Native YAML - system (#3625)

* Native YAML - system

* Remove comment that is not applicable to the code
This commit is contained in:
Fabio Alessandro Locati 2016-12-02 15:48:22 +00:00 committed by Matt Clay
parent 737c6afb54
commit cc25f24475
26 changed files with 514 additions and 135 deletions

View file

@ -73,16 +73,29 @@ author: "Brian Coca (@bcoca)"
EXAMPLES = '''
# Set default locale to fr_FR.UTF-8
debconf: name=locales question='locales/default_environment_locale' value=fr_FR.UTF-8 vtype='select'
- debconf:
name: locales
question: locales/default_environment_locale
value: fr_FR.UTF-8
vtype: select
# set to generate locales:
debconf: name=locales question='locales/locales_to_be_generated' value='en_US.UTF-8 UTF-8, fr_FR.UTF-8 UTF-8' vtype='multiselect'
- debconf:
name: locales
question: locales/locales_to_be_generated
value: en_US.UTF-8 UTF-8, fr_FR.UTF-8 UTF-8
vtype: multiselect
# Accept oracle license
debconf: name='oracle-java7-installer' question='shared/accepted-oracle-license-v1-1' value='true' vtype='select'
- debconf:
name: oracle-java7-installer
question: shared/accepted-oracle-license-v1-1
value: true
vtype: select
# Specifying package you can register/return the list of questions and current values
debconf: name='tzdata'
- debconf:
name: tzdata
'''
def get_selections(module, pkg):

View file

@ -58,10 +58,15 @@ notes:
EXAMPLES = '''
# Create a ext2 filesystem on /dev/sdb1.
- filesystem: fstype=ext2 dev=/dev/sdb1
- filesystem:
fstype: ext2
dev: /dev/sdb1
# Create a ext4 filesystem on /dev/sdb1 and check disk blocks.
- filesystem: fstype=ext4 dev=/dev/sdb1 opts="-cc"
- filesystem:
fstype: ext4
dev: /dev/sdb1
opts: -cc
'''
def _get_dev_size(dev, module):

View file

@ -94,14 +94,48 @@ author: "Adam Miller (@maxamillion)"
'''
EXAMPLES = '''
- firewalld: service=https permanent=true state=enabled
- firewalld: port=8081/tcp permanent=true state=disabled
- firewalld: port=161-162/udp permanent=true state=enabled
- firewalld: zone=dmz service=http permanent=true state=enabled
- firewalld: rich_rule='rule service name="ftp" audit limit value="1/m" accept' permanent=true state=enabled
- firewalld: source='192.168.1.0/24' zone=internal state=enabled
- firewalld: zone=trusted interface=eth2 permanent=true state=enabled
- firewalld: masquerade=yes state=enabled permanent=true zone=dmz
- firewalld:
service: https
permanent: true
state: enabled
- firewalld:
port: 8081/tcp
permanent: true
state: disabled
- firewalld:
port: 161-162/udp
permanent: true
state: enabled
- firewalld:
zone: dmz
service: http
permanent: true
state: enabled
- firewalld:
rich_rule: 'rule service name="ftp" audit limit value="1/m" accept'
permanent: true
state: enabled
- firewalld:
source: 192.0.2.0/24
zone: internal
state: enabled
- firewalld:
zone: trusted
interface: eth2
permanent: true
state: enabled
- firewalld:
masquerade: yes
state: enabled
permanent: true
zone: dmz
'''
from ansible.module_utils.basic import AnsibleModule

