From 2c7b7f6a43089bdd45d6d3713781714b84d74fec Mon Sep 17 00:00:00 2001 From: Jonathan Piron <> Date: Sun, 23 Feb 2020 15:44:03 +0100 Subject: [PATCH] Move custom configurations management to dedicated tasks list This allows to use the `tasks_from` parameter of the `import_role` module. For instance, one could run something like : ``` - name: "Create Traefik fail2ban configuration." import_role: name: ansible-fail2ban tasks_from: copy_custom_configurations become: True vars: fail2ban_filterd_path: "{{ traefik_fail2ban_filterd_path }}" fail2ban_actiond_path: "{{ traefik_fail2ban_actiond_path }}" fail2ban_jaild_path: "{{ traefik_fail2ban_jaild_path }}" ``` from a Traefik playbook to just add Traefik specific Fail2ban configuration without reconfiguring everything. --- tasks/copy_actions.yml | 12 ++++++++ tasks/copy_custom_configurations.yml | 11 +++++++ tasks/copy_filters.yml | 12 ++++++++ tasks/copy_jails.yml | 12 ++++++++ tasks/main.yml | 43 ++-------------------------- 5 files changed, 49 insertions(+), 41 deletions(-) create mode 100644 tasks/copy_actions.yml create mode 100644 tasks/copy_custom_configurations.yml create mode 100644 tasks/copy_filters.yml create mode 100644 tasks/copy_jails.yml diff --git a/tasks/copy_actions.yml b/tasks/copy_actions.yml new file mode 100644 index 0000000..b74f2e9 --- /dev/null +++ b/tasks/copy_actions.yml @@ -0,0 +1,12 @@ +- name: copy actions + ansible.builtin.copy: + src: "{{ fail2ban_actiond_path }}" + dest: /etc/fail2ban/action.d/ + owner: root + group: root + mode: '0644' + notify: restart fail2ban + tags: + - configuration + - fail2ban + - fail2ban-actions diff --git a/tasks/copy_custom_configurations.yml b/tasks/copy_custom_configurations.yml new file mode 100644 index 0000000..07dbf4c --- /dev/null +++ b/tasks/copy_custom_configurations.yml @@ -0,0 +1,11 @@ +- name: copy filters + ansible.builtin.import_tasks: copy_filters.yml + when: fail2ban_filterd_path is defined + +- name: copy actions + ansible.builtin.import_tasks: copy_actions.yml + when: fail2ban_actiond_path is defined + +- name: copy jails + ansible.builtin.import_tasks: copy_jails.yml + when: fail2ban_jaild_path is defined diff --git a/tasks/copy_filters.yml b/tasks/copy_filters.yml new file mode 100644 index 0000000..2d1ab99 --- /dev/null +++ b/tasks/copy_filters.yml @@ -0,0 +1,12 @@ +- name: copy filters + ansible.builtin.copy: + src: "{{ fail2ban_filterd_path }}" + dest: /etc/fail2ban/filter.d/ + owner: root + group: root + mode: '0644' + notify: restart fail2ban + tags: + - configuration + - fail2ban + - fail2ban-filters diff --git a/tasks/copy_jails.yml b/tasks/copy_jails.yml new file mode 100644 index 0000000..d139d17 --- /dev/null +++ b/tasks/copy_jails.yml @@ -0,0 +1,12 @@ +- name: copy jails + ansible.builtin.copy: + src: "{{ fail2ban_jaild_path }}" + dest: /etc/fail2ban/jail.d/ + owner: root + group: root + mode: '0644' + notify: restart fail2ban + tags: + - configuration + - fail2ban + - fail2ban-jails diff --git a/tasks/main.yml b/tasks/main.yml index b097045..fc98088 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -71,47 +71,8 @@ - fail2ban-configuration - fail2ban-configuration-update -- name: copy filters - ansible.builtin.copy: - src: "{{ fail2ban_filterd_path }}" - dest: /etc/fail2ban/filter.d/ - owner: root - group: root - mode: '0644' - when: fail2ban_filterd_path is defined - notify: restart fail2ban - tags: - - configuration - - fail2ban - - fail2ban-filters - -- name: copy actions - ansible.builtin.copy: - src: "{{ fail2ban_actiond_path }}" - dest: /etc/fail2ban/action.d/ - owner: root - group: root - mode: '0644' - when: fail2ban_actiond_path is defined - notify: restart fail2ban - tags: - - configuration - - fail2ban - - fail2ban-actions - -- name: copy jails - ansible.builtin.copy: - src: "{{ fail2ban_jaild_path }}" - dest: /etc/fail2ban/jail.d/ - owner: root - group: root - mode: '0644' - when: fail2ban_jaild_path is defined - notify: restart fail2ban - tags: - - configuration - - fail2ban - - fail2ban-jails +- name: copy custom configurations + ansible.builtin.import_tasks: copy_custom_configurations.yml - name: start and enable service ansible.builtin.service: