minifirewall: use handlers to restart minifirewall
All checks were successful
gitea/ansible-roles/pipeline/head This commit looks good
All checks were successful
gitea/ansible-roles/pipeline/head This commit looks good
This commit is contained in:
parent
c3be57410d
commit
3c1ec588fd
|
@ -23,6 +23,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
||||||
|
|
||||||
* evocheck: upstream release 22.08.1
|
* evocheck: upstream release 22.08.1
|
||||||
* generate-ldif: Support any MariaDB version
|
* generate-ldif: Support any MariaDB version
|
||||||
|
* minifirewall: use handlers to restart minifirewall
|
||||||
* openvpn: automate the initialization of the CA and the creation of the server certificate ; use openssl_dhparam module instead of a command
|
* openvpn: automate the initialization of the CA and the creation of the server certificate ; use openssl_dhparam module instead of a command
|
||||||
* nagios-nrpe: Add check_domains
|
* nagios-nrpe: Add check_domains
|
||||||
* generate-ldif: support any version of MariaDB (instead of only 10.0, 10.1 and 10.3)
|
* generate-ldif: support any version of MariaDB (instead of only 10.0, 10.1 and 10.3)
|
||||||
|
|
|
@ -4,3 +4,19 @@
|
||||||
service:
|
service:
|
||||||
name: nagios-nrpe-server
|
name: nagios-nrpe-server
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
|
- name: restart minifirewall (modern)
|
||||||
|
command: /etc/init.d/minifirewall restart
|
||||||
|
register: minifirewall_init_restart
|
||||||
|
failed_when: "'minifirewall failed' in minifirewall_init_restart.stdout"
|
||||||
|
|
||||||
|
- name: restart minifirewall (legacy)
|
||||||
|
command: /etc/init.d/minifirewall restart
|
||||||
|
register: minifirewall_init_restart
|
||||||
|
failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout"
|
||||||
|
|
||||||
|
- name: restart minifirewall (noop)
|
||||||
|
meta: noop
|
||||||
|
register: minifirewall_init_restart
|
||||||
|
failed_when: False
|
||||||
|
changed_when: False
|
|
@ -197,21 +197,15 @@
|
||||||
path: "{{ minifirewall_main_file }}"
|
path: "{{ minifirewall_main_file }}"
|
||||||
register: minifirewall_after
|
register: minifirewall_after
|
||||||
|
|
||||||
- name: restart minifirewall
|
- name: Schedule minifirewall restart (legacy)
|
||||||
command: /etc/init.d/minifirewall restart
|
command: /bin/true
|
||||||
register: minifirewall_init_restart
|
notify: "restart minifirewall (legacy)"
|
||||||
failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout"
|
|
||||||
when:
|
when:
|
||||||
|
- minifirewall_install_mode == 'legacy'
|
||||||
- minifirewall_restart_if_needed | bool
|
- minifirewall_restart_if_needed | bool
|
||||||
- minifirewall_is_running.rc == 0
|
- minifirewall_is_running.rc == 0
|
||||||
- minifirewall_before.stat.checksum != minifirewall_after.stat.checksum
|
- minifirewall_before.stat.checksum != minifirewall_after.stat.checksum or minifirewall_upgrade_script is changed or minifirewall_upgrade_config is changed
|
||||||
|
|
||||||
- name: restart minifirewall (noop)
|
|
||||||
meta: noop
|
|
||||||
register: minifirewall_init_restart
|
|
||||||
failed_when: False
|
|
||||||
changed_when: False
|
|
||||||
when: not (minifirewall_restart_if_needed | bool)
|
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
var: minifirewall_init_restart
|
var: minifirewall_init_restart
|
||||||
|
|
|
@ -282,11 +282,11 @@
|
||||||
path: "/etc/default/minifirewall"
|
path: "/etc/default/minifirewall"
|
||||||
register: minifirewall_after
|
register: minifirewall_after
|
||||||
|
|
||||||
- name: restart minifirewall
|
- name: Schedule minifirewall restart (modern)
|
||||||
command: /etc/init.d/minifirewall restart
|
command: /bin/true
|
||||||
register: minifirewall_init_restart
|
notify: "restart minifirewall (modern)"
|
||||||
failed_when: "'minifirewall failed' in minifirewall_init_restart.stdout"
|
|
||||||
when:
|
when:
|
