I've recently set up fail2ban for ssh on one of my servers
using https://galaxy.ansible.com/tersmitten/fail2ban/ . This was very
easy, and I'm loving galaxy.
Now, I'm wanting to extend fail2ban to also block IPs that have failed
basic auth checks in Apache too many times. Since all my hosts run ssh,
but not all run Apache, I've created a new role for this (cleverly named
'apache', while the first is 'common'). However, as shown in the fail2ban
role's README, configuration of individual services is done with an array,
fail2ban_services, and redefining that in my apache role overwrites what
was defined in common (or, due to timing, vice versa).
I've seen that I can change the hash behavior[0], which would seem to do
what I want. I'm wary of this, however, since it's a global change.
There is also the combine filter for jinja[1], but reports[2] indicate I
can't do what I want, which would be
fail2ban_services: "{{ fail2ban_services | combine({...}) }}"
Is there another method to do this combination? Or perhaps am I going
about this the wrong way, and should be architecting this differently?
Thanks.
- jph
[0]: https://docs.ansible.com/ansible/intro_configuration.html#hash-behaviour
[1]:
https://docs.ansible.com/ansible/playbooks_filters.html#combining-hashes-dictionaries
[2]: http://stackoverflow.com/a/35555008/120999
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/b94df139-0ad7-4bd8-b7cc-6e3f258cf646%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