View file

@ -59,24 +59,40 @@ author: Brian Coca
EXAMPLES = '''
# get root user info
- getent: database=passwd key=root
- debug: var=getent_passwd
- getent:
database: passwd
key: root
- debug:
var: getent_passwd
# get all groups
- getent: database=group split=':'
- debug: var=getent_group
- getent:
database: group
split: ':'
- debug:
var: getent_group
# get all hosts, split by tab
- getent: database=hosts
- debug: var=getent_hosts
- getent:
database: hosts
- debug:
var: getent_hosts
# get http service info, no error if missing
- getent: database=services key=http fail_key=False
- debug: var=getent_services
- getent:
database: services
key: http
fail_key: False
- debug:
var: getent_services
# get user password hash (requires sudo/root)
- getent: database=shadow key=www-data split=:
- debug: var=getent_shadow
- getent:
database: shadow
key: www-data
split: ':'
- debug:
var: getent_shadow
'''

View file

@ -121,26 +121,53 @@ author: "Taneli Leppä (@rosmo)"
EXAMPLES = """
- name: create gluster volume
gluster_volume: state=present name=test1 bricks=/bricks/brick1/g1 rebalance=yes cluster="192.168.1.10,192.168.1.11"
gluster_volume:
state: present
name: test1
bricks: /bricks/brick1/g1
rebalance: yes
cluster:
- 192.0.2.10
- 192.0.2.11
run_once: true
- name: tune
gluster_volume: state=present name=test1 options='{performance.cache-size: 256MB}'
gluster_volume:
state: present
name: test1
options:
performance.cache-size: 256MB
- name: start gluster volume
gluster_volume: state=started name=test1
gluster_volume:
state: started
name: test1
- name: limit usage
gluster_volume: state=present name=test1 directory=/foo quota=20.0MB
gluster_volume:
state: present
name: test1
directory: /foo
quota: 20.0MB
- name: stop gluster volume
gluster_volume: state=stopped name=test1
gluster_volume:
state: stopped
name: test1
- name: remove gluster volume
gluster_volume: state=absent name=test1
gluster_volume:
state: absent
name: test1
- name: create gluster volume with multiple bricks
gluster_volume: state=present name=test2 bricks="/bricks/brick1/g2,/bricks/brick2/g2" cluster="192.168.1.10,192.168.1.11"
gluster_volume:
state: present
name: test2
bricks: /bricks/brick1/g2,/bricks/brick2/g2
cluster:
- 192.0.2.10
- 192.0.2.11
run_once: true
"""

View file

@ -295,25 +295,49 @@ options:
EXAMPLES = '''
# Block specific IP
- iptables: chain=INPUT source=8.8.8.8 jump=DROP
- iptables:
chain: INPUT
source: 8.8.8.8
jump: DROP
become: yes
# Forward port 80 to 8600
- iptables: table=nat chain=PREROUTING in_interface=eth0 protocol=tcp match=tcp destination_port=80 jump=REDIRECT to_ports=8600 comment="Redirect web traffic to port 8600"
- iptables:
table: nat
chain: PREROUTING
in_interface: eth0
protocol: tcp
match: tcp
destination_port: 80
jump: REDIRECT
to_ports: 8600
comment: Redirect web traffic to port 8600
become: yes
# Allow related and established connections
- iptables: chain=INPUT ctstate=ESTABLISHED,RELATED jump=ACCEPT
- iptables:
chain: INPUT
ctstate: ESTABLISHED,RELATED
jump: ACCEPT
become: yes
# Tag all outbound tcp packets with DSCP mark 8
- iptables: chain=OUTPUT jump=DSCP table=mangle set_dscp_mark=8 protocol=tcp
- iptables:
chain: OUTPUT
jump: DSCP
table: mangle
set_dscp_mark: 8
protocol: tcp
# Tag all outbound tcp packets with DSCP DiffServ class CS1
- iptables: chain=OUTPUT jump=DSCP table=mangle set_dscp_mark_class=CS1 protocol=tcp
- iptables:
chain: OUTPUT
jump: DSCP
table: mangle
set_dscp_mark_class: CS1
protocol: tcp
'''
def append_param(rule, param, flag, is_list):
if is_list:
for item in param:

View file

@ -52,7 +52,9 @@ requirements: []
EXAMPLES = '''
# Blacklist the nouveau driver module
- kernel_blacklist: name=nouveau state=present
- kernel_blacklist:
name: nouveau
state: present
'''

