Ensure to remove old packages (iptables,…).

2017-08-18 09:25:28 +02:00 · 2017-08-18 09:25:28 +02:00 · f2d586c176
parent e439f6ae5f
commit f2d586c176
4 changed files with 19 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,6 +1,9 @@

 ## v1.2

+### Features
+* Ensure to remove old packages (iptables,…).
+
 ### Fixes
 * Ensure to create the the directory to store the differents configuration files (/etc/nftables.d).

--- a/README.md
+++ b/README.md
@ -7,8 +7,8 @@
 3. [Example Playbook](#example-playbook)
 4. [Configuration](#configuration)
 5. [Development](#development)
-5. [License](#license)
-6. [Author Information](#author-information)
+6. [License](#license)
+7. [Author Information](#author-information)

 ## Overview

@ -20,6 +20,9 @@ Highly inspired by [Mike Gleason firewall role][mikegleasonjr firewall github] (

 * **nft_pkg_manage** : If `nftables` package(s) should be managed with this role [default : `true`].
 * **nft_pkg_state** : State of new `nftables` package(s) [default : `installed`].
+* **nft_old_pkg_list** : The list of useless packages to remove (such as Iptables,…) [default : `iptables`].
+* **nft_old_pkg_state** : State of old package(s) [default : `absent`].
+* **nft_old_pkg_manage** : If old package(s) should be managed with this role [default : `true`].
 * **nft_conf_dir_path** : Directory to store the differents Nftables configuration files [default : `/etc/nftables.d`].
 * **nft_main_conf_path** : Main configuration file loaded by systemd unit [default : `/etc/nftables.conf`].
 * **nft_main_conf_content** : Template used to generate the previous main configuration file [default : `etc/nftables.conf.j2`].
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -4,6 +4,9 @@
 # packages
 nft_pkg_manage: true
 nft_pkg_state: 'installed'
+nft_old_pkg_list: 'iptables'
+nft_old_pkg_state: 'absent'
+nft_old_pkg_manage: true

 # files
 nft_conf_dir_path: '/etc/nftables.d'
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -9,7 +9,7 @@
    - "{{ ansible_os_family|lower }}.yml"

 # package {{{
- name: Manage packages
+- name: INSTALL Manage nftables packages
  package:
    name: '{{ item }}'
    state: '{{ nft_pkg_state }}'
@ -17,6 +17,13 @@
    - '{{ nft_pkg_list }}'
  when: nft_pkg_manage

+- name: INSTALL Remove iptables packages
+  apt:
+    name: '{{ item }}'
+    state: '{{ nft_old_pkg_state }}'
+  with_items:
+    - '{{ nft_old_pkg_list }}'
+  when: nft_old_pkg_manage
 # }}}

 # conf {{{