feat: add option to ignore zones not managed by ansible

2023-02-19 20:59:55 +01:00 · 2023-02-19 20:59:55 +01:00 · a0b3585f86
parent 1cb48879c4
commit a0b3585f86
2 changed files with 6 additions and 2 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -108,3 +108,5 @@ firewalld_zones:
      - name: dhcpv6-client
      - name: cockpit
 firewalld_zones_extra: []
+
+firewalld_zones_unmanaged: []
--- a/tasks/setup.yml
+++ b/tasks/setup.yml
@ -73,7 +73,7 @@
        src: etc/firewalld/zones/zone.xml.j2
        dest: /etc/firewalld/zones/{{ item.name }}.xml
        mode: 0640
-      loop: "{{ __firewalld_zones }}"
+      loop: "{{ __firewalld_zones | difference(firewalld_zones_unmanaged) }}"
      loop_control:
        label: "{{ item.name }}"
      notify: __firewalld_reload
@ -93,7 +93,9 @@
        state: absent
      loop: "{{ __firewalld_zones_active.files | map(attribute='path') | list }}"
      notify: __firewalld_reload
-      when: (item | basename | splitext | first) not in (__firewalld_zones | map(attribute='name') | list)
+      when:
+        - (item | basename | splitext | first) not in (__firewalld_zones | map(attribute='name') | list)
+        - (item not in firewalld_zones_unmanaged)

    - name: Validate deployed configuration
      command: firewall-offline-cmd --check-config