Verified Commit d68771ea authored by Sven-Hendrik Haase's avatar Sven-Hendrik Haase
Browse files

Fix for ansible 2.10 (fixes #149)

parent 15a05e07
Pipeline #1809 passed with stage
in 38 seconds
......@@ -5,7 +5,7 @@
remote_user: root
tasks:
- name: open firewall holes for services
firewalld: service={{ item }} permanent=true state=enabled immediate=yes
ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
with_items:
- http
- https
......@@ -17,7 +17,7 @@
- firewall
- name: open firewall holes for ports
firewalld: port={{ item }} permanent=true state=enabled immediate=yes
ansible.posix.firewalld: port={{ item }} permanent=true state=enabled immediate=yes
with_items:
- 6969/tcp
- 4949/tcp
......
......@@ -4,7 +4,7 @@
hosts: 127.0.0.1
tasks:
- name: create borg-keys directory
file: path="{{ playbook_dir }}/../../borg-keys/" state=directory mode=preserve
file: path="{{ playbook_dir }}/../../borg-keys/" state=directory mode=preserve # noqa 208
- name: fetch borg keys
hosts: borg_clients
......
......@@ -172,7 +172,12 @@
- name: deploy new smartgit release
become: true
become_user: "{{ aurweb_user }}"
file: path=/etc/uwsgi/vassals/smartgit.ini state=touch mode=preserve
file:
path: /etc/uwsgi/vassals/smartgit.ini
state: touch
owner: "{{ aurweb_user }}"
group: http
mode: 0644
when: git.changed
- name: create git repo dir
......
......@@ -23,7 +23,7 @@
daemon_reload: yes
- name: open firewall holes for certbot standalone authenticator
firewalld: service={{ item }} permanent=true state=enabled immediate=yes
ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
with_items:
- http
when: configure_firewall
......
......@@ -295,7 +295,7 @@
service: name=rsyncd.socket enabled=yes state=started
- name: open firewall holes for rsync
firewalld: service=rsyncd permanent=true state=enabled immediate=yes
ansible.posix.firewalld: service=rsyncd permanent=true state=enabled immediate=yes
when: configure_firewall
tags:
- firewall
......@@ -307,7 +307,7 @@
service: name=svnserve enabled=yes state=started
- name: open firewall holes for svnserve
firewalld: port=3690/tcp permanent=true state=enabled immediate=yes
ansible.posix.firewalld: port=3690/tcp permanent=true state=enabled immediate=yes
when: configure_firewall
tags:
- firewall
......
......@@ -21,7 +21,7 @@
service: name=dovecot enabled=yes state=started
- name: open firewall holes
firewalld: service={{ item }} permanent=true state=enabled immediate=yes
ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
with_items:
- pop3
- pop3s
......
......@@ -17,7 +17,7 @@
state: "{{ configure_firewall | ternary('started', 'stopped') }}"
- name: disable default dhcpv6-client rule
firewalld:
ansible.posix.firewalld:
service: dhcpv6-client
state: disabled
immediate: yes
......
......@@ -86,7 +86,7 @@
- "/srv/gitlab/data:/var/opt/gitlab"
- name: open firewall holes
firewalld: port={{ item }} permanent=true state=enabled immediate=yes
ansible.posix.firewalld: port={{ item }} permanent=true state=enabled immediate=yes
when: configure_firewall
with_items:
- "80/tcp"
......@@ -97,7 +97,7 @@
- firewall
- name: make docker0 interface trusted
firewalld: interface=docker0 zone=trusted permanent=true state=enabled immediate=yes
ansible.posix.firewalld: interface=docker0 zone=trusted permanent=true state=enabled immediate=yes
when: configure_firewall
tags:
- firewall
......@@ -8,7 +8,7 @@
systemd: name=docker enabled=yes state=started daemon_reload=yes
- name: make docker0 interface trusted
firewalld: interface=docker0 zone=trusted permanent=true state=enabled immediate=yes
ansible.posix.firewalld: interface=docker0 zone=trusted permanent=true state=enabled immediate=yes
when: configure_firewall
tags:
- firewall
......
......@@ -27,7 +27,7 @@
service: name=keycloak enabled=yes state=started
- name: open firewall hole
firewalld: port={{ item }} permanent=true state=enabled immediate=yes
ansible.posix.firewalld: port={{ item }} permanent=true state=enabled immediate=yes
when: configure_firewall
with_items:
- 80/tcp
......
......@@ -195,7 +195,7 @@
- restart matrix-appservice-irc
- name: open firewall holes
firewalld: port={{ item }} permanent=true state=enabled immediate=yes
ansible.posix.firewalld: port={{ item }} permanent=true state=enabled immediate=yes
with_items:
- 113/tcp
when: configure_firewall
......
