From 9e90c67fe88e527fbb04b3322cce3fc23fd3ca70 Mon Sep 17 00:00:00 2001
From: Jose <joseraj@gmail.com>
Date: Wed, 25 Feb 2026 17:59:13 +0100
Subject: [PATCH] =?UTF-8?q?refactor=20=E2=99=BB=EF=B8=8F:=20Refactor=20fai?=
 =?UTF-8?q?l2ban.yml=20to=20use=20fw=5Fcompile=5Fcheck.rc=20for=20failure?=
 =?UTF-8?q?=20checks?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This refactoring updates the fail2ban configuration to utilize a new script, `fw_compile_check.rc`, for handling failure checks. This change aims to streamline the process and improve reliability by centralizing the logic in a dedicated script.
---
 tasks/fail2ban.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tasks/fail2ban.yml b/tasks/fail2ban.yml
index a8ca79d..e876617 100644
--- a/tasks/fail2ban.yml
+++ b/tasks/fail2ban.yml
@@ -88,7 +88,7 @@
   ansible.builtin.command: pve-firewall compile
   register: compiled_fw
   changed_when: false
-  failed_when: fw_compile_check.rc != 0
+  failed_when: compiled_fw.rc != 0
   when: cluster_status.stat.exists
 
 - name: fail2ban | Fail if corosync ports are being dropped
@@ -171,8 +171,8 @@
   ansible.builtin.command: pve-firewall compile
   when: ipset_change.changed or rule_change.changed
   changed_when: false
-  failed_when: fw_compile_check.rc != 0
   register: fw_compile_check
+  failed_when: fw_compile_check.rc != 0
 
 # Then automatically whitelist it in Fail2Ban:
 # ignoreip = 127.0.0.1/8 {{ corosync_ip.stdout }}