Jose/ansible_role_proxmox_provision
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat : Add conditional execution for reloading PVE firewall
Some checks failed
ansible-lint / Ansible Lint (push) Failing after 7s
Details
Gitleaks Scan / gitleaks (push) Successful in 5s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details

Browse Source 
This commit introduces a new feature that allows conditional execution of the PVE firewall reload command based on certain conditions, enhancing flexibility and control over firewall management.
This commit is contained in:
Jose
2026-02-24 18:56:02 +01:00
parent 432ec97292
commit 674f014be3
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
handlers/main.yml
View File

@@ -35,8 +35,9 @@
- name: Restart fail2ban - name: Restart fail2ban
ansible.builtin.systemd: ansible.builtin.systemd:
name: fail2ban name: fail2ban
state: restarted state: reloaded
- name: Reload pve firewall - name: Reload pve firewall
ansible.builtin.command: pve-firewall reload ansible.builtin.command: pve-firewall reload
when: fw_compile_check.rc == 0
changed_when: false changed_when: false

5
tasks/fail2ban.yml
View File

@@ -148,6 +148,11 @@
changed_when: false changed_when: false
when: cluster_status.stat.exists when: cluster_status.stat.exists
- name: Validate Proxmox firewall configuration
ansible.builtin.command: pve-firewall compile
register: fw_compile_check
changed_when: false
# Then automatically whitelist it in Fail2Ban: # Then automatically whitelist it in Fail2Ban:
# ignoreip = 127.0.0.1/8 {{ corosync_ip.stdout }} # ignoreip = 127.0.0.1/8 {{ corosync_ip.stdout }}