View file

@ -62,11 +62,11 @@ author: "Matthew Vernon (@mcv21)"
'''
EXAMPLES = '''
# Example using with_file to set the system known_hosts file
- name: tell the host about our servers it might want to ssh to
known_hosts: path='/etc/ssh/ssh_known_hosts'
name='foo.com.invalid'
key="{{ lookup('file', 'pubkeys/foo.com.invalid') }}"
known_hosts:
path: /etc/ssh/ssh_known_hosts
name: foo.com.invalid
key: "{{ lookup('file', 'pubkeys/foo.com.invalid') }}"
'''
# Makes sure public host keys are present or absent in the given known_hosts

View file

@ -40,7 +40,9 @@ options:
EXAMPLES = '''
# Ensure a locale exists.
- locale_gen: name=de_CH.UTF-8 state=present
- locale_gen:
name: de_CH.UTF-8
state: present
'''
import os

View file

@ -66,17 +66,24 @@ notes:
EXAMPLES = '''
# Create a volume group on top of /dev/sda1 with physical extent size = 32MB.
- lvg: vg=vg.services pvs=/dev/sda1 pesize=32
- lvg:
vg: vg.services
pvs: /dev/sda1
pesize: 32
# Create or resize a volume group on top of /dev/sdb1 and /dev/sdc5.
# If, for example, we already have VG vg.services on top of /dev/sdb1,
# this VG will be extended by /dev/sdc5. Or if vg.services was created on
# top of /dev/sda5, we first extend it with /dev/sdb1 and /dev/sdc5,
# and then reduce by /dev/sda5.
- lvg: vg=vg.services pvs=/dev/sdb1,/dev/sdc5
- lvg:
vg: vg.services
pvs: /dev/sdb1,/dev/sdc5
# Remove a volume group with name vg.services.
- lvg: vg=vg.services state=absent
- lvg:
vg: vg.services
state: absent
'''
def parse_vgs(data):

View file

@ -92,52 +92,109 @@ notes:
EXAMPLES = '''
# Create a logical volume of 512m.
- lvol: vg=firefly lv=test size=512
- lvol:
vg: firefly
lv: test
size: 512
# Create a logical volume of 512m with disks /dev/sda and /dev/sdb
- lvol: vg=firefly lv=test size=512 pvs=/dev/sda,/dev/sdb
- lvol:
vg: firefly
lv: test
size: 512
pvs: /dev/sda,/dev/sdb
# Create cache pool logical volume
- lvol: vg=firefly lv=lvcache size=512m opts='--type cache-pool'
- lvol:
vg: firefly
lv: lvcache
size: 512m
opts: --type cache-pool
# Create a logical volume of 512g.
- lvol: vg=firefly lv=test size=512g
- lvol:
vg: firefly
lv: test
size: 512g
# Create a logical volume the size of all remaining space in the volume group
- lvol: vg=firefly lv=test size=100%FREE
- lvol:
vg: firefly
lv: test
size: 100%FREE
# Create a logical volume with special options
- lvol: vg=firefly lv=test size=512g opts="-r 16"
- lvol:
vg: firefly
lv: test
size: 512g
opts: -r 16
# Extend the logical volume to 1024m.
- lvol: vg=firefly lv=test size=1024
- lvol:
vg: firefly
lv: test
size: 1024
# Extend the logical volume to consume all remaining space in the volume group
- lvol: vg=firefly lv=test size=+100%FREE
- lvol:
vg: firefly
lv: test
size: +100%FREE
# Extend the logical volume to take all remaining space of the PVs
- lvol: vg=firefly lv=test size=100%PVS
- lvol:
vg: firefly
lv: test
size: 100%PVS
# Resize the logical volume to % of VG
- lvol: vg-firefly lv=test size=80%VG force=yes
- lvol:
vg: firefly
lv: test
size: 80%VG
force: yes
# Reduce the logical volume to 512m
- lvol: vg=firefly lv=test size=512 force=yes
- lvol:
vg: firefly
lv: test
size: 512
force: yes
# Set the logical volume to 512m and do not try to shrink if size is lower than current one
- lvol: vg=firefly lv=test size=512 shrink=no
- lvol:
vg: firefly
lv: test
size: 512
shrink: no
# Remove the logical volume.
- lvol: vg=firefly lv=test state=absent force=yes
- lvol:
vg: firefly
lv: test
state: absent
force: yes
# Create a snapshot volume of the test logical volume.
- lvol: vg=firefly lv=test snapshot=snap1 size=100m
- lvol:
vg: firefly
lv: test
snapshot: snap1
size: 100m
# Deactivate a logical volume
- lvol: vg=firefly lv=test active=false
- lvol:
vg: firefly
lv: test
active: false
# Create a deactivated logical volume
- lvol: vg=firefly lv=test size=512g active=false
- lvol:
vg: firefly
lv: test
size: 512g
active: false
'''
import re

