ansible-personal/roles/common/tasks/iptables_Ubuntu.yml
Alan Orth 8851f8f631 Revert "Only update packages indexes if the cache is 1 hour old"
This reverts commit 201165cff6.

Turns out this actually breaks initial deployments, because the
cache gets updated in the first task, then you add sources for
nginx and mariadb, but it doesn't update the indexes because the
cache is < 3600 seconds old, so you end up getting the distro's
versions of nginx and mariadb.
2016-08-25 12:58:15 +03:00

36 lines
1.1 KiB
YAML

---
- name: Install iptables-persistent
when: ansible_distribution_version == '14.04'
apt: pkg=iptables-persistent update_cache=yes
tags: packages
- name: Copy /etc/iptables/rules.v4
when: ansible_distribution_version == '14.04'
template: src=iptables.j2 dest=/etc/iptables/rules.v4 owner=root mode=0600
notify:
- restart iptables-persistent
- name: Copy /etc/iptables/rules.v6
when: ansible_distribution_version == '14.04'
template: src=ip6tables.j2 dest=/etc/iptables/rules.v6 owner=root group=root mode=0600
notify:
- restart iptables-persistent
- name: Install firewalld and deps
when: ansible_distribution_version >= '15.04'
apt: pkg={{ item }} state=latest
with_items:
- firewalld
- tidy
tags: packages
- name: Copy firewalld public zone file
when: ansible_distribution_version >= '15.04'
template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600
- name: Format public.xml firewalld zone file
when: ansible_distribution_version >= '15.04'
shell: tidy -xml -iq -m -w 0 /etc/firewalld/zones/public.xml
notify:
- restart firewalld