diff --git a/roles/base/meta/main.yml b/roles/base/meta/main.yml
index bddea6df6ecccfa3b23a4863d124ac735c56ea5a..e531fa82a675f85c5ff35e3a20279a417b3ea353 100644
--- a/roles/base/meta/main.yml
+++ b/roles/base/meta/main.yml
@@ -10,7 +10,8 @@ dependencies:
- role: users
- role: postfix
- role: ntp
- - role: ferm
+ - role: ferm-install
+ - role: ferm-configure
- role: fail2ban
...
diff --git a/roles/celerity/tasks/main.yml b/roles/celerity/tasks/main.yml
index fdc66eb520d1bc45c835441f1c5d9ea38df3bf09..4adaea82ab529b3970f342d452095b43793981f1 100644
--- a/roles/celerity/tasks/main.yml
+++ b/roles/celerity/tasks/main.yml
@@ -38,7 +38,7 @@
ferm_output_rules: "{{ celerity_ferm_output_rules }}"
ferm_global_settings: "{{ celerity_ferm_global_settings }}"
include_role:
- name: ferm
+ name: ferm-configure
- meta: flush_handlers
diff --git a/roles/cluster/tasks/main.yml b/roles/cluster/tasks/main.yml
index b0c08ed8cb0268f6a7aa0828d821fd56a471bf4e..a7af0e3d82940aeb06cc343724bebb4475c98472 100644
--- a/roles/cluster/tasks/main.yml
+++ b/roles/cluster/tasks/main.yml
@@ -250,6 +250,6 @@
ferm_input_rules: "{{ cluster_fw_input }}"
ferm_output_rules: "{{ cluster_fw_output }}"
include_role:
- name: ferm
+ name: ferm-configure
...
diff --git a/roles/ferm-configure/defaults/main.yml b/roles/ferm-configure/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..947f9f5b836d280a446994e0ed3642774eeeeac2
--- /dev/null
+++ b/roles/ferm-configure/defaults/main.yml
@@ -0,0 +1,19 @@
+---
+
+# filename into which rules will be written
+# /etc/ferm/{ferm|input|output|forward}.d/<filename>.conf
+ferm_rules_filename: default
+
+# input rule
+ferm_input_rules: []
+
+# ouput rule
+ferm_output_rules: []
+
+# forward rule
+ferm_forward_rules: []
+
+# global settings to be put in ferm.d directory
+ferm_global_settings:
+
+...
diff --git a/roles/ferm/handlers/main.yml b/roles/ferm-configure/handlers/main.yml
similarity index 56%
rename from roles/ferm/handlers/main.yml
rename to roles/ferm-configure/handlers/main.yml
index 396bf92f338891a883b1c7e315fa4e3f5d2de8e7..920efd0e606e42d3ad642e2cc27a7f93fa5d29f6 100644
--- a/roles/ferm/handlers/main.yml
+++ b/roles/ferm-configure/handlers/main.yml
@@ -1,10 +1,7 @@
---
-- name: reload systemd
- systemd:
- daemon_reload: true
-
- name: restart ferm
+ when: ansible_facts.services['ferm.service'] is defined
systemd:
name: ferm
state: restarted
diff --git a/roles/ferm/tasks/main.yml b/roles/ferm-configure/tasks/main.yml
similarity index 91%
rename from roles/ferm/tasks/main.yml
rename to roles/ferm-configure/tasks/main.yml
index 9223a58bb072d5c45aa7e7db1d7cba731645cda0..a10cf787ca6f978c32ac4842bac4eedcd031ab2c 100644
--- a/roles/ferm/tasks/main.yml
+++ b/roles/ferm-configure/tasks/main.yml
@@ -1,27 +1,8 @@
---
-- name: packages
- apt:
- force_apt_get: true
- install_recommends: false
- name: "{{ ferm_packages }}"
-
-- name: configuration
- notify: restart ferm
- template:
- src: ferm.conf.j2
- dest: /etc/ferm/ferm.conf
- backup: true
-
-- name: global
- when: ferm_global_settings | d(false)
- notify: restart ferm
- copy:
- dest: /etc/ferm/ferm.d/{{ ferm_rules_filename }}.conf
- content: "{{ ferm_global_settings }}"
-
- name: directories
loop:
+ - /etc/ferm/ferm.d
- /etc/ferm/input.d
- /etc/ferm/output.d
- /etc/ferm/forward.d
@@ -29,6 +10,13 @@
path: "{{ item }}"
state: directory
+- name: global
+ when: ferm_global_settings | d(false)
+ notify: restart ferm
+ copy:
+ dest: /etc/ferm/ferm.d/{{ ferm_rules_filename }}.conf
+ content: "{{ ferm_global_settings }}"
+
- name: input
when: ferm_input_rules | length > 0
notify: restart ferm
@@ -80,10 +68,4 @@
{% if rule.policy is defined and rule.policy %}{{ rule.policy | upper }}{% else %}ACCEPT{% endif %};
{% endfor %}
-- name: service
- systemd:
- name: ferm
- enabled: true
- state: started
-
...
