---
# TODO(inc0): Gates don't seem to have ufw executable, check for it instead of ignore errors
- block:
    - name: Set firewall default policy
      # noqa ignore-errors
      become: true
      ufw:
        state: disabled
        policy: allow
      when: ansible_facts.os_family == 'Debian'
      ignore_errors: true

    - name: Check if firewalld is installed
      # noqa command-instead-of-module
      command: rpm -q firewalld
      register: firewalld_check
      changed_when: false
      failed_when: firewalld_check.rc > 1
      when: ansible_facts.os_family == 'RedHat'

    - name: Disable firewalld
      become: true
      service:
        name: "{{ item }}"
        enabled: false
        state: stopped
      with_items:
        - firewalld
      when:
        - ansible_facts.os_family == 'RedHat'
        - firewalld_check.rc == 0
  when: disable_firewall | bool

- import_role:
    name: openstack.kolla.packages

- import_role:
    name: openstack.kolla.{{ container_engine }}