You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
54 lines
1.4 KiB
54 lines
1.4 KiB
3 years ago
|
---
|
||
|
|
||
|
- when: crowdsec_fw_install_mode != 'none'
|
||
|
block:
|
||
|
|
||
|
- name: Download the bouncer
|
||
|
get_url:
|
||
|
url: "{{ crowdsec_fw_archive_url }}"
|
||
|
dest: /tmp
|
||
|
checksum: sha1:{{ crowdsec_fw_archive_sha1 }}
|
||
|
|
||
|
- name: Extract the archive
|
||
|
unarchive:
|
||
|
src: /tmp/cs-firewall-bouncer.tgz
|
||
|
dest: /tmp
|
||
|
remote_src: True
|
||
|
|
||
|
- name: Install or upgrade
|
||
|
command: ./{{ crowdsec_fw_install_mode }}.sh
|
||
|
args:
|
||
|
chdir: /tmp/cs-firewall-bouncer-v{{ crowdsec_fw_version }}
|
||
|
notify: restart cs-firewall-bouncer
|
||
|
|
||
|
tags: crowdsec
|
||
|
|
||
|
- name: Create systemd unit snippet dir
|
||
|
file: path=/etc/systemd/system/cs-firewall-bouncer.service.d state=directory
|
||
|
tags: crowdsec
|
||
|
|
||
|
- name: Link cs-firewall-bouncer with the iptables service
|
||
|
copy:
|
||
|
content: |
|
||
|
[Unit]
|
||
|
# Ensure cs-firewall-bouncer starts before iptables
|
||
|
# so ipset are available
|
||
|
Before=iptables.service
|
||
|
# But it should start after crowdsec to be able to register on the API
|
||
|
After=crowdsec.service
|
||
|
|
||
|
[Service]
|
||
|
# Restart on failure
|
||
|
Restart=on-failure
|
||
|
StartLimitInterval=0
|
||
|
RestartSec=30
|
||
|
dest: /etc/systemd/system/cs-firewall-bouncer.service.d/ansible.conf
|
||
|
register: crodwsec_fw_unit
|
||
|
notify: restart cs-firewall-bouncer
|
||
|
tags: crowdsec
|
||
|
|
||
|
- name: Reload systemd
|
||
|
systemd: daemon_reload=True
|
||
|
when: crodwsec_fw_unit.changed
|
||
|
tags: crowdsec
|