-
name: Check if postgres is already allowed via IPv4
shell: grep ‘^-A\ INPUT\ -s\ {{roundcube_host}}\ -p\ tcp\ -m\ state\ –state\ NEW\ -m\ tcp\ –dport\ 5432\ -j\ ACCEPT’ /etc/sysconfig/iptables >/dev/null 2>&1
ignore_errors: true
register: result -
name: Allow incoming IPv4 PostGreSQL connections through iptables
lineinfile: dest=/etc/sysconfig/iptables
regexp=‘^-A\ INPUT\ -s\ {{roundcube_host}}\ -p\ tcp\ -m\ state\ –state\ NEW\ -m\ tcp\ –dport\ 5432\ -j\ ACCEPT’
insertbefore=‘^-A\ INPUT\ -j\ LOGGING’
line=“-A INPUT -s {{roundcube_host}} -p tcp -m state --state NEW -m tcp --dport 5432 -j ACCEPT”
when: result|failed
notify: Restart iptables
My test will always fail because I’m sure it’s trying to evaluate the {{roundcube_host}} variable without escaping the periods in the IP address.
I could write a sed recipe that will read out {{roundcube_host}}, insert backslashes before dots, and write that to a new variable. But has this wheel already been invented? I can assume the presence of tools like sed on the target host, but not on the host that’s running the playbook. And it’s possible that the playbook might be run from either a GNU or BSD system, and a recipe I write for one might not work with the other. It seems a little messy to send this to the remote host for operations and bring the result back 