diff options
Diffstat (limited to 'roles')
-rw-r--r-- | roles/common/handlers/main.yml | 3 | ||||
-rw-r--r-- | roles/common/tasks/fail2ban.yml | 2 | ||||
-rw-r--r-- | roles/common/tasks/ipsec.yml | 3 | ||||
-rw-r--r-- | roles/common/tasks/samhain.yml | 2 |
4 files changed, 10 insertions, 0 deletions
diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml index 9cae8bf..56b37e7 100644 --- a/roles/common/handlers/main.yml +++ b/roles/common/handlers/main.yml @@ -1,3 +1,6 @@ +# 'service: name=... state=started' tasks should NOT run if there is a +# corresponding state=restarted handler. (Register the task notifying +# the handler, and add a conditional.) --- - name: Refresh hostname service: name=hostname.sh state=restarted diff --git a/roles/common/tasks/fail2ban.yml b/roles/common/tasks/fail2ban.yml index 3c13d8c..d5007b9 100644 --- a/roles/common/tasks/fail2ban.yml +++ b/roles/common/tasks/fail2ban.yml @@ -6,10 +6,12 @@ dest=/etc/fail2ban/jail.local owner=root group=root mode=0644 + register: r notify: - Restart fail2ban - name: Start fail2ban service: name=fail2ban state=started + when: not r.changed - meta: flush_handlers diff --git a/roles/common/tasks/ipsec.yml b/roles/common/tasks/ipsec.yml index 1f33946..619c093 100644 --- a/roles/common/tasks/ipsec.yml +++ b/roles/common/tasks/ipsec.yml @@ -27,6 +27,7 @@ dest=/etc/ipsec.secrets owner=root group=root mode=0600 + register: r1 notify: - Restart IPSec @@ -35,11 +36,13 @@ dest=/etc/ipsec.conf owner=root group=root mode=0644 + register: r2 notify: - Restart IPSec - name: Start IPSec service: name=ipsec state=started + when: not (r1.changed or r2.changed) - name: Auto-create a dedicated interface for IPSec copy: src=etc/network/if-up.d/ipsec diff --git a/roles/common/tasks/samhain.yml b/roles/common/tasks/samhain.yml index cbc0b5e..768ceb6 100644 --- a/roles/common/tasks/samhain.yml +++ b/roles/common/tasks/samhain.yml @@ -17,6 +17,8 @@ - Reload samhain - name: Start samhain + # This task is inconditional because samhain is reloaded not + # restarted. service: name=samhain state=started - meta: flush_handlers |