From 1ff0fc1803fc71d925a0f2d0cf9c27058914044a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Gon=C3=A7alves?= Date: Mon, 9 Jan 2023 22:39:47 +0100 Subject: feat(roles/pf): add argument specs --- roles/pf/tasks/main.yml | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) (limited to 'roles/pf/tasks') diff --git a/roles/pf/tasks/main.yml b/roles/pf/tasks/main.yml index 8e81e1c..4fba69e 100644 --- a/roles/pf/tasks/main.yml +++ b/roles/pf/tasks/main.yml @@ -7,14 +7,31 @@ owner: 0 group: 0 mode: "0600" - notify: - - lint pf configuration - - enable pf - - restart pf + register: pf_result_generate_configuration + +- name: lint pf configuration # noqa: no-handler + ansible.builtin.command: "pfctl -nf {{ pf_configuration_file }}" + register: pf_result_lint_configuration + changed_when: + - pf_result_generate_configuration.changed + - pf_result_lint_configuration.rc != 0 + +- name: restart pf # noqa: no-handler + ansible.builtin.command: pfctl -f "{{ pf_configuration_file }}" + when: pf_result_generate_configuration.changed - name: test pf rules ansible.builtin.wait_for: port: "{{ item }}" - delay: 2 + delay: "{{ pf_test_delay }}" state: started loop: "{{ pf_test_ports }}" + +- name: enable pf + ansible.builtin.command: pfctl -e + register: pf_result_enable + changed_when: + - "'already enabled' not in pf_result_enable.stderr" + failed_when: + - pf_result_enable.rc != 0 + - "'already enabled' not in pf_result_enable.stderr" -- cgit v1.2.3