From 96cd04ae404bbf46de7c5d900db641c2c1d2e905 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Thu, 30 Aug 2018 17:04:14 +0200 Subject: [PATCH] minifirewall: add a variable to disable the restart handler --- CHANGELOG.md | 1 + minifirewall/README.md | 1 + minifirewall/defaults/main.yml | 1 + minifirewall/tasks/config.yml | 12 +++++++++++- minifirewall/tasks/main.yml | 3 +++ minifirewall/tasks/tail.yml | 11 ++++++++++- 6 files changed, 27 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 25d77374..cdbe44ff 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ The **patch** part changes incrementally at each release. ## [Unreleased] ### Added +* minifirewall: add a variable to disable the restart handler ### Changed diff --git a/minifirewall/README.md b/minifirewall/README.md index 67b389f1..6e82f735 100644 --- a/minifirewall/README.md +++ b/minifirewall/README.md @@ -16,6 +16,7 @@ Everything is in the `tasks/main.yml` file. * `minifirewall_trusted_ips`: with IP/hosts should be trusted for full access (default: none) * `minifirewall_privilegied_ips`: with IP/hosts should be trusted for restricted access (default: none) * `minifirewall_tail_included` : source a "tail" file at the end of the main config file. (default: `False`) +* `minifirewall_restart_if_needed` : should the restart handler be executed (default: `True`) The full list of variables (with default values) can be found in `defaults/main.yml`. **Some IP/hosts must be configured or the server will be inaccessible via network.** diff --git a/minifirewall/defaults/main.yml b/minifirewall/defaults/main.yml index 2b37a5cf..8351732f 100644 --- a/minifirewall/defaults/main.yml +++ b/minifirewall/defaults/main.yml @@ -24,6 +24,7 @@ minifirewall_private_ports_tcp: [5666] minifirewall_private_ports_udp: [] minifirewall_autostart: "no" +minifirewall_restart_if_needed: True evomaintenance_hosts: [] diff --git a/minifirewall/tasks/config.yml b/minifirewall/tasks/config.yml index 7ed07a91..c2c81f81 100644 --- a/minifirewall/tasks/config.yml +++ b/minifirewall/tasks/config.yml @@ -123,7 +123,17 @@ register: minifirewall_init_restart failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout" changed_when: "'starting IPTables rules is now finish : OK' in minifirewall_init_restart.stdout" - when: minifirewall_is_running.rc == 0 and (minifirewall_config_ips | changed or minifirewall_config_ports | changed) + when: + - minifirewall_restart_if_needed + - minifirewall_is_running.rc == 0 + - (minifirewall_config_ips | changed or minifirewall_config_ports | changed) + +- name: restart minifirewall (noop) + meta: noop + register: minifirewall_init_restart + failed_when: False + changed_when: False + when: not minifirewall_restart_if_needed - debug: var: minifirewall_init_restart diff --git a/minifirewall/tasks/main.yml b/minifirewall/tasks/main.yml index 1e135780..5fa59d25 100644 --- a/minifirewall/tasks/main.yml +++ b/minifirewall/tasks/main.yml @@ -1,5 +1,8 @@ --- +- set_fact: + minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | ternary('restart minifirewall', 'restart minifirewall (noop)') }}" + - include: install.yml - include: config.yml diff --git a/minifirewall/tasks/tail.yml b/minifirewall/tasks/tail.yml index 3d61025d..a4cb6013 100644 --- a/minifirewall/tasks/tail.yml +++ b/minifirewall/tasks/tail.yml @@ -35,7 +35,16 @@ register: minifirewall_init_restart failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout" changed_when: "'starting IPTables rules is now finish : OK' in minifirewall_init_restart.stdout" - when: minifirewall_tail_template | changed + when: + - minifirewall_tail_template | changed + - minifirewall_restart_if_needed + +- name: restart minifirewall (noop) + meta: noop + register: minifirewall_init_restart + failed_when: False + changed_when: False + when: not minifirewall_restart_if_needed - debug: var: minifirewall_init_restart