View file

@ -46,10 +46,13 @@ options:
EXAMPLES = '''
# Build the default target
- make: chdir=/home/ubuntu/cool-project
- make:
chdir: /home/ubuntu/cool-project
# Run `install` target as root
- make: chdir=/home/ubuntu/cool-project target=install
- make:
chdir: /home/ubuntu/cool-project
target: install
become: yes
# Pass in extra arguments to build

View file

@ -52,9 +52,15 @@ options:
EXAMPLES = '''
# Add the 802.1q module
- modprobe: name=8021q state=present
- modprobe:
name: 8021q
state: present
# Add the dummy module
- modprobe: name=dummy state=present params="numdummies=2"
- modprobe:
name: dummy
state: present
params: 'numdummies=2'
'''
from ansible.module_utils.basic import *

View file

@ -88,18 +88,28 @@ options:
EXAMPLES = '''
# perform a discovery on 10.1.2.3 and show available target nodes
- open_iscsi: show_nodes=yes discover=yes portal=10.1.2.3
- open_iscsi:
show_nodes: yes
discover: yes
portal: 10.1.2.3
# discover targets on portal and login to the one available
# (only works if exactly one target is exported to the initiator)
- open_iscsi: portal={{iscsi_target}} login=yes discover=yes
- open_iscsi:
portal: '{{ iscsi_target }}'
login: yes
discover: yes
# description: connect to the named target, after updating the local
# persistent database (cache)
- open_iscsi: login=yes target=iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d
- open_iscsi:
login: yes
target: 'iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d'
# description: discconnect from the cached named target
- open_iscsi: login=no target=iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d"
- open_iscsi:
login: no
target: 'iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d'
'''
import glob

View file

@ -59,11 +59,20 @@ requirements:
EXAMPLES = '''
# Example action to start service httpd, if not running
- openwrt_init: state=started name=httpd
- openwrt_init:
state: started
name: httpd
# Example action to stop service cron, if running
- openwrt_init: name=cron state=stopped
- openwrt_init:
name: cron
state: stopped
# Example action to reload service httpd, in all cases
- openwrt_init: name=httpd state=reloaded
- openwrt_init:
name: httpd
state: reloaded
# Example action to enable service httpd
- openwrt_init:
name: httpd

