Server IP : 85.214.239.14 / Your IP : 18.118.28.160 Web Server : Apache/2.4.62 (Debian) System : Linux h2886529.stratoserver.net 4.9.0 #1 SMP Tue Jan 9 19:45:01 MSK 2024 x86_64 User : www-data ( 33) PHP Version : 7.4.18 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, MySQL : OFF | cURL : OFF | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : OFF Directory : /lib/python3/dist-packages/ansible_collections/community/general/plugins/modules/ |
Upload File : |
#!/usr/bin/python # -*- coding: utf-8 -*- # Copyright (c) 2017, Ted Trask <ttrask01@yahoo.com> # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later from __future__ import absolute_import, division, print_function __metaclass__ = type DOCUMENTATION = r''' --- module: awall short_description: Manage awall policies author: Ted Trask (@tdtrask) <ttrask01@yahoo.com> description: - This modules allows for enable/disable/activate of C(awall) policies. - Alpine Wall (I(awall)) generates a firewall configuration from the enabled policy files and activates the configuration on the system. extends_documentation_fragment: - community.general.attributes attributes: check_mode: support: full diff_mode: support: none options: name: description: - One or more policy names. type: list elements: str state: description: - Whether the policies should be enabled or disabled. type: str choices: [ disabled, enabled ] default: enabled activate: description: - Activate the new firewall rules. - Can be run with other steps or on its own. - Idempotency is affected if I(activate=true), as the module will always report a changed state. type: bool default: false notes: - At least one of I(name) and I(activate) is required. ''' EXAMPLES = r''' - name: Enable "foo" and "bar" policy community.general.awall: name: [ foo bar ] state: enabled - name: Disable "foo" and "bar" policy and activate new rules community.general.awall: name: - foo - bar state: disabled activate: false - name: Activate currently enabled firewall rules community.general.awall: activate: true ''' RETURN = ''' # ''' import re from ansible.module_utils.basic import AnsibleModule def activate(module): cmd = "%s activate --force" % (AWALL_PATH) rc, stdout, stderr = module.run_command(cmd) if rc == 0: return True else: module.fail_json(msg="could not activate new rules", stdout=stdout, stderr=stderr) def is_policy_enabled(module, name): cmd = "%s list" % (AWALL_PATH) rc, stdout, stderr = module.run_command(cmd) if re.search(r"^%s\s+enabled" % name, stdout, re.MULTILINE): return True return False def enable_policy(module, names, act): policies = [] for name in names: if not is_policy_enabled(module, name): policies.append(name) if not policies: module.exit_json(changed=False, msg="policy(ies) already enabled") names = " ".join(policies) if module.check_mode: cmd = "%s list" % (AWALL_PATH) else: cmd = "%s enable %s" % (AWALL_PATH, names) rc, stdout, stderr = module.run_command(cmd) if rc != 0: module.fail_json(msg="failed to enable %s" % names, stdout=stdout, stderr=stderr) if act and not module.check_mode: activate(module) module.exit_json(changed=True, msg="enabled awall policy(ies): %s" % names) def disable_policy(module, names, act): policies = [] for name in names: if is_policy_enabled(module, name): policies.append(name) if not policies: module.exit_json(changed=False, msg="policy(ies) already disabled") names = " ".join(policies) if module.check_mode: cmd = "%s list" % (AWALL_PATH) else: cmd = "%s disable %s" % (AWALL_PATH, names) rc, stdout, stderr = module.run_command(cmd) if rc != 0: module.fail_json(msg="failed to disable %s" % names, stdout=stdout, stderr=stderr) if act and not module.check_mode: activate(module) module.exit_json(changed=True, msg="disabled awall policy(ies): %s" % names) def main(): module = AnsibleModule( argument_spec=dict( state=dict(type='str', default='enabled', choices=['disabled', 'enabled']), name=dict(type='list', elements='str'), activate=dict(type='bool', default=False), ), required_one_of=[['name', 'activate']], supports_check_mode=True, ) global AWALL_PATH AWALL_PATH = module.get_bin_path('awall', required=True) p = module.params if p['name']: if p['state'] == 'enabled': enable_policy(module, p['name'], p['activate']) elif p['state'] == 'disabled': disable_policy(module, p['name'], p['activate']) if p['activate']: if not module.check_mode: activate(module) module.exit_json(changed=True, msg="activated awall rules") module.fail_json(msg="no action defined") if __name__ == '__main__': main()