Make firewalld operations idempotent (#173)
* Use firewalld module instead of command module * Reload firewalld with systemd module * Convert firewalld reload to a handler * Explicit firewalld reload is not needed With immediate:true in ansible.posix.firewalld we don't need reload. Thanks @codyro * Add requirements.yml
This commit is contained in:
parent
6d610c9ee4
commit
d7be6c3829
|
@ -44,6 +44,11 @@
|
|||
ansible.builtin.systemd:
|
||||
name: nginx
|
||||
state: reloaded
|
||||
|
||||
- name: Reload firewalld
|
||||
ansible.builtin.systemd:
|
||||
name: firewalld
|
||||
state: reloaded
|
||||
vars:
|
||||
lemmy_port: "{{ 32767 | random(start=1024) }}"
|
||||
tasks:
|
||||
|
@ -98,21 +103,17 @@
|
|||
tags:
|
||||
- firewalld
|
||||
|
||||
# TODO: Use ansible.posix.firewalld
|
||||
- name: Allow http/httpd traffic to public zone in firewalld
|
||||
ansible.builtin.command: "firewall-cmd --zone=public --add-service={{ item }} --perm"
|
||||
ansible.posix.firewalld:
|
||||
service: "{{ item }}"
|
||||
state: enabled
|
||||
zone: public
|
||||
permanent: true
|
||||
immediate: true
|
||||
loop:
|
||||
- http
|
||||
- https
|
||||
when: "'firewalld.service' in ansible_facts.services and ansible_facts.services['firewalld.service'].state == 'running'"
|
||||
changed_when: true
|
||||
tags:
|
||||
- firewalld
|
||||
|
||||
- name: Reload firewalld
|
||||
ansible.builtin.command: firewall-cmd --reload
|
||||
when: "'firewalld.service' in ansible_facts.services and ansible_facts.services['firewalld.service'].state == 'running'"
|
||||
changed_when: true
|
||||
tags:
|
||||
- firewalld
|
||||
|
||||
|
|
3
requirements.yml
Normal file
3
requirements.yml
Normal file
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
collections:
|
||||
- name: ansible.posix
|
Loading…
Reference in a new issue