firewall playbook using when module

[Anu R]

I am trying to create a playbook to check if the firewall is running, if so add the rsyslog port. If the firewall is not running, id like to skip the port adding step. Please share some docs. I can't seem to find any. So far I've came up with this...

#  - name: ensure that firewalld is running

#    service:

#     name: “syslog”

#     state: started

#     enabled: yes

#    register: firewalld_status

#  - debug: msg="firewalld is running"

#    when: firewalld_status.stdout.find("running") != -1

#

#  - debug: msg="firewalld is not running"

#    when: firewalld_status.stdout.find("running") == -1

- name: Try to restart 1514 if not started

#    service:

#      name: rsyslog

#      state: started

#      enabled: yes

#    when: port_check.failed == true

 # - name: Check if firewall running

 #   service:

 #     name: rsyslog

 #     state: started

     # register: firewall_running

     # check_mode: true

#  - name: Add syslog port to firewall

#    when: not firewall_running is changed

[Dick Visser]

You say you want to add a port to the firewall if it’s running. But your playbook logic currently first makes sure that the firewall is running (state=started). So the subsequent conditional tasks for when firewalld is NOT running will never be executed. 

You have to make a clear decision what you want to do. Either go for ensuring firewalld is running and add that port. 

Or only check if it’s running and if it is, add the port. 

You can use 

https://docs.ansible.com/ansible/latest/modules/service_facts_module.html for this. 

BTW I don’t understand what the rsyslog service is needed for... the task name (“Try to restart 1514 if not started” ??) doesn’t match what that task does (ensuring rsyslog is started and enabled).

It also uses a variable called port_check which is unknown, which leads me to believe there are other prior tasks involved?

Dick

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/b7a39f32-1b4e-440a-91a2-a27cfa6168f8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Sent from a mobile device - please excuse the brevity, spelling and punctuation.