diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2013-11-04 04:49:58 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:50:41 +0200 |
| commit | 02815e8bb46fffc28464162c26e98985bdfd8810 (patch) | |
| tree | 139d11eb702ab744f7d37f248065e6146410f3bd | |
| parent | 89fd6c4ac7c1a0c2b8529c644caeaa79159e81fe (diff) | |
Flush pending handlers between each include.
In particular, run 'apt-get update' right after configured APT, and
restart daemon right after configured them.
The advantage being that if ansible crashes in some "task", the earlier
would already be restarted if neeeded. (This may not happen in the next
run since the configuration should already be up to date.)
| -rw-r--r-- | roles/common/tasks/apt.yml | 3 | ||||
| -rw-r--r-- | roles/common/tasks/fail2ban.yml | 2 | ||||
| -rw-r--r-- | roles/common/tasks/hosts.yml | 2 | ||||
| -rw-r--r-- | roles/common/tasks/ipsec.yml | 2 | ||||
| -rw-r--r-- | roles/common/tasks/rkhunter.yml | 2 | ||||
| -rw-r--r-- | roles/common/tasks/samhain.yml | 2 |
6 files changed, 13 insertions, 0 deletions
diff --git a/roles/common/tasks/apt.yml b/roles/common/tasks/apt.yml index 030709b..d172384 100644 --- a/roles/common/tasks/apt.yml +++ b/roles/common/tasks/apt.yml @@ -22,20 +22,23 @@ with_items: - sources.list - preferences notify: - apt-get update - name: Configure APT (2) copy: src=etc/apt/{{ item }} dest=/etc/apt/{{ item }} owner=root group=root mode=0644 with_items: - listchanges.conf - apt.conf.d/10periodic - apt.conf.d/50unattended-upgrades - name: Start cron service: name=cron state=started tags: - cron + +# We should run 'apt-get update' before proceeding to any other task. +- meta: flush_handlers diff --git a/roles/common/tasks/fail2ban.yml b/roles/common/tasks/fail2ban.yml index ccfeaa6..3c13d8c 100644 --- a/roles/common/tasks/fail2ban.yml +++ b/roles/common/tasks/fail2ban.yml @@ -1,13 +1,15 @@ - name: Install fail2ban apt: pkg=fail2ban - name: Configure fail2ban template: src=etc/fail2ban/jail.local.j2 dest=/etc/fail2ban/jail.local owner=root group=root mode=0644 notify: - Restart fail2ban - name: Start fail2ban service: name=fail2ban state=started + +- meta: flush_handlers diff --git a/roles/common/tasks/hosts.yml b/roles/common/tasks/hosts.yml index 18ccfd9..f818635 100644 --- a/roles/common/tasks/hosts.yml +++ b/roles/common/tasks/hosts.yml @@ -8,20 +8,22 @@ - Refresh hostname - name: Set mailname template: src=etc/mailname.j2 dest=/etc/mailname owner=root group=root mode=0644 tags: mailname - name: Fix /etc/hosts (1) lineinfile: dest=/etc/hosts create=yes regexp="^127\.0\.0\.1\s+" line="127.0.0.1 localhost" tags: hosts - name: Fix /etc/hosts (2) lineinfile: dest=/etc/hosts create=yes regexp="^127\.0\.1\.1\s+" line="127.0.1.1 {{ inventory_hostname }} {{ inventory_hostname_short }}" tags: hosts + +- meta: flush_handlers diff --git a/roles/common/tasks/ipsec.yml b/roles/common/tasks/ipsec.yml index 2196728..1f33946 100644 --- a/roles/common/tasks/ipsec.yml +++ b/roles/common/tasks/ipsec.yml @@ -39,20 +39,22 @@ - Restart IPSec - name: Start IPSec service: name=ipsec state=started - name: Auto-create a dedicated interface for IPSec copy: src=etc/network/if-up.d/ipsec dest=/etc/network/if-up.d/ipsec owner=root group=root mode=0755 notify: - Reload networking # XXX: As of 1.3.1 ansible doesn't accept relative src. # See https://github.com/ansible/ansible/issues/4459 - name: Auto-deactivate the dedicated interface for IPSec file: #src=../if-up.d/ipsec src=/etc/network/if-up.d/ipsec dest=/etc/network/if-down.d/ipsec owner=root group=root state=link + +- meta: flush_handlers diff --git a/roles/common/tasks/rkhunter.yml b/roles/common/tasks/rkhunter.yml index 144430e..f6a4d71 100644 --- a/roles/common/tasks/rkhunter.yml +++ b/roles/common/tasks/rkhunter.yml @@ -3,20 +3,22 @@ with_items: - rkhunter - curl - iproute - lsof - unhide - unhide.rb - name: Configure rkhunter copy: src=etc/{{ item }} dest=/etc/{{ item }} owner=root group=root mode=0644 with_items: - rkhunter.conf - default/rkhunter notify: # This might not always be necessary, but it's not like we would # change the config every day... - Update rkhunter's data file + +- meta: flush_handlers diff --git a/roles/common/tasks/samhain.yml b/roles/common/tasks/samhain.yml index 90ea754..cbc0b5e 100644 --- a/roles/common/tasks/samhain.yml +++ b/roles/common/tasks/samhain.yml @@ -1,20 +1,22 @@ - name: Install samhain apt: pkg=samhain # XXX: Doesn't work out of the box, see #660197. # If this is the first installation, you may want to start with a fresh database # sudo service samhain stop # sudo rm /var/state/samhain/samhain_file # sudo samhain -t init -p warn # sudo service samhain start # sudo samhain -t update -l none - name: Configure samhain copy: src=etc/samhain/samhainrc dest=/etc/samhain/samhainrc owner=root group=root mode=0644 notify: - Reload samhain - name: Start samhain service: name=samhain state=started + +- meta: flush_handlers |