summaryrefslogtreecommitdiffstats
path: root/roles/common
diff options
context:
space:
mode:
Diffstat (limited to 'roles/common')
-rw-r--r--roles/common/handlers/main.yml3
-rw-r--r--roles/common/tasks/fail2ban.yml2
-rw-r--r--roles/common/tasks/ipsec.yml3
-rw-r--r--roles/common/tasks/samhain.yml2
4 files changed, 10 insertions, 0 deletions
diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml
index 9cae8bf..56b37e7 100644
--- a/roles/common/handlers/main.yml
+++ b/roles/common/handlers/main.yml
@@ -1,3 +1,6 @@
+# 'service: name=... state=started' tasks should NOT run if there is a
+# corresponding state=restarted handler. (Register the task notifying
+# the handler, and add a conditional.)
---
- name: Refresh hostname
service: name=hostname.sh state=restarted
diff --git a/roles/common/tasks/fail2ban.yml b/roles/common/tasks/fail2ban.yml
index 3c13d8c..d5007b9 100644
--- a/roles/common/tasks/fail2ban.yml
+++ b/roles/common/tasks/fail2ban.yml
@@ -6,10 +6,12 @@
dest=/etc/fail2ban/jail.local
owner=root group=root
mode=0644
+ register: r
notify:
- Restart fail2ban
- name: Start fail2ban
service: name=fail2ban state=started
+ when: not r.changed
- meta: flush_handlers
diff --git a/roles/common/tasks/ipsec.yml b/roles/common/tasks/ipsec.yml
index 1f33946..619c093 100644
--- a/roles/common/tasks/ipsec.yml
+++ b/roles/common/tasks/ipsec.yml
@@ -27,6 +27,7 @@
dest=/etc/ipsec.secrets
owner=root group=root
mode=0600
+ register: r1
notify:
- Restart IPSec
@@ -35,11 +36,13 @@
dest=/etc/ipsec.conf
owner=root group=root
mode=0644
+ register: r2
notify:
- Restart IPSec
- name: Start IPSec
service: name=ipsec state=started
+ when: not (r1.changed or r2.changed)
- name: Auto-create a dedicated interface for IPSec
copy: src=etc/network/if-up.d/ipsec
diff --git a/roles/common/tasks/samhain.yml b/roles/common/tasks/samhain.yml
index cbc0b5e..768ceb6 100644
--- a/roles/common/tasks/samhain.yml
+++ b/roles/common/tasks/samhain.yml
@@ -17,6 +17,8 @@
- Reload samhain
- name: Start samhain
+ # This task is inconditional because samhain is reloaded not
+ # restarted.
service: name=samhain state=started
- meta: flush_handlers