2018-10-12 10:12:54 +02:00
|
|
|
---
|
|
|
|
|
2023-03-20 23:33:19 +01:00
|
|
|
- ansible.builtin.set_fact:
|
2021-08-30 09:24:57 +02:00
|
|
|
minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | bool | ternary('restart minifirewall', 'restart minifirewall (noop)') }}"
|
|
|
|
|
2018-10-12 10:12:54 +02:00
|
|
|
- name: Is minifirewall installed?
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.stat:
|
2018-10-12 10:12:54 +02:00
|
|
|
path: /etc/default/minifirewall
|
|
|
|
register: minifirewall_default_file
|
|
|
|
tags:
|
|
|
|
- evomaintenance
|
|
|
|
|
|
|
|
- name: minifirewall section for evomaintenance
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.lineinfile:
|
2018-10-12 10:12:54 +02:00
|
|
|
dest: /etc/default/minifirewall
|
2024-09-20 17:29:30 +02:00
|
|
|
line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED -j ACCEPT"
|
2018-10-12 10:12:54 +02:00
|
|
|
insertafter: "^# EvoMaintenance"
|
2021-05-04 14:18:40 +02:00
|
|
|
loop: "{{ evomaintenance_hosts }}"
|
2018-10-12 10:12:54 +02:00
|
|
|
notify: "{{ minifirewall_restart_handler_name }}"
|
|
|
|
when: minifirewall_default_file.stat.exists
|
|
|
|
tags:
|
|
|
|
- evomaintenance
|
|
|
|
|
|
|
|
- name: remove minifirewall example rule for the proxy
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.lineinfile:
|
2018-10-12 10:12:54 +02:00
|
|
|
dest: /etc/default/minifirewall
|
|
|
|
regexp: '^#.*(--sport 5432).*(-s X\.X\.X\.X)'
|
|
|
|
state: absent
|
|
|
|
notify: "{{ minifirewall_restart_handler_name }}"
|
|
|
|
when: minifirewall_default_file.stat.exists
|
|
|
|
tags:
|
|
|
|
- evomaintenance
|
|
|
|
|
2019-05-14 13:57:31 +02:00
|
|
|
- name: Force restart minifirewall
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.command:
|
|
|
|
cmd: /bin/true
|
2019-05-14 13:57:31 +02:00
|
|
|
notify: restart minifirewall
|
2021-05-09 23:06:42 +02:00
|
|
|
when: minifirewall_restart_force | bool
|
2019-05-14 13:57:31 +02:00
|
|
|
tags:
|
|
|
|
- evomaintenance
|