||||||
|
- minifirewall_install_mode != 'legacy'
|
||||||
- minifirewall_restart_if_needed | bool
|
- minifirewall_restart_if_needed | bool
|
||||||
- minifirewall_is_running.rc == 0
|
- minifirewall_is_running.rc == 0
|
||||||
- minifirewall_before.stat.checksum != minifirewall_after.stat.checksum or minifirewall_upgrade_script is changed or minifirewall_upgrade_config is changed
|
- minifirewall_before.stat.checksum != minifirewall_after.stat.checksum or minifirewall_upgrade_script is changed or minifirewall_upgrade_config is changed
|
||||||
|
|
|
@ -1,9 +1,5 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Compose minifirewall_restart_handler_name variable
|
|
||||||
set_fact:
|
|
||||||
minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | bool | ternary('restart minifirewall', 'restart minifirewall (noop)') }}"
|
|
||||||
|
|
||||||
# Legacy or modern mode? ##############################################
|
# Legacy or modern mode? ##############################################
|
||||||
|
|
||||||
- name: Check minifirewall
|
- name: Check minifirewall
|
||||||
|
@ -39,6 +35,25 @@
|
||||||
var: minifirewall_install_mode
|
var: minifirewall_install_mode
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
|
|
||||||
|
- name: 'Set minifirewall_restart_handler_name to "noop"'
|
||||||
|
set_fact:
|
||||||
|
minifirewall_restart_handler_name: "restart minifirewall (noop)"
|
||||||
|
when: not (minifirewall_restart_if_needed | bool)
|
||||||
|
|
||||||
|
- name: 'Set minifirewall_restart_handler_name to "legacy"'
|
||||||
|
set_fact:
|
||||||
|
minifirewall_restart_handler_name: "restart minifirewall (legacy)"
|
||||||
|
when:
|
||||||
|
- minifirewall_restart_if_needed | bool
|
||||||
|
- minifirewall_install_mode == 'legacy'
|
||||||
|
|
||||||
|
- name: 'Set minifirewall_restart_handler_name to "modern"'
|
||||||
|
set_fact:
|
||||||
|
minifirewall_restart_handler_name: "restart minifirewall (modern)"
|
||||||
|
when:
|
||||||
|
- minifirewall_restart_if_needed | bool
|
||||||
|
- minifirewall_install_mode != 'legacy'
|
||||||
|
|
||||||
#######################################################################
|
#######################################################################
|
||||||
|
|
||||||
- name: Fail if minifirewall_main_file is defined (legacy mode)
|
- name: Fail if minifirewall_main_file is defined (legacy mode)
|
||||||
|
@ -106,18 +121,16 @@
|
||||||
var: minifirewall_restart_force | bool
|
var: minifirewall_restart_force | bool
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
|
|
||||||
- name: Force restart minifirewall (modern mode)
|
- name: Force restart minifirewall (legacy)
|
||||||
command: /etc/init.d/minifirewall restart
|
command: /bin/true
|
||||||
register: minifirewall_init_restart
|
notify: "restart minifirewall (legacy)"
|
||||||
failed_when: "'minifirewall failed' in minifirewall_init_restart.stdout"
|
|
||||||
when:
|
|
||||||
- minifirewall_install_mode != 'legacy'
|
|
||||||
- minifirewall_restart_force | bool
|
|
||||||
|
|
||||||
- name: Force restart minifirewall (legacy mode)
|
|
||||||
command: /etc/init.d/minifirewall restart
|
|
||||||
register: minifirewall_init_restart
|
|
||||||
failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout"
|
|
||||||
when:
|
when:
|
||||||
- minifirewall_install_mode == 'legacy'
|
- minifirewall_install_mode == 'legacy'
|
||||||
|
- minifirewall_restart_force | bool
|
||||||
|
|
||||||
|
- name: Force restart minifirewall (modern)
|
||||||
|
command: /bin/true
|
||||||
|
notify: "restart minifirewall (modern)"
|
||||||
|
when:
|
||||||
|
- minifirewall_install_mode != 'legacy'
|
||||||
- minifirewall_restart_force | bool
|
- minifirewall_restart_force | bool
|
|
@ -1,4 +1,22 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
- name: Stat minifirewall config file (before)
|
||||||
|
stat:
|
||||||
|
path: "/etc/default/minifirewall"