diff --git a/roles/ferm/defaults/main.yml b/roles/ferm-install/defaults/main.yml
similarity index 65%
rename from roles/ferm/defaults/main.yml
rename to roles/ferm-install/defaults/main.yml
index f594f1eca3fa50d11d099187a38ca4ddebb4791b..fc3d06fb67fb0d3a1e787489a6f907e0d274b26e 100644
--- a/roles/ferm/defaults/main.yml
+++ b/roles/ferm-install/defaults/main.yml
@@ -19,23 +19,7 @@ ferm_forward_policy: DROP
ferm_forward_log: true
ferm_forward_log_prefix: "{{ ferm_forward_policy }} FORWARD "
-# filename into which rules will be written
-# /etc/ferm/{ferm|input|output|forward}.d/<filename>.conf
-ferm_rules_filename: default
-
# enable anti-lockout rule
ferm_antilockout_enabled: true
-# input rule
-ferm_input_rules: []
-
-# ouput rule
-ferm_output_rules: []
-
-# forward rule
-ferm_forward_rules: []
-
-# global settings to be put in ferm.d directory
-ferm_global_settings:
-
...
diff --git a/roles/ferm-install/handlers/main.yml b/roles/ferm-install/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c2f8c0cb26f95dae4bacb2b598273310abd7bc20
--- /dev/null
+++ b/roles/ferm-install/handlers/main.yml
@@ -0,0 +1,8 @@
+---
+
+- name: restart ferm
+ systemd:
+ name: ferm
+ state: restarted
+
+...
diff --git a/roles/ferm-install/tasks/main.yml b/roles/ferm-install/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..f9d89a3b27dec4ba2a7bc12962757dc61368b412
--- /dev/null
+++ b/roles/ferm-install/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+
+- name: packages
+ apt:
+ force_apt_get: true
+ install_recommends: false
+ name: "{{ ferm_packages }}"
+
+- name: configuration
+ notify: restart ferm
+ template:
+ src: ferm.conf.j2
+ dest: /etc/ferm/ferm.conf
+ backup: true
+
+- name: service
+ systemd:
+ name: ferm
+ enabled: true
+ masked: no
+ state: started
+
+...
diff --git a/roles/ferm/templates/ferm.conf.j2 b/roles/ferm-install/templates/ferm.conf.j2
similarity index 100%
rename from roles/ferm/templates/ferm.conf.j2
rename to roles/ferm-install/templates/ferm.conf.j2
diff --git a/roles/mediaimport/tasks/main.yml b/roles/mediaimport/tasks/main.yml
index d4b9835d3ac804cb1a0a6a2c7e4ced58d0c300c2..394e20cb69678c5cf80a41edb2d9036c790856d8 100644
--- a/roles/mediaimport/tasks/main.yml
+++ b/roles/mediaimport/tasks/main.yml
@@ -171,7 +171,7 @@
ferm_output_rules: "{{ import_ferm_output_rules }}"
ferm_global_settings: "{{ import_ferm_global_settings }}"
include_role:
- name: ferm
+ name: ferm-configure
- meta: flush_handlers
diff --git a/roles/mediaserver/tasks/main.yml b/roles/mediaserver/tasks/main.yml
index e3a37940a7c8a06173777187a89010ea52f0fc8a..8451549366bf7c17572bc3fc548970a101e1aa0f 100644
--- a/roles/mediaserver/tasks/main.yml
+++ b/roles/mediaserver/tasks/main.yml
@@ -123,7 +123,7 @@
ferm_output_rules: "{{ server_ferm_output_rules }}"
ferm_global_settings: "{{ server_ferm_global_settings }}"
include_role:
- name: ferm
+ name: ferm-configure
- meta: flush_handlers
diff --git a/roles/mediavault/tasks/main.yml b/roles/mediavault/tasks/main.yml
index 4b292ff626f817cbb00c6f251980dc43a063cbd5..9aff91e4657c9007c5df0c229180a4c6e5981395 100644
--- a/roles/mediavault/tasks/main.yml
+++ b/roles/mediavault/tasks/main.yml
@@ -111,7 +111,7 @@
ferm_output_rules: "{{ mv_ferm_output_rules }}"
ferm_global_settings: "{{ mv_ferm_global_settings }}"
include_role:
- name: ferm
+ name: ferm-configure
- meta: flush_handlers
diff --git a/roles/mediaworker/tasks/main.yml b/roles/mediaworker/tasks/main.yml
index 8663c1ceb894cb194e5d2f04cc3e8eb095c77ec6..29aed5a031bc6b3759e9e40f1aec93638c4a6d65 100644
--- a/roles/mediaworker/tasks/main.yml
+++ b/roles/mediaworker/tasks/main.yml
