parent
7524fc3cbe
commit
989a130e1f
@ -0,0 +1,94 @@ |
||||
#!/usr/bin/python |
||||
# -*- coding: utf-8 -*- |
||||
|
||||
# (c) 2013, James Martin <jmartin@basho.com> |
||||
# |
||||
# This file is part of Ansible |
||||
# |
||||
# Ansible is free software: you can redistribute it and/or modify |
||||
# it under the terms of the GNU General Public License as published by |
||||
# the Free Software Foundation, either version 3 of the License, or |
||||
# (at your option) any later version. |
||||
# |
||||
# Ansible is distributed in the hope that it will be useful, |
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
# GNU General Public License for more details. |
||||
# |
||||
# You should have received a copy of the GNU General Public License |
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>. |
||||
# |
||||
DOCUMENTATION = ''' |
||||
--- |
||||
module: uffw |
||||
short_description: This module handles some basic ubuntu ufw operations |
||||
description: |
||||
- This module handles some basic ubuntu ufw operations |
||||
|
||||
version_added: "1.2" |
||||
options: |
||||
allow: |
||||
description: |
||||
- The application you want to allow. Must have a ufw app definiation already defined. |
||||
required: false |
||||
default: OpenSSH |
||||
aliases: [] |
||||
enable: |
||||
description: |
||||
- Enable the firewall |
||||
required: false |
||||
default: False |
||||
aliases: [] |
||||
''' |
||||
|
||||
|
||||
|
||||
def main(): |
||||
|
||||
ansible_facts = {} |
||||
arg_spec = dict( |
||||
allow=dict( default='OpenSSH'), |
||||
enable=dict(default=False, type='bool') |
||||
) |
||||
|
||||
result = {} |
||||
|
||||
module = AnsibleModule(argument_spec=arg_spec) |
||||
enable = module.params.get('enable') |
||||
app = module.params.get('allow') |
||||
|
||||
rc, out, err = module.run_command("ufw allow %s" % app) |
||||
if rc == 1: |
||||
module.fail_json(msg=out + err) |
||||
if out.find('Skipping') != -1: |
||||
result['changed'] = False |
||||
else: |
||||
result['changed'] = True |
||||
|
||||
result['output'] = out |
||||
|
||||
|
||||
|
||||
rc, out, err = module.run_command("ufw status|grep Status|cut -f2 -d ' '") |
||||
out=out.strip() |
||||
result['status'] = out |
||||
|
||||
if rc == 1: |
||||
module.fail_json(msg=out + err) |
||||
|
||||
if out == 'inactive' and enable == True: |
||||
rc, out, err = module.run_command("ufw -f enable") |
||||
result['changed'] = True |
||||
|
||||
if out == 'active' and enable == False: |
||||
rc, out, err = module.run_command("ufw disable") |
||||
result['changed'] = True |
||||
|
||||
result['status'] = out |
||||
|
||||
module.exit_json(**result) |
||||
|
||||
# this is magic, see lib/ansible/module_common.py |
||||
#<<INCLUDE_ANSIBLE_MODULE_COMMON>> |
||||
|
||||
main() |
@ -1,4 +0,0 @@ |
||||
--- |
||||
|
||||
- name: ufw |
||||
shell: ufw allow riak && ufw app update riak |
Reference in new issue