|
||||||
|
register: minifirewall_before
|
||||||
|
|
||||||
|
- name: Check if minifirewall is running
|
||||||
|
shell:
|
||||||
|
cmd: /sbin/iptables -L -n | grep -E "^(DROP\s+udp|ACCEPT\s+icmp)\s+--\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0\s*$"
|
||||||
|
changed_when: False
|
||||||
|
failed_when: False
|
||||||
|
check_mode: no
|
||||||
|
register: minifirewall_is_running
|
||||||
|
|
||||||
|
- debug:
|
||||||
|
var: minifirewall_is_running
|
||||||
|
verbosity: 1
|
||||||
|
|
||||||
- name: Add some rules at the end of minifirewall file
|
- name: Add some rules at the end of minifirewall file
|
||||||
template:
|
template:
|
||||||
src: "{{ item }}"
|
src: "{{ item }}"
|
||||||
|
@ -30,20 +48,14 @@
|
||||||
var: minifirewall_tail_source
|
var: minifirewall_tail_source
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
|
|
||||||
- name: restart minifirewall
|
- name: Schedule minifirewall restart (legacy)
|
||||||
command: /etc/init.d/minifirewall restart
|
command: /bin/true
|
||||||
register: minifirewall_init_restart
|
notify: "restart minifirewall (legacy)"
|
||||||
failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout"
|
|
||||||
when:
|
when:
|
||||||
- minifirewall_tail_template is changed
|
- minifirewall_install_mode == 'legacy'
|
||||||
- minifirewall_restart_if_needed | bool
|
- minifirewall_restart_if_needed | bool
|
||||||
|
- minifirewall_is_running.rc == 0
|
||||||
- name: restart minifirewall (noop)
|
- minifirewall_tail_template is changed
|
||||||
meta: noop
|
|
||||||
register: minifirewall_init_restart
|
|
||||||
failed_when: False
|
|
||||||
changed_when: False
|
|
||||||
when: not (minifirewall_restart_if_needed | bool)
|
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
var: minifirewall_init_restart
|
var: minifirewall_init_restart
|
||||||
|
|
|
@ -1,4 +1,22 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
- name: Stat minifirewall config file (before)
|
||||||
|
stat:
|
||||||
|
path: "/etc/default/minifirewall"
|
||||||
|
register: minifirewall_before
|
||||||
|
|
||||||
|
- name: Check if minifirewall is running
|
||||||
|
shell:
|
||||||
|
cmd: /sbin/iptables -L -n | grep -E "^(DROP\s+udp|ACCEPT\s+icmp)\s+--\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0\s*$"
|
||||||
|
changed_when: False
|
||||||
|
failed_when: False
|
||||||
|
check_mode: no
|
||||||
|
register: minifirewall_is_running
|
||||||
|
|
||||||
|
- debug:
|
||||||
|
var: minifirewall_is_running
|
||||||
|
verbosity: 1
|
||||||
|
|
||||||
- name: Add some rules at the end of minifirewall file
|
- name: Add some rules at the end of minifirewall file
|
||||||
template:
|
template:
|
||||||
src: "{{ item }}"
|
src: "{{ item }}"
|
||||||
|
@ -18,20 +36,14 @@
|
||||||
var: minifirewall_tail_template
|
var: minifirewall_tail_template
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
|
|
||||||
- name: restart minifirewall
|
- name: Schedule minifirewall restart (modern)
|
||||||
command: /etc/init.d/minifirewall restart
|
command: /bin/true
|
||||||
register: minifirewall_init_restart
|
notify: "restart minifirewall (modern)"
|
||||||
failed_when: "'minifirewall failed' in minifirewall_init_restart.stdout"
|
|
||||||
when:
|
when:
|
||||||
- minifirewall_tail_template is changed
|
- minifirewall_install_mode != 'legacy'
|
||||||
- minifirewall_restart_if_needed | bool
|
- minifirewall_restart_if_needed | bool
|
||||||
|
- minifirewall_is_running.rc == 0
|
||||||
- name: restart minifirewall (noop)
|
- minifirewall_tail_template is changed
|
||||||
meta: noop
|
|
||||||
register: minifirewall_init_restart
|
|
||||||
failed_when: False
|
|
||||||
changed_when: False
|
|
||||||
when: not (minifirewall_restart_if_needed | bool)
|
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
var: minifirewall_init_restart
|
var: minifirewall_init_restart
|
||||||
|
|
Loading…
Reference in a new issue