From 477f4f722c1d199b3af946c7cdbf4ae891472b74 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gardais=20J=C3=A9r=C3=A9my?= Date: Fri, 30 Jul 2021 12:20:27 +0200 Subject: [PATCH] Ensure to disable nftables unit from old target --- CHANGELOG.md | 1 + handlers/main.yml | 3 ++- tasks/main.yml | 13 +++++++++++-- 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 942a4ef..84d189e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,7 @@ ### Fixed * Ansible-lint: Fix line longer than 160 chars. * Start nftables systemd unit earlier (thanks to @kravietz − PR #19). +* Ensure to disable nftables systemd unit from old target. ## v1.7.0 diff --git a/handlers/main.yml b/handlers/main.yml index bfebe7b..6d6e9cb 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -5,7 +5,8 @@ - name: Restart nftables service systemd: daemon_reload: '{{ (nftables__register_systemd_service.changed | default(False)) or - (nftables__register_fail2ban_service.changed | default(False)) }}' + (nftables__register_fail2ban_service.changed | default(False)) or + (nftables__register_fix_systemd_target.changed | default(False)) }}' state: 'restarted' name: '{{ nft_service_name }}' enabled: '{{ nft_service_enabled }}' diff --git a/tasks/main.yml b/tasks/main.yml index 02826e1..f7b7fe9 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -174,8 +174,8 @@ when: (nft_enabled|bool and nft__nat_table_manage|bool) -# Manage service [[[1 -- name: Install Debian systemd service unit +# Manage nftables service [[[1 +- name: Install nftables Debian systemd service unit template: src: '{{ nft_service_unit_content }}' dest: '{{ nft_service_unit_path }}' @@ -187,6 +187,15 @@ nft_service_manage|bool) notify: ['Restart nftables service'] +- name: Ensure to remove nftables systemd service from old target + file: + path: '/etc/systemd/system/multi-user.target.wants/nftables.service' + state: absent + register: nftables__register_fix_systemd_target + when: (nft_enabled|bool and + nft_service_manage|bool) + notify: ['Restart nftables service'] + # Manage custom fail2ban service [[[1 - name: Create Fail2Ban custom directory for systemd service file: