Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
---
- name: Check if ferm is installed.
shell:
cmd: type ferm
check_mode: false
failed_when: ferm_installed.rc not in [0, 1, 127]
changed_when: false
register: ferm_installed
- name: Check version of ferm.
command:
cmd: ferm --version
check_mode: false
changed_when: false
register: ferm_current_version
when: ferm_installed.rc == 0
- name: Ensure differing version of ferm is not installed.
assert:
that: ferm_installed.rc or
ferm_current_version.stdout_lines[0] == "ferm {{ ferm_version }}"
fail_msg: "A different version of ferm is currently installed. Remove it
before continuing."
- name: Gather service facts.
service_facts:
# Unfortunately, as of Ansible v2.9.3, service_facts incorrectly reports the
# state of active "oneshot" services as stopped: such services are listed by
# systemd as "active exited" while they are active, rather than "active
# running," as for services that contain running processes. Thus, this task will
# not capture the case where ufw is active but disabled.
- name: Ensure conflicting firewall managers are not running.
assert:
that:
- "'ufw' not in ansible_facts.services or
ansible_facts.services['ufw.service'].status == 'disabled'"
- "'firewalld' not in ansible_facts.services or
ansible_facts.services['firewalld.service'].status == 'disabled'
and ansible_facts.services['firewalld.service'].state != 'running'"
fail_msg: "A conflicting firewall manager appears to be enabled. Remove it
before continuing."
when: not ferm_skip_conflicts_in_check_mode or not ansible_check_mode
- name: Install ferm.
block:
- name: Install dependencies.
package:
name:
- make
- perl
state: present
- name: Download ferm.
get_url:
url: "{{ ferm_url }}"
dest: /usr/local/src/{{ ferm_url | basename }}
owner: root
mode: 0644
checksum: "{{ ferm_checksum }}"
- name: Create temporary directory.
tempfile:
state: directory
register: tmpdir
- name: Extract ferm.
unarchive:
dest: "{{ tmpdir.path }}"
src: /usr/local/src/{{ ferm_url | basename }}
remote_src: true
- name: Install ferm.
command:
cmd: make PREFIX=/usr/local install
chdir: "{{ tmpdir.path }}/ferm-{{ ferm_version }}"
- name: Correct paths in unit file.
command:
cmd: "sed -i 's|/usr/sbin/|/usr/local/sbin/|'
/usr/local/lib/systemd/system/ferm.service"
- name: Remove temporary directory.
file:
path: "{{ tmpdir.path }}"
state: absent
when: ferm_installed.rc
- name: Install base ferm configuration.
copy:
dest: /etc/ferm.conf
content: "@include ferm.d/;\n"
owner: root
mode: 0644
notify: restart_ferm
- name: Create ferm.d.
file:
path: /etc/ferm.d
state: directory
owner: root
mode: 0755
- name: Enable and start ferm service.
service:
name: ferm
enabled: true
state: started
daemon_reload: true