Changeset - 834c3a4d591a
Parent rev.
Child rev.
[Not reviewed]
0 1 0
Branko Majic (branko) - 14 months ago 2024-09-22 22:43:34
branko@majic.rs
MAR-218: Use built-in module for diverting the ferm binary.
1 file changed with 5 insertions and 6 deletions:
roles/common/tasks/main.yml
5
6
0 comments (0 inline, 0 general)
roles/common/tasks/main.yml
Show inline comments
 
@@ -211,18 +211,17 @@
 
  #   applications depending on deployed CA certificates can use them to
 
  #   validate server/client certificates.
 
  ansible.builtin.command: "/usr/sbin/update-ca-certificates --fresh"
 
  when: deploy_ca_certificates_result.changed
 
  changed_when: true  # Always results in change due to task logic.
 

			




	
	
	
		
 
- name: Set-up file diversions for custom files that overrride package-provided ones

			




	
	
	
		
 
  ansible.builtin.command: "dpkg-divert --divert '{{ item }}.original' --rename '{{ item }}'"

			




	
	
	
		
 
  register: "dpkg_divert"

			




	
	
	
		
 
  changed_when: "'Adding' in dpkg_divert.stdout"

			




	
	
	
		
 
  with_items:

			




	
	
	
		
 
    - "/usr/sbin/ferm"

			




	
	
	
		
 
- name: Set-up file diversion for custom ferm binary

			




	
	
	
		
 
  community.general.dpkg_divert:

			




	
	
	
		
 
    path: "/usr/sbin/ferm"

			




	
	
	
		
 
    divert: "/usr/sbin/ferm.original"

			




	
	
	
		
 
    rename: true

			




	
	
	
		
 
  notify:

			




	
	
	
		
 
    - Restart ferm

			




	
	
	
		
 

			




	
	
	
		
 
- name: Deploy the patched ferm binary that disables use of legacy iptables

			




	
	
	
		
 
  ansible.builtin.copy:

			




	
	
	
		
 
    src: ferm_binary

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.