When using the templates module, I find running ansible-playbook --check
--diff really useful. If anything has been added to or removed from the
config file on the server for any reason, ansible shows it shows me the
diff.
My question is if there is any way to achieve similar functionality when
using the firewalld module. Let's say for example I have a play like this:
- name: Add source addresses to zone
firewalld:
source: "{{ item }}"
zone: privateAccess
state: enabled
permanent: true
with_items:
- 10.0.0.0/8 # VPN range
- 198.51.100.137/32 # main office IP address
- 203.0.113.0/24 # datacentre public network range
If someone removed one of those IP addresses from the zone for some reason,
--check --diff mode will tell me they're missing, but unlike the case with
the templates module, if someone added their home IP address to the
privateAccess zone on the server manually, running the playbook in --check
--diff mode won't tell me that this item has changed.
If I want to ensure that only those IP address ranges specified are
configured as source addresses for the zone I could of course delete the
zone and re-create it from scratch, but if I did that, --check mode
no-longer works at all; the delete zone, create zone and add source
addresses to zone steps will always report that they have changed.
Is there a way to make --check --diff mode report that IP addresses were
present in the zone on the server that are not specified in the ansible
playbook?
Thanks very much,
--
James Birkett
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/e457e417-e404-45f6-95db-e410477d9b2d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