View file

@ -72,15 +72,43 @@ notes:
'''
EXAMPLES = '''
- osx_defaults: domain=com.apple.Safari key=IncludeInternalDebugMenu type=bool value=true state=present
- osx_defaults: domain=NSGlobalDomain key=AppleMeasurementUnits type=string value=Centimeters state=present
- osx_defaults: domain=com.apple.screensaver host=currentHost key=showClock type=int value=1
- osx_defaults: key=AppleMeasurementUnits type=string value=Centimeters
- osx_defaults:
domain: com.apple.Safari
key: IncludeInternalDebugMenu
type: bool
value: true
state: present
- osx_defaults:
domain: NSGlobalDomain
key: AppleMeasurementUnits
type: string
value: Centimeters
state: present
- osx_defaults:
domain: com.apple.screensaver
host: currentHost
key: showClock
type: int
value: 1
- osx_defaults:
key: AppleMeasurementUnits
type: string
value: Centimeters
- osx_defaults:
key: AppleLanguages
type: array
value: ["en", "nl"]
- osx_defaults: domain=com.geekchimp.macable key=ExampleKeyToRemove state=absent
value:
- en
- nl
- osx_defaults:
domain: com.geekchimp.macable
key: ExampleKeyToRemove
state: absent
'''
import datetime

View file

@ -89,13 +89,27 @@ options:
EXAMPLES = '''
# Add or modify nofile soft limit for the user joe
- pam_limits: domain=joe limit_type=soft limit_item=nofile value=64000
- pam_limits:
domain: joe
limit_type: soft
limit_item: nofile
value: 64000
# Add or modify fsize hard limit for the user smith. Keep or set the maximal value.
- pam_limits: domain=smith limit_type=hard limit_item=fsize value=1000000 use_max=yes
- pam_limits:
domain: smith
limit_type: hard
limit_item: fsize
value: 1000000
use_max: yes
# Add or modify memlock, both soft and hard, limit for the user james with a comment.
- pam_limits: domain=james limit_type=- limit_item=memlock value=unlimited comment="unlimited memory lock for james"
- pam_limits:
domain: james
limit_type: -
limit_item: memlock
value: unlimited
comment: unlimited memory lock for james
'''
def main():

View file

@ -102,19 +102,25 @@ EXAMPLES = '''
- puppet
# Run puppet and timeout in 5 minutes
- puppet: timeout=5m
- puppet:
timeout: 5m
# Run puppet using a different environment
- puppet: environment=testing
- puppet:
environment: testing
# Run puppet using a specific certname
- puppet: certname=agent01.example.com
- puppet:
certname: agent01.example.com
# Run puppet using a specific piece of Puppet code. Has no effect with a
# puppetmaster.
- puppet: execute='include ::mymodule'
- puppet:
execute: 'include ::mymodule'
# Run puppet using a specific tags
- puppet: tags=update,nginx
- puppet:
tags: update,nginx
'''

View file

@ -72,7 +72,10 @@ author: Dag Wieers
EXAMPLES = '''
# Allow apache to modify files in /srv/git_repos
- sefcontext: target='/srv/git_repos(/.*)?' setype=httpd_git_rw_content_t state=present
- sefcontext:
target: '/srv/git_repos(/.*)?'
setype: httpd_git_rw_content_t
state: present
'''
RETURN = '''
@ -255,4 +258,4 @@ def main():
if __name__ == '__main__':
main()
main()

View file

@ -56,7 +56,9 @@ author: Michael Scherer <misc@zarb.org>
'''
EXAMPLES = '''
- selinux_permissive: name=httpd_t permissive=true
- selinux_permissive:
name: httpd_t
permissive: true
'''
HAVE_SEOBJECT = False

View file

@ -61,11 +61,25 @@ author: Dan Keder
EXAMPLES = '''
# Allow Apache to listen on tcp port 8888
- seport: ports=8888 proto=tcp setype=http_port_t state=present
- seport:
ports: 8888
proto: tcp
setype: http_port_t
state: present
# Allow sshd to listen on tcp port 8991
- seport: ports=8991 proto=tcp setype=ssh_port_t state=present
- seport:
ports: 8991
proto: tcp
setype: ssh_port_t
state: present
# Allow memcached to listen on tcp ports 10000-10100 and 10112
- seport: ports=10000-10100,10112 proto=tcp setype=memcache_port_t state=present
- seport:
ports: 10000-10100,10112
proto: tcp
setype: memcache_port_t
state: present
'''
try:

