解决方案是使用实用程序注册一个命令,at该命令将在超时后完全禁用防火墙。如果剧本成功地继续到末尾,则命令将被取消。
下面的示例使用UFW,但它可以适用于任何其他服务。
- name: Install package ufw
apt:
name: [at, ufw]
state: present
- block:
- name: Make sure to disable the firewall later if something goes wrong
ansible.posix.at:
command: "{{ firewall_disable_ufw }}"
count: 3
units: minutes
changed_when: false
# All tasks that modify the firewall go in here.
- name: Cancel the above safety firewall disable command
ansible.posix.at:
command: "{{ firewall_disable_ufw }}"
state: absent
changed_when: false
rescue:
- fail:
msg: >-
WARNING: Task '{{ ansible_failed_task.name }}' failed.
Firewall will be disabled soon by an `at` command
`{{ firewall_disable_ufw }}`
vars:
firewall_disable_ufw: "systemctl disable --now ufw.service"
使用block:/rescue:并不是真正必要的,但它提供了整个块的良好视觉划分,并在剧本失败时提供更好的错误消息。
| 归档时间: |
|
| 查看次数: |
164 次 |
| 最近记录: |