From: Oleg Broytman Date: Sun, 1 Sep 2019 23:59:40 +0000 (+0300) Subject: Feat(firewall): Use handler instead of condition X-Git-Url: https://git.phdru.name/?a=commitdiff_plain;h=b8f10de1474570fe82b311a76fb2d5b51ad8152b;p=ansible.git Feat(firewall): Use handler instead of condition --- diff --git a/playbooks/debian/roles/firewall/handlers/main.yml b/playbooks/debian/roles/firewall/handlers/main.yml new file mode 100644 index 0000000..8610dd8 --- /dev/null +++ b/playbooks/debian/roles/firewall/handlers/main.yml @@ -0,0 +1,5 @@ +- name: Restart firewall + become: true + service: + name: iptables.sh + state: restarted diff --git a/playbooks/debian/roles/firewall/tasks/main.yml b/playbooks/debian/roles/firewall/tasks/main.yml index 9716dda..e36bd89 100644 --- a/playbooks/debian/roles/firewall/tasks/main.yml +++ b/playbooks/debian/roles/firewall/tasks/main.yml @@ -6,7 +6,7 @@ name: fail2ban state: latest update_cache: yes - register: fail2ban + notify: Restart firewall - name: Configure Debian firewall become: true @@ -18,18 +18,11 @@ directory_mode: '0750' mode: '0750' force: no - register: etc + notify: Restart firewall - name: Fix permissions for /etc/network/functions become: true file: path: /etc/network/functions.phd mode: '0640' - register: functions - -- name: Start Debian firewall - become: true - service: - name: iptables.sh - state: restarted - when: fail2ban.changed or etc.changed or functions.changed + notify: Restart firewall diff --git a/playbooks/redhat/roles/firewall/handlers/main.yml b/playbooks/redhat/roles/firewall/handlers/main.yml new file mode 100644 index 0000000..8eac456 --- /dev/null +++ b/playbooks/redhat/roles/firewall/handlers/main.yml @@ -0,0 +1,3 @@ +- name: Restart firewall + become: true + command: /etc/rc.d/init.d/iptables.sh start diff --git a/playbooks/redhat/roles/firewall/tasks/main.yml b/playbooks/redhat/roles/firewall/tasks/main.yml index c1624fd..86c73ba 100644 --- a/playbooks/redhat/roles/firewall/tasks/main.yml +++ b/playbooks/redhat/roles/firewall/tasks/main.yml @@ -4,7 +4,7 @@ name: ['fail2ban', 'iptables-services'] state: latest update_cache: yes - register: services + notify: Restart firewall - name: Disable firewalld become: true @@ -37,16 +37,11 @@ directory_mode: '0750' mode: '0750' force: no - register: etc + notify: Restart firewall - name: Fix permissions for /etc/network/functions become: true file: path: /etc/network/functions.phd mode: '0640' - register: functions - -- name: Start iptables - become: true - command: /etc/rc.d/init.d/iptables.sh start - when: services.changed or etc.changed or functions.changed + notify: Restart firewall