Alex Schultz d8c3a4a808 Make persist-iptables more robust
We're seeing when the shell command fails (for whatever reason) and since
it's failed_when: false, the subsequent tasks actually fail.  We can
check if stdout is not defined as a failure condition because that means
the module itself failed and we should not continue to process the
next tasks since they depend on stdout being defined.. Additionally we
can add some retries to try again if possible.

Change-Id: Iabc1619009220c6f1c91b84f81d5262c4d9d8430
Related-Bug: #1885697
2020-07-02 09:42:58 -06:00

34 lines
963 B
YAML

- name: List current ipv4 rules
become: yes
# Using shell to try and debug why this task when run sometimes returns -13
shell: iptables-save
changed_when: false
failed_when: iptables_rules.stdout is not defined
retries: 5
delay: 1
register: iptables_rules
tags:
- skip_ansible_lint
- name: List current ipv6 rules
become: yes
# Using shell to try and debug why this task when run sometimes returns -13
shell: ip6tables-save
changed_when: false
failed_when: ip6tables_rules.stdout is not defined
retries: 5
delay: 1
register: ip6tables_rules
tags:
- skip_ansible_lint
- name: Configure persistent iptables rules
include_tasks: "{{ zj_distro_os }}"
with_first_found:
- "persist/{{ ansible_distribution }}_{{ ansible_distribution_release }}.yaml"
- "persist/{{ ansible_distribution }}.yaml"
- "persist/{{ ansible_os_family }}.yaml"
- "persist/default.yaml"
loop_control:
loop_var: zj_distro_os