3706754b6b
This syntax doesn't work in Ansible 2.8.0. Futher, we can use "listen" to collapse the notify to a single item (at the expense of duplicating the when clause in the handlers). Change-Id: I05e2d32f4e1e692ac528a7254c6e3be2858ebacf
53 lines
1.1 KiB
YAML
53 lines
1.1 KiB
YAML
- name: Include OS-specific variables
|
|
include_vars: "{{ lookup('first_found', params) }}"
|
|
vars:
|
|
params:
|
|
files: "{{ distro_lookup_path }}"
|
|
paths:
|
|
- 'vars'
|
|
|
|
- name: Install iptables
|
|
package:
|
|
name: '{{ package_name }}'
|
|
state: present
|
|
|
|
- name: Ensure iptables rules directory
|
|
file:
|
|
state: directory
|
|
path: '{{ rules_dir }}'
|
|
|
|
- name: Install IPv4 rules files
|
|
template:
|
|
src: rules.v4.j2
|
|
dest: '{{ ipv4_rules }}'
|
|
owner: root
|
|
group: root
|
|
mode: 0640
|
|
setype: '{{ setype | default(omit) }}'
|
|
notify:
|
|
- Reload iptables
|
|
|
|
- name: Install IPv6 rules files
|
|
template:
|
|
src: rules.v6.j2
|
|
dest: '{{ ipv6_rules }}'
|
|
owner: root
|
|
group: root
|
|
mode: 0640
|
|
setype: '{{ setype | default(omit) }}'
|
|
notify:
|
|
- Reload iptables
|
|
|
|
- name: Include OS specific tasks
|
|
include_tasks: "{{ item }}"
|
|
vars:
|
|
params:
|
|
files: "{{ distro_lookup_path }}"
|
|
skip: true
|
|
loop: "{{ query('first_found', params) }}"
|
|
|
|
- name: Enable iptables service
|
|
service:
|
|
name: '{{ service_name }}'
|
|
enabled: true
|