firewall: using the validate arg for testing the config

author: Egor Tensin <Egor.Tensin@gmail.com> 2023-09-01 01:52:17 +0200
committer: Egor Tensin <Egor.Tensin@gmail.com> 2023-09-01 01:56:40 +0200
commit: a3d39b262e525937bfbbd0abb6e5b9e36668d6a6 (patch)
tree: 60437573320fad15800eb3086ca1639d40f887be /roles/firewall/tasks/main.yml
parent: fix some ansible-lint warnings (diff)
download: infra-ansible-a3d39b262e525937bfbbd0abb6e5b9e36668d6a6.tar.gz
infra-ansible-a3d39b262e525937bfbbd0abb6e5b9e36668d6a6.zip
1 files changed, 9 insertions, 1 deletions
diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml
index c17a4e3..909eaa4 100644
--- a/roles/firewall/tasks/main.yml
+++ b/roles/firewall/tasks/main.yml
@@ -6,7 +6,15 @@
     install_recommends: false
 
 - name: Configure rule files
-  ansible.builtin.include_tasks: file.yml
+  become: true
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: root
+    group: root
+    mode: '640'
+    validate: '/usr/sbin/{{ item.tool }}-restore --test %s'
+  notify: firewall_reboot
   loop:
     - {src: rules.v4.j2, dest: /etc/iptables/rules.v4, tool: iptables}
     - {src: rules.v6.j2, dest: /etc/iptables/rules.v6, tool: ip6tables}
author	Egor Tensin <Egor.Tensin@gmail.com>	2023-09-01 01:52:17 +0200
committer	Egor Tensin <Egor.Tensin@gmail.com>	2023-09-01 01:56:40 +0200
commit	a3d39b262e525937bfbbd0abb6e5b9e36668d6a6 (patch)
tree	60437573320fad15800eb3086ca1639d40f887be /roles/firewall/tasks/main.yml
parent	fix some ansible-lint warnings (diff)
download	infra-ansible-a3d39b262e525937bfbbd0abb6e5b9e36668d6a6.tar.gz infra-ansible-a3d39b262e525937bfbbd0abb6e5b9e36668d6a6.zip