHat'
        - firewalld_check.rc == 0
  when: disable_firewall | bool

# Upgrading docker engine may cause containers to stop. Take a snapshot of the
# running containers prior to a potential upgrade of Docker.

- name: Check which containers are running
  command: docker ps -f 'status=running' -q
  become: true
  # If Docker is not installed this command may exit non-zero.
  failed_when: false
  changed_when: false
  register: running_containers

# APT starts Docker engine right after installation, which creates
# iptables rules before we disable iptables in Docker config

- name: Check if docker systemd unit exists
  stat:
    path: /etc/systemd/system/docker.service
  register: docker_unit_file

- name: Mask the docker systemd unit on Debian/Ubuntu
  file:
    src: /dev/null
    dest: /etc/systemd/system/docker.service
    owner: root
    group: root
    state: link
  become: true
  when:
    - ansible_facts.os_family == 'Debian'
    - not docker_unit_file.stat.exists