@@ -28,7 +28,7 @@
ferm_output_rules: "{{ worker_ferm_output_rules }}"
ferm_global_settings: "{{ worker_ferm_global_settings }}"
include_role:
- name: ferm
+ name: ferm-configure
- meta: flush_handlers
diff --git a/roles/mirismanager/tasks/main.yml b/roles/mirismanager/tasks/main.yml
index 80ebfd4b0e428f6cd056e5789abfa96d5561c8d7..6400f143b45e02353fce7592c9a645ee269a2b6a 100644
--- a/roles/mirismanager/tasks/main.yml
+++ b/roles/mirismanager/tasks/main.yml
@@ -88,7 +88,7 @@
ferm_output_rules: "{{ manager_ferm_output_rules }}"
ferm_global_settings: "{{ manager_ferm_global_settings }}"
include_role:
- name: ferm
+ name: ferm-configure
- meta: flush_handlers
diff --git a/roles/msmonitor/tasks/main.yml b/roles/msmonitor/tasks/main.yml
index e8918495c681a6ea59efd8cddc74978b037ec0b8..68de7d550d3bbf26f3db642772c36d1b17bd6beb 100644
--- a/roles/msmonitor/tasks/main.yml
+++ b/roles/msmonitor/tasks/main.yml
@@ -65,7 +65,7 @@
ferm_output_rules: "{{ monitor_ferm_output_rules }}"
ferm_global_settings: "{{ monitor_ferm_global_settings }}"
include_role:
- name: ferm
+ name: ferm-configure
- meta: flush_handlers
diff --git a/roles/netcapture/tasks/main.yml b/roles/netcapture/tasks/main.yml
index b514e7484d21be411d25bd4ed3111296b141d419..3a58e94b3211f51a47b404d06dce835854f94aff 100644
--- a/roles/netcapture/tasks/main.yml
+++ b/roles/netcapture/tasks/main.yml
@@ -77,7 +77,7 @@
ferm_output_rules: "{{ netcapture_ferm_output_rules }}"
ferm_global_settings: "{{ netcapture_ferm_global_settings }}"
include_role:
- name: ferm
+ name: ferm-configure
- meta: flush_handlers
diff --git a/roles/ocfs2/tasks/main.yml b/roles/ocfs2/tasks/main.yml
index 844a1b07e83a2fb5ef906dd6b853d2e36d3667d7..7791cab5cccaff9afd4bee8f11c1c9f15034b9d3 100644
--- a/roles/ocfs2/tasks/main.yml
+++ b/roles/ocfs2/tasks/main.yml
@@ -48,6 +48,6 @@
ferm_output_rules: "{{ ocfs2_ferm_output_rules }}"
ferm_global_settings: "{{ ocfs2_ferm_global_settings }}"
include_role:
- name: ferm
+ name: ferm-configure
...
diff --git a/roles/postgres/tasks/main.yml b/roles/postgres/tasks/main.yml
index 3369d9074a0b863fd11ff2ed128dac4f0d09e1d5..babca7afdaa15d52ccd239b9a87f21ca1e0dbd62 100644
--- a/roles/postgres/tasks/main.yml
+++ b/roles/postgres/tasks/main.yml
@@ -108,7 +108,7 @@
ferm_output_rules: "{{ pg_ferm_output_rules }}"
ferm_global_settings: "{{ pg_ferm_global_settings }}"
include_role:
- name: ferm
+ name: ferm-configure
- meta: flush_handlers
diff --git a/roles/sysutils/tasks/main.yml b/roles/sysutils/tasks/main.yml
index 80bbda98bffa03fdf5f1979d45949af4fca218c1..ac51466c95d8b5e27de1047030cce75b84c1f75f 100644
--- a/roles/sysutils/tasks/main.yml
+++ b/roles/sysutils/tasks/main.yml
@@ -29,6 +29,6 @@
ferm_output_rules: "{{ sysutils_ferm_output_rules }}"
ferm_global_settings: "{{ sysutils_ferm_global_settings }}"
include_role:
- name: ferm
+ name: ferm-configure
...
diff --git a/roles/wowza/meta/main.yml b/roles/wowza/meta/main.yml
deleted file mode 100644
index e45d692ae3567f856967cd6f66c91d13e2e94e4e..0000000000000000000000000000000000000000
--- a/roles/wowza/meta/main.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-
-dependencies:
- - role: base
-
-...
diff --git a/roles/wowza/tasks/main.yml b/roles/wowza/tasks/main.yml
index b538a83378f3c91929fb3d2c7f2825d19cd7703a..49dca090cafc2b53d07477e72c9c98abbcd41ecd 100644
--- a/roles/wowza/tasks/main.yml
+++ b/roles/wowza/tasks/main.yml
@@ -117,7 +117,7 @@
ferm_output_rules: "{{ wowza_ferm_output_rules }}"
ferm_global_settings: "{{ wowza_ferm_global_settings }}"
include_role:
- name: ferm
+ name: ferm-configure
- meta: flush_handlers