Commit 8071607e authored by Lindsay Harvey's avatar Lindsay Harvey
Browse files

Make non essential file generation conditional instead of generating blank...

Make non essential file generation conditional instead of generating blank files where there are no vars
parent 30f4c414
......@@ -26,39 +26,41 @@ shorewall6_interfaces:
interface: "{{ ansible_default_ipv6.get('interface', 'eth0') }}"
options: "tcpflags,nosmurfs,sourceroute=0"
shorewall_masq: []
shorewall6_masq: []
#shorewall_masq: []
#shorewall6_masq: []
shorewall_stoppedrules: []
shorewall6_stoppedrules: []
#shorewall_params: []
#shorewall6_params: []
#shorewall_stoppedrules: []
#shorewall6_stoppedrules: []
shorewall_hosts: []
shorewall6_hosts: []
#shorewall_hosts: []
#shorewall6_hosts: []
shorewall_providers: []
shorewall6_providers: []
#shorewall_providers: []
#shorewall6_providers: []
shorewall_rtrules: []
shorewall6_rtrules: []
#shorewall_rtrules: []
#shorewall6_rtrules: []
shorewall_mangle: []
shorewall6_mangle: []
#shorewall_mangle: []
#shorewall6_mangle: []
shorewall_routes: []
shorewall6_routes: []
#shorewall_routes: []
#shorewall6_routes: []
shorewall_tcinterfaces: []
shorewall6_tcinterfaces: []
#shorewall_tcinterfaces: []
#shorewall6_tcinterfaces: []
shorewall_actions: []
shorewall6_actions: []
#shorewall_actions: []
#shorewall6_actions: []
shorewall_params: []
shorewall6_params: []
#shorewall_tunnels: []
#shorewall6_tunnels: []
shorewall_tunnels: []
shorewall6_tunnels: []
#shorewall_nat: []
#shorewall6_nat: []
shorewall_policies:
- source: "$FW"
......
......@@ -29,7 +29,7 @@
debug:
msg: "{{ shorewall_rules }}"
- name: Generate Shorewall configuration files
- name: Generate Shorewall essential configuration files
template:
dest: "/etc/shorewall/{{ item }}"
src: "shorewall/{{ item }}.j2"
......@@ -38,24 +38,189 @@
mode: 0640
with_items:
- shorewall.conf
- params
- interfaces
- zones
- policy
- rules
# - params
# - hosts
# - providers
# - tunnels
# - actions
# - stoppedrules
# - rtrules
# - mangle
# - routes
# - tcinterfaces
notify:
- restart shorewall
tags:
- configuration
- name: Generate Shorewall params configuration file
template:
dest: "/etc/shorewall/{{ item }}"
src: "shorewall/{{ item }}.j2"
owner: root
group: root
mode: 0640
with_items:
- params
notify:
- restart shorewall
tags:
- configuration
when: shorewall_params is defined
- name: Generate Shorewall routes configuration file
template:
dest: "/etc/shorewall/{{ item }}"
src: "shorewall/{{ item }}.j2"
owner: root
group: root
mode: 0640
with_items:
- routes
notify:
- restart shorewall
tags:
- configuration
when: shorewall_routes is defined
- name: Generate Shorewall tcinterfaces configuration file
template:
dest: "/etc/shorewall/{{ item }}"
src: "shorewall/{{ item }}.j2"
owner: root
group: root
mode: 0640
with_items:
- tcinterfaces
notify:
- restart shorewall
tags:
- configuration
when: shorewall_tcinterfaces is defined
- name: Generate Shorewall actions configuration file
template:
dest: "/etc/shorewall/{{ item }}"
src: "shorewall/{{ item }}.j2"
owner: root
group: root
mode: 0640
with_items:
- actions
notify:
- restart shorewall
tags:
- configuration
when: shorewall_actions is defined
- name: Generate Shorewall hosts configuration file
template:
dest: "/etc/shorewall/{{ item }}"
src: "shorewall/{{ item }}.j2"
owner: root
group: root
mode: 0640
with_items:
- hosts
notify:
- restart shorewall
tags:
- configuration
when: shorewall_hosts is defined
- name: Generate Shorewall providers configuration file
template:
dest: "/etc/shorewall/{{ item }}"
src: "shorewall/{{ item }}.j2"
owner: root
group: root
mode: 0640
with_items:
- providers
- tunnels
# - actions
- stoppedrules
notify:
- restart shorewall
tags:
- configuration
when: shorewall_providers is defined
- name: Generate Shorewall rtrules configuration file
template:
dest: "/etc/shorewall/{{ item }}"
src: "shorewall/{{ item }}.j2"
owner: root
group: root
mode: 0640
with_items:
- rtrules
notify:
- restart shorewall
tags:
- configuration
when: shorewall_rtrules is defined
- name: Generate Shorewall mangle configuration file
template:
dest: "/etc/shorewall/{{ item }}"
src: "shorewall/{{ item }}.j2"
owner: root
group: root
mode: 0640
with_items:
- mangle
- routes
- tcinterfaces
notify:
- restart shorewall
tags:
- configuration
when: shorewall_mangle is defined
- name: Generate Shorewall tunnels configuration file
template:
dest: "/etc/shorewall/{{ item }}"
src: "shorewall/{{ item }}.j2"
owner: root
group: root
mode: 0640
with_items:
- tunnels
notify:
- restart shorewall
tags:
- configuration
when: shorewall_tunnels is defined
- name: Generate Shorewall stoppedrules configuration file
template:
dest: "/etc/shorewall/{{ item }}"
src: "shorewall/{{ item }}.j2"
owner: root
group: root
mode: 0640
with_items:
- stoppedrules
notify:
- restart shorewall
tags:
- configuration
when: shorewall_stoppedrules is defined
- name: Generate Shorewall nat configuration file
template:
dest: "/etc/shorewall/{{ item }}"
src: "shorewall/{{ item }}.j2"
owner: root
group: root
mode: 0640
with_items:
- nat
notify:
- restart shorewall
tags:
- configuration
when: shorewall_nat is defined
- name: debug shorewall_version
debug:
......@@ -74,7 +239,7 @@
- restart shorewall
tags:
- configuration
when: (shorewall_version|float < 5.0)
when: (shorewall_version|float < 5.0) and (shorewall_masq is defined)
- name: Generate Shorewall snat file
template:
......@@ -89,7 +254,7 @@
- restart shorewall
tags:
- configuration
when: (shorewall_version|float >= 5.0)
when: (shorewall_version|float >= 5.0) and (shorewall_masq is defined or shorewall_snat is defined)
- name: Verify Shorewall configuration
command: shorewall check
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment