fail2ban: fix "ignoreip" update

CHANGELOG.md

@@ -25,6 +25,7 @@ The **patch** part changes incrementally at each release.
 * evocheck: update evocheck.sh for source install
 
 ### Fixed
+* fail2ban: fix "ignoreip" update
 * metricbeat: fix username/password replacement
 * nagios-nrpe: check_process now return the error code (making the check more usefull than /bin/true)
 * nginx: Munin url config is now a template to insert the server-status prefix

fail2ban/tasks/ip_whitelist.yml

@@ -1,9 +1,13 @@
 ---
+
+- set_fact:
+    fail2ban_ignore_ips: "{{ ['127.0.0.1/8'] | union(fail2ban_default_ignore_ips) | union(fail2ban_additional_ignore_ips) | unique }}"
+
 - name: Update ignoreips lists
   ini_file:
     dest: /etc/fail2ban/jail.local
-    section: "[DEFAULT]"
-    option: "ignoreips"
+    section: "DEFAULT"
+    option: "ignoreip"
     value: "{{ fail2ban_ignore_ips | join(' ') }}"
   notify: restart fail2ban
   tags:

fail2ban/tasks/main.yml

@@ -16,7 +16,9 @@
     - fail2ban
 
 - set_fact:
-    fail2ban_ignore_ips: "{{ fail2ban_default_ignore_ips | union(fail2ban_additional_ignore_ips) | unique }}"
+    fail2ban_ignore_ips: "{{ ['127.0.0.1/8'] | union(fail2ban_default_ignore_ips) | union(fail2ban_additional_ignore_ips) | unique }}"
+  tags:
+    - fail2ban
 
 - name: local jail is installed
   template: