evomaintenance: tasks/variables to handle minifirewall restarts
This commit is contained in:
parent
647eda6d9b
commit
9f3a70926d
|
@ -33,3 +33,6 @@ evomaintenance_realm: "{{ evolinux_internal_domain }}"
|
||||||
evomaintenance_default_hosts: []
|
evomaintenance_default_hosts: []
|
||||||
evomaintenance_additional_hosts: []
|
evomaintenance_additional_hosts: []
|
||||||
evomaintenance_hosts: "{{ evomaintenance_default_hosts | union(evomaintenance_additional_hosts) | unique }}"
|
evomaintenance_hosts: "{{ evomaintenance_default_hosts | union(evomaintenance_additional_hosts) | unique }}"
|
||||||
|
|
||||||
|
minifirewall_restart_if_needed: True
|
||||||
|
minifirewall_restart_force: False
|
||||||
|
|
13
evomaintenance/handlers/main.yml
Normal file
13
evomaintenance/handlers/main.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: restart minifirewall
|
||||||
|
command: /etc/init.d/minifirewall restart
|
||||||
|
register: minifirewall_init_restart
|
||||||
|
failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout"
|
||||||
|
changed_when: "'starting IPTables rules is now finish : OK' in minifirewall_init_restart.stdout"
|
||||||
|
|
||||||
|
- name: restart minifirewall (noop)
|
||||||
|
meta: noop
|
||||||
|
register: minifirewall_init_restart
|
||||||
|
failed_when: False
|
||||||
|
changed_when: False
|
|
@ -1,5 +1,8 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | ternary('restart minifirewall', 'restart minifirewall (noop)') }}"
|
||||||
|
|
||||||
- include: install_package.yml
|
- include: install_package.yml
|
||||||
when: not evomaintenance_install_vendor
|
when: not evomaintenance_install_vendor
|
||||||
|
|
||||||
|
@ -30,6 +33,7 @@
|
||||||
line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
|
line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
|
||||||
insertafter: "^# EvoMaintenance"
|
insertafter: "^# EvoMaintenance"
|
||||||
with_items: "{{ evomaintenance_hosts }}"
|
with_items: "{{ evomaintenance_hosts }}"
|
||||||
|
notify: "{{ minifirewall_restart_handler_name }}"
|
||||||
when: minifirewall_default_file.stat.exists
|
when: minifirewall_default_file.stat.exists
|
||||||
tags:
|
tags:
|
||||||
- evomaintenance
|
- evomaintenance
|
||||||
|
@ -39,6 +43,14 @@
|
||||||
dest: /etc/default/minifirewall
|
dest: /etc/default/minifirewall
|
||||||
regexp: '^#.*(--sport 5432).*(-s X\.X\.X\.X)'
|
regexp: '^#.*(--sport 5432).*(-s X\.X\.X\.X)'
|
||||||
state: absent
|
state: absent
|
||||||
|
notify: "{{ minifirewall_restart_handler_name }}"
|
||||||
when: minifirewall_default_file.stat.exists
|
when: minifirewall_default_file.stat.exists
|
||||||
tags:
|
tags:
|
||||||
- evomaintenance
|
- evomaintenance
|
||||||
|
|
||||||
|
- name: Force restart minifirewall
|
||||||
|
command: /bin/true
|
||||||
|
notify: restart minifirewall
|
||||||
|
when: minifirewall_restart_force
|
||||||
|
tags:
|
||||||
|
- evomaintenance
|
||||||
|
|
Loading…
Reference in a new issue