View file

@ -107,31 +107,55 @@ options:
EXAMPLES = '''
# Create and install a zone, but don't boot it
solaris_zone: name=zone1 state=present path=/zones/zone1 sparse=true root_password="Be9oX7OSwWoU."
config='set autoboot=true; add net; set physical=bge0; set address=10.1.1.1; end'
- solaris_zone:
name: zone1
state: present
path: /zones/zone1
sparse: true
root_password: Be9oX7OSwWoU.
config: 'set autoboot=true; add net; set physical=bge0; set address=10.1.1.1; end'
# Create and install a zone and boot it
solaris_zone: name=zone1 state=running path=/zones/zone1 root_password="Be9oX7OSwWoU."
config='set autoboot=true; add net; set physical=bge0; set address=10.1.1.1; end'
- solaris_zone:
name: zone1
state: running
path: /zones/zone1
root_password: Be9oX7OSwWoU.
config: 'set autoboot=true; add net; set physical=bge0; set address=10.1.1.1; end'
# Boot an already installed zone
solaris_zone: name=zone1 state=running
- solaris_zone:
name: zone1
state: running
# Stop a zone
solaris_zone: name=zone1 state=stopped
- solaris_zone:
name: zone1
state: stopped
# Destroy a zone
solaris_zone: name=zone1 state=absent
- solaris_zone:
name: zone1
state: absent
# Detach a zone
solaris_zone: name=zone1 state=detached
- solaris_zone:
name: zone1
state: detached
# Configure a zone, ready to be attached
solaris_zone: name=zone1 state=configured path=/zones/zone1 root_password="Be9oX7OSwWoU."
config='set autoboot=true; add net; set physical=bge0; set address=10.1.1.1; end'
- solaris_zone:
name: zone1
state: configured
path: /zones/zone1
root_password: Be9oX7OSwWoU.
config: 'set autoboot=true; add net; set physical=bge0; set address=10.1.1.1; end'
# Attach a zone
solaris_zone: name=zone1 state=attached attach_options='-u'
- solaris_zone:
name: zone1
state: attached
attach_options=: -u
'''
class Zone(object):

View file

@ -67,22 +67,35 @@ options:
EXAMPLES = '''
# Example action to start svc dnscache, if not running
- svc: name=dnscache state=started
- svc:
name: dnscache
state: started
# Example action to stop svc dnscache, if running
- svc: name=dnscache state=stopped
- svc:
name: dnscache
state: stopped
# Example action to kill svc dnscache, in all cases
- svc : name=dnscache state=killed
- svc:
name: dnscache
state: killed
# Example action to restart svc dnscache, in all cases
- svc : name=dnscache state=restarted
- svc:
name: dnscache
state: restarted
# Example action to reload svc dnscache, in all cases
- svc: name=dnscache state=reloaded
- svc:
name: dnscache
state: reloaded
# Example using alt svc directory location
- svc: name=dnscache state=reloaded service_dir=/var/service
- svc:
name: dnscache
state: reloaded
service_dir: /var/service
'''
import platform

View file

@ -71,7 +71,8 @@ diff:
EXAMPLES = '''
- name: set timezone to Asia/Tokyo
timezone: name=Asia/Tokyo
timezone:
name: Asia/Tokyo
'''

