Jose/ansible_role_proxmox_provision
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor ♻️: Refactor fail2ban.yml to use fw_compile_check.rc for failure checks
All checks were successful
ansible-lint / Ansible Lint (push) Successful in 13s
Details
Gitleaks Scan / gitleaks (push) Successful in 4s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details

Browse Source 
This refactoring updates the fail2ban configuration to utilize a new script, `fw_compile_check.rc`, for handling failure checks. This change aims to streamline the process and improve reliability by centralizing the logic in a dedicated script.
This commit is contained in:
Jose
2026-02-25 17:59:13 +01:00
parent 734a9c031f
commit 9e90c67fe8
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tasks/fail2ban.yml
View File

@@ -88,7 +88,7 @@
ansible.builtin.command: pve-firewall compile ansible.builtin.command: pve-firewall compile
register: compiled_fw register: compiled_fw
changed_when: false changed_when: false
failed_when: fw_compile_check.rc != 0 failed_when: compiled_fw.rc != 0
when: cluster_status.stat.exists when: cluster_status.stat.exists
- name: fail2ban | Fail if corosync ports are being dropped - name: fail2ban | Fail if corosync ports are being dropped
@@ -171,8 +171,8 @@
ansible.builtin.command: pve-firewall compile ansible.builtin.command: pve-firewall compile
when: ipset_change.changed or rule_change.changed when: ipset_change.changed or rule_change.changed
changed_when: false changed_when: false
failed_when: fw_compile_check.rc != 0
register: fw_compile_check register: fw_compile_check
failed_when: fw_compile_check.rc != 0
# Then automatically whitelist it in Fail2Ban: # Then automatically whitelist it in Fail2Ban:
# ignoreip = 127.0.0.1/8 {{ corosync_ip.stdout }} # ignoreip = 127.0.0.1/8 {{ corosync_ip.stdout }}