Newer
Older
force_apt_get: true
install_recommends: false
name: "{{ ferm_packages }}"
register: apt_status
retries: 60
until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
- name: remove default nftables package
ansible.builtin.apt:
state: absent
purge: true
autoremove: true
name: nftables
register: apt_status
retries: 60
until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
- name: use iptables-legacy
ansible.builtin.shell: |
update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
register: cmd
changed_when: "'using /usr/sbin/iptables-legacy to provide /usr/sbin/iptables (iptables) in manual mode' in cmd.stdout"
- name: reboot the server to avoid kernel module bug (#38332)
ansible.builtin.reboot:
changed_when: false
- name: directories
loop:
- /etc/ferm/ferm.d
- /etc/ferm/input.d
- /etc/ferm/output.d
- /etc/ferm/forward.d
ansible.builtin.file:
path: "{{ item }}"
state: directory
mode: "755"
- name: configuration
notify: restart ferm
src: ferm.conf.j2
dest: /etc/ferm/ferm.conf
backup: true
name: ferm
enabled: true
masked: false
state: started