Closed htgoebel closed 9 years ago
I would go with a different direction in this - instead of specifying which hosts types should or shouldn't manage iptables
, ferm role can just check if cap_net_admin
capability is present, or if capabilities are even enforced. This way, role will behave correctly (managing iptables or not), on any combination of hosts.
I'm looking into a way to add that information to Ansible.
drybjed has implemented a better solution.
Note:
|bool
is required due to the deficits of jinja evaluation and ansibles interpretation of results of jinja evaluation.