carroarmato0/ansible.posix
1
0
Fork 0
mirror of https://github.com/ansible-collections/ansible.posix.git synced 2026-01-12 07:35:31 +01:00
Code Issues Projects Releases Packages Wiki Activity

docs: firewalld: use both permanent and immediate

Browse source 
While the docs quite clearly say what each of these options is doing,
defaults matter. I'm only using Ansible every now and then (and most of
the time it's for writing my CI playbooks for Zuul-CI, not for
configuring system services). I took a shortcut by looking at the
examples at the bottom of the doc page, and I almost wrote a loop with a
dictionary for enabling both HTTP and HTTPS services and making that
change immediate *and* permanent at the same time, while cursing about
those ****** who wrote a crappy module which -- apparently -- has to be
executed twice to do the sensible thing because everything is controlled
by a single boolean. Then I discovered the `immediate` parameter, and
realized that it is in fact controlled by a pair of booleans. Then I
consulted my other playbook which configures a system, not a CI job, and
discovered that I knew about these booleans back in 2019 when I used the
firewalld module for the last time. Maybe I am the ***** after all.

Since it's perfectly OK to set both variables to true, and since people
tend to want to use both in sync anyway (idempotent configurations and
what not), let's use that in the examples. Examples matter.
This commit is contained in:
Jan Kundrát 2023-03-09 23:16:19 +01:00
parent 41d8029ef5
commit afbff86eea
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
docs/ansible.posix.firewalld_module.rst
View file

@ -415,28 +415,33 @@ Examples
ansible.posix.firewalld: ansible.posix.firewalld:
service: https service: https
permanent: yes permanent: yes
immediate: yes
state: enabled state: enabled
- name: do not permit traffic in default zone on port 8081/tcp - name: do not permit traffic in default zone on port 8081/tcp
ansible.posix.firewalld: ansible.posix.firewalld:
port: 8081/tcp port: 8081/tcp
permanent: yes permanent: yes
immediate: yes
state: disabled state: disabled
- ansible.posix.firewalld: - ansible.posix.firewalld:
port: 161-162/udp port: 161-162/udp
permanent: yes permanent: yes
immediate: yes
state: enabled state: enabled
- ansible.posix.firewalld: - ansible.posix.firewalld:
zone: dmz zone: dmz
service: http service: http
permanent: yes permanent: yes
immediate: yes
state: enabled state: enabled
- ansible.posix.firewalld: - ansible.posix.firewalld:
rich_rule: rule service name="ftp" audit limit value="1/m" accept rich_rule: rule service name="ftp" audit limit value="1/m" accept
permanent: yes permanent: yes
immediate: yes
state: enabled state: enabled
- ansible.posix.firewalld: - ansible.posix.firewalld:
@ -448,35 +453,41 @@ Examples
zone: trusted zone: trusted
interface: eth2 interface: eth2
permanent: yes permanent: yes
immediate: yes
state: enabled state: enabled
- ansible.posix.firewalld: - ansible.posix.firewalld:
masquerade: yes masquerade: yes
state: enabled state: enabled
permanent: yes permanent: yes
immediate: yes
zone: dmz zone: dmz
- ansible.posix.firewalld: - ansible.posix.firewalld:
zone: custom zone: custom
state: present state: present
permanent: yes permanent: yes
immediate: yes
- ansible.posix.firewalld: - ansible.posix.firewalld:
zone: drop zone: drop
state: enabled state: enabled
permanent: yes permanent: yes
immediate: yes
icmp_block_inversion: yes icmp_block_inversion: yes
- ansible.posix.firewalld: - ansible.posix.firewalld:
zone: drop zone: drop
state: enabled state: enabled
permanent: yes permanent: yes
immediate: yes
icmp_block: echo-request icmp_block: echo-request
- ansible.posix.firewalld: - ansible.posix.firewalld:
zone: internal zone: internal
state: present state: present
permanent: yes permanent: yes
immediate: yes
target: ACCEPT target: ACCEPT
- name: Redirect port 443 to 8443 with Rich Rule - name: Redirect port 443 to 8443 with Rich Rule