From 989a130e1fb31f792d25d9fccc4972f3b2cdccca Mon Sep 17 00:00:00 2001 From: James Martin Date: Thu, 9 May 2013 20:04:17 -0400 Subject: [PATCH] Using ufw module for ubuntu plays. --- riak/library/ufw | 94 ++++++++++++++++++++++++ riak/roles/riak/ubuntu/handlers/main.yml | 4 - riak/roles/riak/ubuntu/tasks/main.yml | 4 +- 3 files changed, 96 insertions(+), 6 deletions(-) create mode 100644 riak/library/ufw delete mode 100644 riak/roles/riak/ubuntu/handlers/main.yml diff --git a/riak/library/ufw b/riak/library/ufw new file mode 100644 index 0000000..5dcdb83 --- /dev/null +++ b/riak/library/ufw @@ -0,0 +1,94 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# (c) 2013, James Martin +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# +DOCUMENTATION = ''' +--- +module: uffw +short_description: This module handles some basic ubuntu ufw operations +description: + - This module handles some basic ubuntu ufw operations + +version_added: "1.2" +options: + allow: + description: + - The application you want to allow. Must have a ufw app definiation already defined. + required: false + default: OpenSSH + aliases: [] + enable: + description: + - Enable the firewall + required: false + default: False + aliases: [] +''' + + + +def main(): + + ansible_facts = {} + arg_spec = dict( + allow=dict( default='OpenSSH'), + enable=dict(default=False, type='bool') + ) + + result = {} + + module = AnsibleModule(argument_spec=arg_spec) + enable = module.params.get('enable') + app = module.params.get('allow') + + rc, out, err = module.run_command("ufw allow %s" % app) + if rc == 1: + module.fail_json(msg=out + err) + if out.find('Skipping') != -1: + result['changed'] = False + else: + result['changed'] = True + + result['output'] = out + + + + rc, out, err = module.run_command("ufw status|grep Status|cut -f2 -d ' '") + out=out.strip() + result['status'] = out + + if rc == 1: + module.fail_json(msg=out + err) + + if out == 'inactive' and enable == True: + rc, out, err = module.run_command("ufw -f enable") + result['changed'] = True + + if out == 'active' and enable == False: + rc, out, err = module.run_command("ufw disable") + result['changed'] = True + + result['status'] = out + + module.exit_json(**result) + +# this is magic, see lib/ansible/module_common.py +#<> + +main() diff --git a/riak/roles/riak/ubuntu/handlers/main.yml b/riak/roles/riak/ubuntu/handlers/main.yml deleted file mode 100644 index 7579d15..0000000 --- a/riak/roles/riak/ubuntu/handlers/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- - -- name: ufw - shell: ufw allow riak && ufw app update riak \ No newline at end of file diff --git a/riak/roles/riak/ubuntu/tasks/main.yml b/riak/roles/riak/ubuntu/tasks/main.yml index b9013ae..386accf 100644 --- a/riak/roles/riak/ubuntu/tasks/main.yml +++ b/riak/roles/riak/ubuntu/tasks/main.yml @@ -7,6 +7,6 @@ - name: configure iptables template: src=iptables.j2 dest=/etc/ufw/applications.d/riak owner=root group=root mode=0644 - notify: - - ufw +- name: update fw + ufw: enable=yes allow=riak \ No newline at end of file