diff options
| author | clyhtsuriva <aimeric@adjutor.xyz> | 2025-03-19 21:23:18 +0100 |
|---|---|---|
| committer | clyhtsuriva <aimeric@adjutor.xyz> | 2025-03-19 21:23:18 +0100 |
| commit | 503de953a9be6d8d57495ef400f1341b3888f3f0 (patch) | |
| tree | 29a7041a85ba9c90967ffff61115ed008f7d6c6a | |
| parent | c1daa61121ad6800bff06e9b194d402a511d67a8 (diff) | |
ansible: add notifys to restart ufw w/ handlers
| -rw-r--r-- | ansible/roles/common/tasks/ufw.yml | 3 | ||||
| -rw-r--r-- | ansible/roles/k8s/tasks/ufw.yml | 7 | ||||
| -rw-r--r-- | ansible/roles/nginx/handlers/main.yml | 6 | ||||
| -rw-r--r-- | ansible/roles/nginx/tasks/update_nginx.yml | 6 |
4 files changed, 16 insertions, 6 deletions
diff --git a/ansible/roles/common/tasks/ufw.yml b/ansible/roles/common/tasks/ufw.yml index 155579f..aa8777b 100644 --- a/ansible/roles/common/tasks/ufw.yml +++ b/ansible/roles/common/tasks/ufw.yml @@ -9,6 +9,7 @@ rule: allow name: OpenSSH comment: "Allow SSH" + notify: Restart UFW - name: Allow HTTP community.general.ufw: @@ -16,6 +17,7 @@ port: 80 proto: tcp comment: "Allow HTTP" + notify: Restart UFW - name: Allow HTTPS community.general.ufw: @@ -23,6 +25,7 @@ port: 443 proto: tcp comment: "Allow HTTPS" + notify: Restart UFW - name: Enable UFW community.general.ufw: diff --git a/ansible/roles/k8s/tasks/ufw.yml b/ansible/roles/k8s/tasks/ufw.yml index c4c653a..db4f27b 100644 --- a/ansible/roles/k8s/tasks/ufw.yml +++ b/ansible/roles/k8s/tasks/ufw.yml @@ -10,6 +10,7 @@ port: 6443 proto: tcp comment: "Kubernetes API server" + notify: Restart UFW - name: Allow etcd server client API (2379-2380) community.general.ufw: @@ -17,6 +18,7 @@ port: "2379:2380" proto: tcp comment: "etcd server client API" + notify: Restart UFW - name: Allow Kubelet API (10250) community.general.ufw: @@ -24,6 +26,7 @@ port: 10250 proto: tcp comment: "Kubelet API" + notify: Restart UFW - name: Allow kube-scheduler (10259) community.general.ufw: @@ -31,6 +34,7 @@ port: 10259 proto: tcp comment: "kube-scheduler" + notify: Restart UFW - name: Allow kube-controller-manager (10257) community.general.ufw: @@ -38,6 +42,7 @@ port: 10257 proto: tcp comment: "kube-controller-manager" + notify: Restart UFW - name: Allow kube-proxy (10256) community.general.ufw: @@ -45,6 +50,7 @@ port: 10256 proto: tcp comment: "kube-proxy" + notify: Restart UFW - name: Allow NodePort services (30000-32767) community.general.ufw: @@ -52,6 +58,7 @@ port: "30000:32767" proto: tcp comment: "NodePort services" + notify: Restart UFW - name: Enable UFW community.general.ufw: diff --git a/ansible/roles/nginx/handlers/main.yml b/ansible/roles/nginx/handlers/main.yml new file mode 100644 index 0000000..58ffefd --- /dev/null +++ b/ansible/roles/nginx/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: Restart Nginx + ansible.builtin.service: + name: nginx + state: restarted +... diff --git a/ansible/roles/nginx/tasks/update_nginx.yml b/ansible/roles/nginx/tasks/update_nginx.yml index 4813e6c..ffe2725 100644 --- a/ansible/roles/nginx/tasks/update_nginx.yml +++ b/ansible/roles/nginx/tasks/update_nginx.yml @@ -16,10 +16,4 @@ name: nginx state: started enabled: true - - handlers: - - name: Restart nginx - ansible.builtin.service: - name: nginx - state: restarted ... |