In general, would a problem like this be better solved by creating a bash/python script and have Ansible run it on the target machine?
Just a thought. M Sent from BlueMail On Apr 22, 2016, 12:07 PM, at 12:07 PM, Jerome Yanga <[email protected]> wrote: >I am trying to determine if iptables/firewalld is running or not. If >the >service/daemon is not running, I want to leave it that way. Otherwise, >I >would like to bounce it. Below is my attempt to perform this. If >there is >another/better way to do what I am trying to do, I am open to learn. >:) > >In vars... >net_lst6: > - { portnum: "135", inetprot: "tcp" } > - { portnum: "137:138", inetprot: "udp" } > - { portnum: "139", inetprot: "tcp" } > - { portnum: "445", inetprot: "tcp" } > >In tasks.... > - name: check iptables status > command: 'service iptables status | grep -i "not" | wc -l' > when: ansible_distribution_major_version == "6" > register: service_status > > - name: setup iptables > iptables: > chain: INPUT > protocol: "{{item.inetprot}}" > state: present > destination_port: "{{item.portnum}}" > when: ( "ansible_distribution_major_version" == "6" ) and ( >"service_status" != "1" ) > with_items: "{{net_lst6}}" > notify: restart iptables > >I am getting the error below. >TASK [test : check iptables status] ******************************** >fatal: [server1]: FAILED! => {"changed": true, "cmd": ["service", >"iptables", "status", "|", "grep", "-i", "not", "|", "wc", "-l"], >"delta": >"0:00:00.066634", "end": "2016-04-22 08:51:36.866972", "failed": true, >"rc": 3, "start": "2016-04-22 08:51:36.800338", "stderr": "", "stdout": > >"iptables: Firewall is not running.", "stdout_lines": ["iptables: >Firewall >is not running."], "warnings": ["Consider using service module rather >than >running service"]} > >Help. > >Thank you in advance. > >Regards, >J > >-- >You received this message because you are subscribed to the Google >Groups "Ansible Project" group. >To unsubscribe from this group and stop receiving emails from it, send >an email to [email protected]. >To post to this group, send email to [email protected]. >To view this discussion on the web visit >https://groups.google.com/d/msgid/ansible-project/1c20b117-81c4-4492-8410-f9089aae7a60%40googlegroups.com. >For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1e7dbaab-1a87-456c-bb05-c5e035d27873%40typeapp.com. For more options, visit https://groups.google.com/d/optout.
