forked from evolix/ansible-roles
evomaintenance: tasks/variables to handle minifirewall restarts
This commit is contained in:
parent
647eda6d9b
commit
9f3a70926d
3 changed files with 28 additions and 0 deletions
|
@ -33,3 +33,6 @@ evomaintenance_realm: "{{ evolinux_internal_domain }}"
|
|||
evomaintenance_default_hosts: []
|
||||
evomaintenance_additional_hosts: []
|
||||
evomaintenance_hosts: "{{ evomaintenance_default_hosts | union(evomaintenance_additional_hosts) | unique }}"
|
||||
|
||||
minifirewall_restart_if_needed: True
|
||||
minifirewall_restart_force: False
|
||||
|
|
13
evomaintenance/handlers/main.yml
Normal file
13
evomaintenance/handlers/main.yml
Normal file
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
|
||||
- name: restart minifirewall
|
||||
command: /etc/init.d/minifirewall restart
|
||||
register: minifirewall_init_restart
|
||||
failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout"
|
||||
changed_when: "'starting IPTables rules is now finish : OK' in minifirewall_init_restart.stdout"
|
||||
|
||||
- name: restart minifirewall (noop)
|
||||
meta: noop
|
||||
register: minifirewall_init_restart
|
||||
failed_when: False
|
||||
changed_when: False
|
|
@ -1,5 +1,8 @@
|
|||
---
|
||||
|
||||
- set_fact:
|
||||
minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | ternary('restart minifirewall', 'restart minifirewall (noop)') }}"
|
||||
|
||||
- include: install_package.yml
|
||||
when: not evomaintenance_install_vendor
|
||||
|
||||
|
@ -30,6 +33,7 @@
|
|||
line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
|
||||
insertafter: "^# EvoMaintenance"
|
||||
with_items: "{{ evomaintenance_hosts }}"
|
||||
notify: "{{ minifirewall_restart_handler_name }}"
|
||||
when: minifirewall_default_file.stat.exists
|
||||
tags:
|
||||
- evomaintenance
|
||||
|
@ -39,6 +43,14 @@
|
|||
dest: /etc/default/minifirewall
|
||||
regexp: '^#.*(--sport 5432).*(-s X\.X\.X\.X)'
|
||||
state: absent
|
||||
notify: "{{ minifirewall_restart_handler_name }}"
|
||||
when: minifirewall_default_file.stat.exists
|
||||
tags:
|
||||
- evomaintenance
|
||||
|
||||
- name: Force restart minifirewall
|
||||
command: /bin/true
|
||||
notify: restart minifirewall
|
||||
when: minifirewall_restart_force
|
||||
tags:
|
||||
- evomaintenance
|
||||
|
|
Loading…
Add table
Reference in a new issue