Add a pf tag that we skip for subsequent use

PacketFilter need to be customized only once, at the first use. After that, pf.conf will be modified on the server for the needs of the network. It must not be overwriten.
2 years ago · 5adeaa31e1
parent dc2707c004
commit 5adeaa31e1
2 changed files with 4 additions and 2 deletions
--- a/evolixisation.yml
+++ b/evolixisation.yml
@ -1,9 +1,9 @@
 # yamllint disable rule:line-length
 # Playbook command
 # First use (become_method: su) :
-# ansible-playbook evolixisation.yml --ask-vault-pass -CDki hosts -l HOSTNAME -u root
+# ansible-playbook evolixisation.yml --ask-vault-pass -CDki hosts -u root -l HOSTNAME
 # Subsequent use (become_method: sudo) :
-# ansible-playbook evolixisation.yml --ask-vault-pass -CDKi hosts -l HOSTNAME
+# ansible-playbook evolixisation.yml --ask-vault-pass -CDKi hosts --skip-tags pf -l HOSTNAME

 ---
 - name: Evolixisation of an OpenBSD system
--- a/roles/pf/tasks/main.yml
+++ b/roles/pf/tasks/main.yml
@ -5,3 +5,5 @@
    dest: /etc/pf.conf
    mode: "0600"
    backup: true
+  tags:
+    - pf