Ansible roles
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

56 lines
1.5 KiB

---
- when: crowdsec_fw_install_mode != 'none'
block:
- name: Download the bouncer
get_url:
url: "{{ crowdsec_fw_archive_url }}"
dest: /tmp
checksum: sha1:{{ crowdsec_fw_archive_sha1 }}
- name: Extract the archive
unarchive:
src: /tmp/cs-firewall-bouncer.tgz
dest: /tmp
remote_src: True
- name: Install or upgrade
command: ./{{ crowdsec_fw_install_mode }}.sh
args:
chdir: /tmp/cs-firewall-bouncer-v{{ crowdsec_fw_version }}
notify: restart cs-firewall-bouncer
tags: crowdsec
- name: Create systemd unit snippet dir
file: path=/etc/systemd/system/cs-firewall-bouncer.service.d state=directory
tags: crowdsec
- name: Link cs-firewall-bouncer with the iptables service
copy:
content: |
[Unit]
{% if ansible_os_family == 'RedHat' or ansible_os_family == 'Debian' %}
# Ensure cs-firewall-bouncer starts before iptables
# so ipset are available
Before={{ (ansible_os_family == 'Debian') | ternary('netfilter-persistent','iptables') }}.service
{% endif %}
# It should start after crowdsec to be able to register on the API
After=crowdsec.service
[Service]
# Restart on failure
Restart=on-failure
StartLimitInterval=0
RestartSec=30
dest: /etc/systemd/system/cs-firewall-bouncer.service.d/ansible.conf
register: crodwsec_fw_unit
notify: restart cs-firewall-bouncer
tags: crowdsec
- name: Reload systemd
systemd: daemon_reload=True
when: crodwsec_fw_unit.changed
tags: crowdsec