......@@ -56,7 +56,7 @@
service: name=nginx enabled=yes
- name: open firewall holes
firewalld: service={{ item }} permanent=true state=enabled immediate=yes
ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
with_items:
- http
- https
......
......@@ -104,7 +104,7 @@
create_home: no
- name: open firewall holes
firewalld: service={{ item }} permanent=true state=enabled immediate=yes
ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
with_items:
- smtp
- smtp-submission
......
......@@ -67,7 +67,7 @@
when: postgres_ssl == 'on'
- name: open firewall holes to known postgresql ipv4 clients
firewalld: permanent=true state=enabled immediate=yes
ansible.posix.firewalld: permanent=true state=enabled immediate=yes
rich_rule="rule family=ipv4 source address={{ item }} port protocol=tcp port=5432 accept"
with_items: "{{ postgres_ssl_hosts4 }}"
when: configure_firewall
......@@ -75,7 +75,7 @@
- firewall
- name: open firewall holes to known postgresql ipv6 clients
firewalld: permanent=true state=enabled immediate=yes
ansible.posix.firewalld: permanent=true state=enabled immediate=yes
rich_rule="rule family=ipv6 source address={{ item }} port protocol=tcp port=5432 accept"
with_items: "{{ postgres_ssl_hosts6 }}"
when: configure_firewall
......
......@@ -110,21 +110,21 @@
when: "'memcached' in group_names"
- name: open prometheus-node-exporter ipv4 port for monitoring.archlinux.org
firewalld: state=enabled permanent=true immediate=yes
ansible.posix.firewalld: state=enabled permanent=true immediate=yes
rich_rule="rule family=ipv4 source address={{ hostvars['monitoring.archlinux.org']['ipv4_address'] }} port protocol=tcp port={{ prometheus_exporter_port }} accept"
when: "'prometheus' not in group_names"
- name: open gitlab exporter ipv4 port for monitoring.archlinux.org
firewalld: state=enabled permanent=true immediate=yes
ansible.posix.firewalld: state=enabled permanent=true immediate=yes
rich_rule="rule family=ipv4 source address={{ hostvars['monitoring.archlinux.org']['ipv4_address'] }} port protocol=tcp port={{ gitlab_runner_exporter_port }} accept"
when: "'gitlab_runners' in group_names"
- name: open prometheus mysqld exporter ipv4 port for monitoring.archlinux.org
firewalld: state=enabled permanent=true immediate=yes
ansible.posix.firewalld: state=enabled permanent=true immediate=yes
rich_rule="rule family=ipv4 source address={{ hostvars['monitoring.archlinux.org']['ipv4_address'] }} port protocol=tcp port={{ prometheus_mysqld_exporter_port }} accept"
when: "'mysql_servers' in group_names"
- name: open prometheus memcached exporter ipv4 port for monitoring.archlinux.org
firewalld: state=enabled permanent=true immediate=yes
ansible.posix.firewalld: state=enabled permanent=true immediate=yes
rich_rule="rule family=ipv4 source address={{ hostvars['monitoring.archlinux.org']['ipv4_address'] }} port protocol=tcp port={{ prometheus_memcached_exporter_port }} accept"
when: "'memcached' in group_names"
......@@ -57,7 +57,7 @@
- clean-quassel.timer
- name: open firewall holes
firewalld: port={{ item }} permanent=true state=enabled immediate=yes
ansible.posix.firewalld: port={{ item }} permanent=true state=enabled immediate=yes
with_items:
- 4242/tcp
- 113/tcp
......
......@@ -22,7 +22,7 @@
service: name=sshd enabled=yes state=started
- name: open firewall holes
firewalld: service=ssh permanent=true state=enabled immediate=yes
ansible.posix.firewalld: service=ssh permanent=true state=enabled immediate=yes
when: configure_firewall is defined and configure_firewall
tags:
- firewall
......@@ -51,7 +51,7 @@
tags: ['nginx']
- name: open firewall holes
firewalld: service=rsyncd permanent=true state=enabled immediate=yes
ansible.posix.firewalld: service=rsyncd permanent=true state=enabled immediate=yes
when: configure_firewall
tags:
- firewall
......@@ -122,7 +122,7 @@
service: name=zabbix-agent enabled=yes state=started
- name: open firewall holes
firewalld: service=zabbix-agent permanent=true state=enabled immediate=yes
ansible.posix.firewalld: service=zabbix-agent permanent=true state=enabled immediate=yes
when: configure_firewall
tags:
- firewall
......@@ -75,7 +75,7 @@
service: name=php-fpm@zabbix-web.socket state=started enabled=true
- name: open firewall holes
firewalld: service=zabbix-server permanent=true state=enabled immediate=yes
ansible.posix.firewalld: service=zabbix-server permanent=true state=enabled immediate=yes
when: configure_firewall
tags:
- firewall
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment