Complete playbook 'install-update-firewall.yml'.

2019-07-04 03:55:40 +02:00
parent 505cdbf120
commit 63de7170de
11 changed files with 533 additions and 24 deletions
--- a/scripts/test.yml
+++ b/scripts/test.yml
@ -4,16 +4,52 @@


  tasks:
-  
-  - name: Get sshd ports as blank separated list
-    set_fact:
-      fw_sshd_ports: "{{ sshd_ports | join (' ') }}"
-    when: 
-      - sshd_ports is defined and sshd_ports | length > 0
-      - sshd_ports|join() != "22"

-  - name: Set default sshd ports
+  - name: define traditional ethernet facts
    set_fact:
-      fw_sshd_ports: "$standard_ssh_port"
-    when: 
-      - sshd_ports is not defined or sshd_ports | length == 0 or sshd_ports|join() == "22"
+      ansible_netdev: "{% set ansible_netdev = ansible_netdev|default([]) + [hostvars[inventory_hostname]['ansible_' + item]] %}{{ ansible_netdev|list }}"
+    when:
+      - hostvars[inventory_hostname]['ansible_' + item]['type'] is defined
+      - hostvars[inventory_hostname]['ansible_' + item]['type'] == 'ether'
+      - inventory_hostname not in groups['lxc_host']|string
+    with_items:
+      - "{{ hostvars[inventory_hostname]['ansible_interfaces'] }}"
+
+  - name: define traditional bridge facts
+    set_fact:
+      ansible_netdev: "{% set ansible_netdev = ansible_netdev|default([]) + [hostvars[inventory_hostname]['ansible_' + item]] %}{{ ansible_netdev|list }}"
+    when:
+      - hostvars[inventory_hostname]['ansible_' + item]['type'] is defined
+      - hostvars[inventory_hostname]['ansible_' + item]['type'] == 'bridge'
+      - "groups['lxc_host']|string is search(inventory_hostname)"
+    with_items:
+      - "{{ hostvars[inventory_hostname]['ansible_interfaces'] }}"
+
+  - name: set fact - ipv6 / ipv4 addresses
+    set_fact: 
+      host_ipv6_addr: "{% set host_ipv6_addr =  item.ipv6.0.address  + ' ' +  (item.ipv6.1.address is match 'f.*') | ternary('',item.ipv6.1.address)  %}{{ host_ipv6_addr | trim }}"
+      host_ipv4_addr: "{% set host_ipv4_addr = item.ipv4.address %}{{  host_ipv4_addr| trim }}"
+    when: "item.ipv6.0.address is defined and item.ipv6.0.address|length > 0"
+    loop: "{{ ansible_netdev }}"
+    loop_control:
+      label: "{{ item.device }}"
+
+  - name: Debug message
+    debug:
+       msg:
+         - "index: {{ idx + 1 }}"
+         - "device: {{ item.device }}"
+         - "ipv4-address: {{ item.ipv4.address }}"
+         - "ipv4-address: {{ host_ipv4_addr }}"
+         - "ipv6-address: {{ host_ipv6_addr }}"
+         - "ipv6-address: {{ item.ipv6.0.address }}{{ (item.ipv6.1.address is match 'f.*') | ternary('', ' ' + item.ipv6.1.address) }}"
+    loop: "{{ ansible_netdev }}"
+    loop_control:
+      label: "{{ item.device }}"
+      index_var: idx
+    when: "item.ipv6.0.address is defined and item.ipv6.0.address|length > 0"
+
+
+#  - name: Debug message - ipv6-address(es)
+#    debug:
+#       msg: 'Ipv6 Address(es): {{ ansible_ipv6 }}'