View file

@ -125,60 +125,103 @@ options:
EXAMPLES = '''
# Allow everything and enable UFW
ufw: state=enabled policy=allow
- ufw:
state: enabled
policy: allow
# Set logging
ufw: logging=on
- ufw:
logging: on
# Sometimes it is desirable to let the sender know when traffic is
# being denied, rather than simply ignoring it. In these cases, use
# reject instead of deny. In addition, log rejected connections:
ufw: rule=reject port=auth log=yes
- ufw:
rule: reject
port: auth
log: yes
# ufw supports connection rate limiting, which is useful for protecting
# against brute-force login attacks. ufw will deny connections if an IP
# address has attempted to initiate 6 or more connections in the last
# 30 seconds. See http://www.debian-administration.org/articles/187
# for details. Typical usage is:
ufw: rule=limit port=ssh proto=tcp
- ufw:
rule: limit
port: ssh
proto: tcp
# Allow OpenSSH. (Note that as ufw manages its own state, simply removing
# a rule=allow task can leave those ports exposed. Either use delete=yes
# or a separate state=reset task)
ufw: rule=allow name=OpenSSH
- ufw:
rule: allow
name: OpenSSH
# Delete OpenSSH rule
ufw: rule=allow name=OpenSSH delete=yes
- ufw:
rule: allow
name: OpenSSH
delete: yes
# Deny all access to port 53:
ufw: rule=deny port=53
- ufw:
rule: deny
port: 53
# Allow port range 60000-61000
ufw: rule=allow port=60000:61000
- ufw:
rule: allow
port: '60000:61000'
# Allow all access to tcp port 80:
ufw: rule=allow port=80 proto=tcp
- ufw:
rule: allow
port: 80
proto: tcp
# Allow all access from RFC1918 networks to this host:
ufw: rule=allow src={{ item }}
with_items:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
- ufw:
rule: allow
src: '{{ item }}'
with_items:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
# Deny access to udp port 514 from host 1.2.3.4:
ufw: rule=deny proto=udp src=1.2.3.4 port=514
- ufw:
rule: deny
proto: udp
src: 1.2.3.4
port: 514
# Allow incoming access to eth0 from 1.2.3.5 port 5469 to 1.2.3.4 port 5469
ufw: rule=allow interface=eth0 direction=in proto=udp src=1.2.3.5 from_port=5469 dest=1.2.3.4 to_port=5469
- ufw:
rule: allow
interface: eth0
direction: in
proto: udp
src: 1.2.3.5
from_port: 5469
dest: 1.2.3.4
to_port: 5469
# Deny all traffic from the IPv6 2001:db8::/32 to tcp port 25 on this host.
# Note that IPv6 must be enabled in /etc/default/ufw for IPv6 firewalling to work.
ufw: rule=deny proto=tcp src=2001:db8::/32 port=25
- ufw:
rule: deny
proto: tcp
src: '2001:db8::/32'
port: 25
# Deny forwarded/routed traffic from subnet 1.2.3.0/24 to subnet 4.5.6.0/24.
# Can be used to further restrict a global FORWARD policy set to allow
ufw: rule=deny route=yes src=1.2.3.0/24 dest=4.5.6.0/24
- ufw:
rule: deny
route: yes
src: 1.2.3.0/24
dest: 4.5.6.0/24
'''
from operator import itemgetter

View file

@ -54,22 +54,38 @@ author: "Johan Wiren (@johanwiren)"
EXAMPLES = '''
# Create a new file system called myfs in pool rpool with the setuid property turned off
- zfs: name=rpool/myfs state=present setuid=off
- zfs:
name: rpool/myfs
state: present
setuid: off
# Create a new volume called myvol in pool rpool.
- zfs: name=rpool/myvol state=present volsize=10M
- zfs:
name: rpool/myvol
state: present
volsize: 10M
# Create a snapshot of rpool/myfs file system.
- zfs: name=rpool/myfs@mysnapshot state=present
- zfs:
name: rpool/myfs@mysnapshot
state: present
# Create a new file system called myfs2 with snapdir enabled
- zfs: name=rpool/myfs2 state=present snapdir=enabled
- zfs:
name: rpool/myfs2
state: present
snapdir: enabled
# Create a new file system by cloning a snapshot
- zfs: name=rpool/cloned_fs state=present origin=rpool/myfs@mysnapshot
- zfs:
name: rpool/cloned_fs
state: present
origin: rpool/myfs@mysnapshot
# Destroy a filesystem
- zfs: name=rpool/myfs state=absent
- zfs:
name: rpool/myfs
state: absent
'''