refactor: use firewall role instead of module

We already have the firewall role in the system roles collection.  Use that instead
of the firewalld module which adds an extra dependency.

Signed-off-by: Rich Megginson <rmeggins@redhat.com>

Author: richm

README.md

@@ -53,7 +53,7 @@ Type: `bool`
 ### trustee_server_secret_registration_listen_port
 
 TCP port on which the secret registration server listens. The role opens this
-port in firewalld when `firewalld` is running.
+port in firewalld.
 
 Default: `8081`
 
@@ -94,7 +94,7 @@ More examples are in the [`examples/`](examples) directory.
 
 When enabled, the role:
 
-1. Downloads the Podman Quadlets from designated repo
+1. Installs the Podman Quadlets provided by the role
 2. Generates all required certificates of Trustee server components
 3. Add KBS port 8080 to firewalld
 4. Enables the services by default

meta/collection-requirements.yml

@@ -2,3 +2,4 @@
 ---
 collections:
   - name: ansible.posix
+  - name: fedora.linux_system_roles

tasks/secret_registration_server.yml

@@ -27,20 +27,18 @@
   register: __trustee_server_secret_reg_service
   notify: "restart trustee services"
 
-- name: Gather service facts for firewall check
-  ansible.builtin.service_facts:
-  no_log: "{{ ansible_verbosity < 3 }}"
-
 - name: Allow secret registration server port in firewall
-  ansible.posix.firewalld:
-    port: "{{ trustee_server_secret_registration_listen_port }}/tcp"
-    permanent: true
-    immediate: true
-    state: enabled
-  when: (ansible_facts.services | default({})).get('firewalld.service', {}).get('state', '') == 'running'
+  ansible.builtin.include_role:
+    name: fedora.linux_system_roles.firewall
+  vars:
+    firewall:
+      - port: "{{ trustee_server_secret_registration_listen_port }}/tcp"
+        permanent: true
+        runtime: true
+        state: enabled
 
 - name: Append secret registration server service to the list of services to restart
   set_fact:
     __trustee_server_services: >-
       {{ (__trustee_server_services | default([])) + ['secret_registration_server'] }}
-  when: "'secret_registration_server' not in __trustee_server_services"
+  when: "'secret_registration_server' not in __trustee_server_services"

tasks/trustee_quadlet.yml

@@ -62,17 +62,15 @@
   changed_when: true
   no_log: "{{ trustee_server_secure_logging }}"
 
-- name: Gather service facts
-  ansible.builtin.service_facts:
-  no_log: "{{ ansible_verbosity < 3 }}"
-
 - name: Allow port 8080 in firewall
-  ansible.posix.firewalld:
-    port: "8080/tcp"
-    permanent: true
-    immediate: true
-    state: enabled
-  when: (ansible_facts.services | default({})).get('firewalld.service', {}).get('state', '') == 'running'
+  ansible.builtin.include_role:
+    name: fedora.linux_system_roles.firewall
+  vars:
+    firewall:
+      - port: "8080/tcp"
+        permanent: true
+        runtime: true
+        state: enabled
 
 - name: Get the installed Trustee Server pod name
   ansible.builtin.find: