minifirewall: use handlers to restart minifirewall
All checks were successful
gitea/ansible-roles/pipeline/head This commit looks good
All checks were successful
gitea/ansible-roles/pipeline/head This commit looks good
This commit is contained in:
parent
c3be57410d
commit
3c1ec588fd
|
@ -23,6 +23,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
|||
|
||||
* evocheck: upstream release 22.08.1
|
||||
* generate-ldif: Support any MariaDB version
|
||||
* minifirewall: use handlers to restart minifirewall
|
||||
* openvpn: automate the initialization of the CA and the creation of the server certificate ; use openssl_dhparam module instead of a command
|
||||
* nagios-nrpe: Add check_domains
|
||||
* generate-ldif: support any version of MariaDB (instead of only 10.0, 10.1 and 10.3)
|
||||
|
|
|
@ -4,3 +4,19 @@
|
|||
service:
|
||||
name: nagios-nrpe-server
|
||||
state: restarted
|
||||
|
||||
- name: restart minifirewall (modern)
|
||||
command: /etc/init.d/minifirewall restart
|
||||
register: minifirewall_init_restart
|
||||
failed_when: "'minifirewall failed' in minifirewall_init_restart.stdout"
|
||||
|
||||
- name: restart minifirewall (legacy)
|
||||
command: /etc/init.d/minifirewall restart
|
||||
register: minifirewall_init_restart
|
||||
failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout"
|
||||
|
||||
- name: restart minifirewall (noop)
|
||||
meta: noop
|
||||
register: minifirewall_init_restart
|
||||
failed_when: False
|
||||
changed_when: False
|
|
@ -197,21 +197,15 @@
|
|||
path: "{{ minifirewall_main_file }}"
|
||||
register: minifirewall_after
|
||||
|
||||
- name: restart minifirewall
|
||||
command: /etc/init.d/minifirewall restart
|
||||
register: minifirewall_init_restart
|
||||
failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout"
|
||||
- name: Schedule minifirewall restart (legacy)
|
||||
command: /bin/true
|
||||
notify: "restart minifirewall (legacy)"
|
||||
when:
|
||||
- minifirewall_install_mode == 'legacy'
|
||||
- minifirewall_restart_if_needed | bool
|
||||
- minifirewall_is_running.rc == 0
|
||||
- minifirewall_before.stat.checksum != minifirewall_after.stat.checksum
|
||||
- minifirewall_before.stat.checksum != minifirewall_after.stat.checksum or minifirewall_upgrade_script is changed or minifirewall_upgrade_config is changed
|
||||
|
||||
- name: restart minifirewall (noop)
|
||||
meta: noop
|
||||
register: minifirewall_init_restart
|
||||
failed_when: False
|
||||
changed_when: False
|
||||
when: not (minifirewall_restart_if_needed | bool)
|
||||
|
||||
- debug:
|
||||
var: minifirewall_init_restart
|
||||
|
|
|
@ -282,11 +282,11 @@
|
|||
path: "/etc/default/minifirewall"
|
||||
register: minifirewall_after
|
||||
|
||||
- name: restart minifirewall
|
||||
command: /etc/init.d/minifirewall restart
|
||||
register: minifirewall_init_restart
|
||||
failed_when: "'minifirewall failed' in minifirewall_init_restart.stdout"
|
||||
- name: Schedule minifirewall restart (modern)
|
||||
command: /bin/true
|
||||
notify: "restart minifirewall (modern)"
|
||||
when:
|
||||
- minifirewall_install_mode != 'legacy'
|
||||
- minifirewall_restart_if_needed | bool
|
||||
- minifirewall_is_running.rc == 0
|
||||
- minifirewall_before.stat.checksum != minifirewall_after.stat.checksum or minifirewall_upgrade_script is changed or minifirewall_upgrade_config is changed
|
||||
|
|
|
@ -1,9 +1,5 @@
|
|||
---
|
||||
|
||||
- name: Compose minifirewall_restart_handler_name variable
|
||||
set_fact:
|
||||
minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | bool | ternary('restart minifirewall', 'restart minifirewall (noop)') }}"
|
||||
|
||||
# Legacy or modern mode? ##############################################
|
||||
|
||||
- name: Check minifirewall
|
||||
|
@ -39,6 +35,25 @@
|
|||
var: minifirewall_install_mode
|
||||
verbosity: 1
|
||||
|
||||
- name: 'Set minifirewall_restart_handler_name to "noop"'
|
||||
set_fact:
|
||||
minifirewall_restart_handler_name: "restart minifirewall (noop)"
|
||||
when: not (minifirewall_restart_if_needed | bool)
|
||||
|
||||
- name: 'Set minifirewall_restart_handler_name to "legacy"'
|
||||
set_fact:
|
||||
minifirewall_restart_handler_name: "restart minifirewall (legacy)"
|
||||
when:
|
||||
- minifirewall_restart_if_needed | bool
|
||||
- minifirewall_install_mode == 'legacy'
|
||||
|
||||
- name: 'Set minifirewall_restart_handler_name to "modern"'
|
||||
set_fact:
|
||||
minifirewall_restart_handler_name: "restart minifirewall (modern)"
|
||||
when:
|
||||
- minifirewall_restart_if_needed | bool
|
||||
- minifirewall_install_mode != 'legacy'
|
||||
|
