From 2423d9a2931f7ba8773dc6c1b7c1437c2c5482b2 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 16 Oct 2019 11:06:02 -0500 Subject: [PATCH] network guard against faulty user edits to local_vars --- roles/network/tasks/enable_services.yml | 10 +++++----- roles/network/tasks/main.yml | 2 +- roles/network/tasks/restart.yml | 4 ++-- roles/network/tasks/wondershaper.yml | 7 +++++++ 4 files changed, 15 insertions(+), 8 deletions(-) diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index 078c290c5..7bae3d211 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -2,7 +2,7 @@ service: name: dhcpd enabled: no - when: dhcpd_install and not dhcpd_enabled + when: (dhcpd_install or dhcpd_installed is defined) and not dhcpd_enabled # service is restarted with NM dispatcher.d script - name: Enable dhcpd service @@ -46,7 +46,7 @@ systemd: name: "{{ dns_service }}" enabled: no - when: named_install and not named_enabled + when: (named_install or named_installed is defined) and not named_enabled - name: Install /etc/dnsmasq.d/iiab.conf from template, when dnsmasq_enabled and isn't Appliance template: @@ -122,7 +122,7 @@ systemd: name: dansguardian enabled: no - when: dansguardian_install and not dansguardian_enabled + when: (dansguardian_install or dansguardian_installed is defined) and not dansguardian_enabled - name: Mandate 'HTTPCACHE_ON=True' in {{ iiab_env_file }}, if squid_enabled lineinfile: @@ -164,7 +164,7 @@ systemd: name: "{{ proxy }}" enabled: no - when: squid_install and not squid_enabled + when: (squid_install or squid_installed is defined) and not squid_enabled - name: Revert to 'HTTPCACHE_ON=False' if not squid_enabled lineinfile: @@ -184,7 +184,7 @@ systemd: name: wondershaper enabled: no - when: wondershaper_install and not wondershaper_enabled + when: (wondershaper_install or wondershaper_installed is defined) and not wondershaper_enabled # check-LAN should be iptables.yml remove later - name: Install clean copy of /usr/bin/iiab-gen-iptables from template diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index a97cdab28..85955936e 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -57,7 +57,7 @@ - name: Configure wondershaper include_tasks: wondershaper.yml - when: wondershaper_install | bool + when: wondershaper_install | bool or wondershaper_installed is defined tags: - network - wondershaper diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 20d344e19..9a7c90dfc 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -15,13 +15,13 @@ name: "{{ proxy }}" state: stopped async: 120 - when: squid_install | bool + when: squid_install | bool or squid_installed is defined - name: Stop DansGuardian systemd: name: dansguardian state: stopped - when: dansguardian_install | bool + when: dansguardian_install | bool or dansguardian_installed is defined - name: Restart DansGuardian service (dansguardian) except Ubuntu which needs reboot to activate systemd: diff --git a/roles/network/tasks/wondershaper.yml b/roles/network/tasks/wondershaper.yml index 6f62922af..884e5d4e5 100644 --- a/roles/network/tasks/wondershaper.yml +++ b/roles/network/tasks/wondershaper.yml @@ -38,6 +38,13 @@ group: root state: link +- name: Add 'wondershaper_installed' variable values to {{ iiab_installed }} + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^wondershaper_installed' + line: 'wondershaper_installed: True' + state: present + - name: Add 'wondershaper' variable values to {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}"