You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
100 lines
2.5 KiB
100 lines
2.5 KiB
#!/usr/bin/python
|
|
# -*- coding: utf-8 -*-
|
|
|
|
# (c) 2013, James Martin <jmartin@basho.com>
|
|
#
|
|
# This file is part of Ansible
|
|
#
|
|
# Ansible is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# Ansible is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
DOCUMENTATION = '''
|
|
---
|
|
module: uffw
|
|
short_description: This module handles some basic ubuntu ufw operations
|
|
description:
|
|
- This module handles some basic ubuntu ufw operations
|
|
|
|
version_added: "1.2"
|
|
options:
|
|
allow:
|
|
description:
|
|
- The application you want to allow. Must have a ufw app definiation already defined.
|
|
required: false
|
|
default: OpenSSH
|
|
aliases: []
|
|
enable:
|
|
description:
|
|
- Enable the firewall
|
|
required: false
|
|
default: False
|
|
aliases: []
|
|
'''
|
|
|
|
|
|
|
|
def main():
|
|
|
|
ansible_facts = {}
|
|
arg_spec = dict(
|
|
allow=dict( default='OpenSSH'),
|
|
enable=dict(default=False, type='bool')
|
|
)
|
|
|
|
result = {}
|
|
|
|
module = AnsibleModule(argument_spec=arg_spec)
|
|
enable = module.params.get('enable')
|
|
app = module.params.get('allow')
|
|
|
|
#we always need ssh for ansible
|
|
|
|
rc, out, err = module.run_command("ufw allow OpenSSH")
|
|
if rc == 1:
|
|
module.fail_json(msg=out + err)
|
|
|
|
rc, out, err = module.run_command("ufw allow %s" % app)
|
|
if rc == 1:
|
|
module.fail_json(msg=out + err)
|
|
if out.find('Skipping') != -1:
|
|
result['changed'] = False
|
|
else:
|
|
result['changed'] = True
|
|
|
|
result['output'] = out
|
|
|
|
|
|
|
|
rc, out, err = module.run_command("ufw status|grep Status|cut -f2 -d ' '")
|
|
out=out.strip()
|
|
result['status'] = out
|
|
|
|
if rc == 1:
|
|
module.fail_json(msg=out + err)
|
|
|
|
if out == 'inactive' and enable == True:
|
|
rc, out, err = module.run_command("ufw -f enable")
|
|
result['changed'] = True
|
|
|
|
if out == 'active' and enable == False:
|
|
rc, out, err = module.run_command("ufw disable")
|
|
result['changed'] = True
|
|
|
|
result['status'] = out
|
|
|
|
module.exit_json(**result)
|
|
|
|
# this is magic, see lib/ansible/module_common.py
|
|
#<<INCLUDE_ANSIBLE_MODULE_COMMON>>
|
|
|
|
main()
|
|
|