||||
#######################################################################
|
||||
|
||||
- name: Fail if minifirewall_main_file is defined (legacy mode)
|
||||
|
@ -106,18 +121,16 @@
|
|||
var: minifirewall_restart_force | bool
|
||||
verbosity: 1
|
||||
|
||||
- name: Force restart minifirewall (modern mode)
|
||||
command: /etc/init.d/minifirewall restart
|
||||
register: minifirewall_init_restart
|
||||
failed_when: "'minifirewall failed' in minifirewall_init_restart.stdout"
|
||||
when:
|
||||
- minifirewall_install_mode != 'legacy'
|
||||
- minifirewall_restart_force | bool
|
||||
|
||||
- name: Force restart minifirewall (legacy mode)
|
||||
command: /etc/init.d/minifirewall restart
|
||||
register: minifirewall_init_restart
|
||||
failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout"
|
||||
- name: Force restart minifirewall (legacy)
|
||||
command: /bin/true
|
||||
notify: "restart minifirewall (legacy)"
|
||||
when:
|
||||
- minifirewall_install_mode == 'legacy'
|
||||
- minifirewall_restart_force | bool
|
||||
|
||||
- name: Force restart minifirewall (modern)
|
||||
command: /bin/true
|
||||
notify: "restart minifirewall (modern)"
|
||||
when:
|
||||
- minifirewall_install_mode != 'legacy'
|
||||
- minifirewall_restart_force | bool
|
|
@ -1,4 +1,22 @@
|
|||
---
|
||||
|
||||
- name: Stat minifirewall config file (before)
|
||||
stat:
|
||||
path: "/etc/default/minifirewall"
|
||||
register: minifirewall_before
|
||||
|
||||
- name: Check if minifirewall is running
|
||||
shell:
|
||||
cmd: /sbin/iptables -L -n | grep -E "^(DROP\s+udp|ACCEPT\s+icmp)\s+--\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0\s*$"
|
||||
changed_when: False
|
||||
failed_when: False
|
||||
check_mode: no
|
||||
register: minifirewall_is_running
|
||||
|
||||
- debug:
|
||||
var: minifirewall_is_running
|
||||
verbosity: 1
|
||||
|
||||
- name: Add some rules at the end of minifirewall file
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
|
@ -30,20 +48,14 @@
|
|||
var: minifirewall_tail_source
|
||||
verbosity: 1
|
||||
|
||||
- name: restart minifirewall
|
||||
command: /etc/init.d/minifirewall restart
|
||||
register: minifirewall_init_restart
|
||||
failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout"
|
||||
- name: Schedule minifirewall restart (legacy)
|
||||
command: /bin/true
|
||||
notify: "restart minifirewall (legacy)"
|
||||
when:
|
||||
- minifirewall_tail_template is changed
|
||||
- minifirewall_install_mode == 'legacy'
|
||||
- minifirewall_restart_if_needed | bool
|
||||
|
||||
- name: restart minifirewall (noop)
|
||||
meta: noop
|
||||
register: minifirewall_init_restart
|
||||
failed_when: False
|
||||
changed_when: False
|
||||
when: not (minifirewall_restart_if_needed | bool)
|
||||
- minifirewall_is_running.rc == 0
|
||||
- minifirewall_tail_template is changed
|
||||
|
||||
- debug:
|
||||
var: minifirewall_init_restart
|
||||
|
|
|
@ -1,4 +1,22 @@
|
|||
---
|
||||
|
||||
- name: Stat minifirewall config file (before)
|
||||
stat:
|
||||
path: "/etc/default/minifirewall"
|
||||
register: minifirewall_before
|
||||
|
||||
- name: Check if minifirewall is running
|
||||
shell:
|
||||
cmd: /sbin/iptables -L -n | grep -E "^(DROP\s+udp|ACCEPT\s+icmp)\s+--\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0\s*$"
|
||||
changed_when: False
|
||||
failed_when: False
|
||||
check_mode: no
|
||||
register: minifirewall_is_running
|
||||
|
||||
- debug:
|
||||
var: minifirewall_is_running
|
||||
verbosity: 1
|
||||
|
||||
- name: Add some rules at the end of minifirewall file
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
|
@ -18,20 +36,14 @@
|
|||
var: minifirewall_tail_template
|
||||
verbosity: 1
|
||||
|
||||
- name: restart minifirewall
|
||||
command: /etc/init.d/minifirewall restart
|
||||
register: minifirewall_init_restart
|
||||
failed_when: "'minifirewall failed' in minifirewall_init_restart.stdout"
|
||||
- name: Schedule minifirewall restart (modern)
|
||||
command: /bin/true
|
||||
notify: "restart minifirewall (modern)"
|
||||
when:
|
||||
- minifirewall_tail_template is changed
|
||||
- minifirewall_install_mode != 'legacy'
|
||||
- minifirewall_restart_if_needed | bool
|
||||
|
||||
- name: restart minifirewall (noop)
|
||||
meta: noop
|
||||
register: minifirewall_init_restart
|
||||
failed_when: False
|
||||
changed_when: False
|
||||
when: not (minifirewall_restart_if_needed | bool)
|
||||
- minifirewall_is_running.rc == 0
|
||||
- minifirewall_tail_template is changed
|
||||
|
||||
- debug:
|
||||
var: minifirewall_init_restart
|
||||
|
|
Loading…
Reference in a new issue