I'd recommend handling it much the same way I recommend handling users.
Create a var containing the rules and state of the rule. And have it loop
using with_items. Something like:
ufw_rules:
- port: 22
rule: allow
proto: tcp
- port: 80
delete: yes
rule: allow
proto: tcp
and then a task like:
ufw:
port: "{{ item.port }}"
rule: "{{ item.rule }}"
proto: "{{ item.proto }}"
delete: "{{ item.delete|default(omit) }}"
with_items: "{{ ufw_rules }}"
In the above, if delete is specified it is used, otherwise, if missing that
param is omitted. This is effectively how we handle this today.
On Wed, May 25, 2016 at 12:49 PM, Guy Knights <guy.knig...@gmail.com> wrote:
> Does anyone have a solution for dealing with changes to UFW rules in
> Ansible? The issue is that occasionally, I have to change a rule in some
> way (change IPs/networks, change port) but the old rule still remains. I
> could add a separate, special rule to delete the old version but that seems
> overly fiddly to me.
>
> When I was first playing around with this, I did have a rule at the
> beginning of my firewall playbook that reset UFW on every run before
> applying the rule tasks but I decided to remove it because it seems like
> the wrong approach.
>
> Thanks,
> Guy
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CANNH9mvSrq%3DYNnN%3DNUTb0vz3Qoadu4yQ2pSTia7Jx2Rbk2c76g%40mail.gmail.com
> <https://groups.google.com/d/msgid/ansible-project/CANNH9mvSrq%3DYNnN%3DNUTb0vz3Qoadu4yQ2pSTia7Jx2Rbk2c76g%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
Matt Martz
@sivel
sivel.net
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAD8N0v-fbk_hDfyyFqWVW-YSM9bgy_k4tBRDRwBG8EOA2K6tHA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
