英文:
Validate firewalld config with ansible
问题
validate: "firewall-cmd --check-config /etc/firewalld/firewalld.conf"
英文:
I'm using ansible to configure firewalld.
The lineinfile
module has a validate
parameter, which I'd like to use to validate my config.
I tried this:
- name: config firewalld
become: true
ansible.builtin.lineinfile:
path: /etc/firewalld/firewalld.conf
regexp: "^#?FirewallBackend"
line: "FirewallBackend=iptables"
state: present
validate: firewall-cmd --check-config # <--------------
But I get an ansible error:
> validate must contain %s: firewall-cmd --check-config
That's because it's expecting the path to the file (%s
).
I consulted the docs for --check-config
to find a way to specify the config file's path, but couldn't find anything.
Is there a way to do this? I could run a raw sudo firewall-cmd --check-config
, but I'm hoping there's a native ansible way to do this.
答案1
得分: 0
Here is the translated code section:
- name: 修改配置
become: true
# ...
register: result1
- name: 修改配置
become: true
# ...
register: result2
- name: 修改配置
become: true
# ...
register: result3
- name: 验证配置
become: true
command: firewall-cmd --check-config
when: result1 is changed or result2 is changed or result3 is changed
notify: "重新加载 firewalld"
Please note that I've translated the comments as placeholders, and the YAML structure remains the same.
英文:
From detail on the repo, looks like this isn't possible to do cleanly with ansible. So here's a workaround:
- name: modify config
become: true
# ...
register: result1
- name: modify config
become: true
# ...
register: result2
- name: modify config
become: true
# ...
register: result3
- name: validate config
become: true
command: firewall-cmd --check-config
when: result1 is changed or result2 is changed or result3 is changed
notify: "reload firewalld"
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论