Ansible Fail2ban-versions

Role Variables

Example Playbook

- hosts: servers
     - { role: fail2ban-versions, x: 42 }



Construct Image

jeremy% molecule test
--> Validating schema fail2ban-versions/molecule/default/molecule.yml.
Validation completed successfully.
--> Test matrix
└── default
    ├── lint
    ├── dependency
    ├── cleanup
    ├── destroy
    ├── syntax
    ├── create
    ├── prepare
    ├── converge
    ├── idempotence
    ├── side_effect
    ├── verify
    ├── cleanup
    └── destroy
--> Scenario: 'default'
--> Action: 'lint'
--> Executing Yamllint on files found in fail2ban-versions/...
Lint completed successfully.
--> Executing Flake8 on files found in fail2ban-versions/molecule/default/tests/...
Lint completed successfully.
--> Executing Ansible Lint on fail2ban-versions/molecule/default/playbook.yml...
Lint completed successfully.
--> Scenario: 'default'
--> Action: 'dependency'
Skipping, missing the requirements file.
--> Scenario: 'default'
--> Action: 'cleanup'
Skipping, cleanup playbook not configured.
--> Scenario: 'default'
--> Action: 'destroy'
--> Sanity checks: 'docker'
    PLAY [Destroy] *****************************************************************
    TASK [Destroy molecule instance(s)] ********************************************
    changed: [localhost] => (item=instance)
    TASK [Wait for instance(s) deletion to complete] *******************************
    FAILED - RETRYING: Wait for instance(s) deletion to complete (300 retries left).
    ok: [localhost] => (item=None)
    ok: [localhost]
    TASK [Delete docker network(s)] ************************************************
    PLAY RECAP *********************************************************************
    localhost                  : ok=2    changed=1    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0
--> Scenario: 'default'
--> Action: 'syntax'
--> Sanity checks: 'docker'
    playbook: fail2ban-versions/molecule/default/playbook.yml
--> Scenario: 'default'
--> Action: 'create'
    PLAY [Create] ******************************************************************
    TASK [Log into a Docker registry] **********************************************
    skipping: [localhost] => (item=None) 
    TASK [Create Dockerfiles from image names] *************************************
    changed: [localhost] => (item=None)
    changed: [localhost]
    TASK [Determine which docker image info module to use] *************************
    ok: [localhost]
    TASK [Discover local Docker images] ********************************************
    ok: [localhost] => (item=None)
    ok: [localhost]
    TASK [Build an Ansible compatible image (new)] *********************************
    ok: [localhost] => (item=molecule_local/debian:jessie)
    TASK [Build an Ansible compatible image (old)] *********************************
    skipping: [localhost] => (item=molecule_local/debian:jessie) 
    TASK [Create docker network(s)] ************************************************
    TASK [Determine the CMD directives] ********************************************
    ok: [localhost] => (item=None)
    ok: [localhost]
    TASK [Create molecule instance(s)] *********************************************
    changed: [localhost] => (item=instance)
    TASK [Wait for instance(s) creation to complete] *******************************
    FAILED - RETRYING: Wait for instance(s) creation to complete (300 retries left).
    changed: [localhost] => (item=None)
    changed: [localhost]
    PLAY RECAP *********************************************************************
    localhost                  : ok=7    changed=3    unreachable=0    failed=0    skipped=3    rescued=0    ignored=0
--> Scenario: 'default'
--> Action: 'prepare'
Skipping, prepare playbook not configured.
--> Scenario: 'default'
--> Action: 'converge'
    PLAY [Converge] ****************************************************************
    TASK [Gathering Facts] *********************************************************
    ok: [instance]
    TASK [fail2ban-versions : Update APT] ******************************************

    changed: [instance]
    TASK [fail2ban-versions : Install dependencies] ********************************
    changed: [instance]
    TASK [fail2ban-versions : Git clone fail2ban] **********************************
    ok: [instance]
    TASK [fail2ban-versions : Execute Script] **************************************
    ok: [instance]
    TASK [fail2ban-versions : Install global configuration of fail2ban] ************
    changed: [instance]
    TASK [fail2ban-versions : Template files] **************************************
    skipping: [instance] => (item=fail2ban-versions/templates/filters/wordpress-xmlrpc-nginx.conf) 
    changed: [instance] => (item=fail2ban-versions/templates/filters/wordpress-xmlrpc-apache.conf)
    TASK [fail2ban-versions : Check status of fail2ban] ****************************
    fatal: [instance]: FAILED! => {"changed": false, "cmd": ["fail2ban-client", "status"], "delta": "0:00:00.484857", "end": "2019-08-19 14:46:34.417955", "msg": "non-zero return code", "rc": 255, "start": "2019-08-19 14:46:33.933098", "stderr": "2019-08-19 14:46:34,417 fail2ban                [6190]: ERROR   Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?", "stderr_lines": ["2019-08-19 14:46:34,417 fail2ban                [6190]: ERROR   Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?"], "stdout": "", "stdout_lines": []}
    TASK [fail2ban-versions : Start fail2ban-client] *******************************
    changed: [instance]
    TASK [fail2ban-versions : Clean clone directory tmp fail2ban repository] *******
    ok: [instance]
    TASK [Check fail2ban-client works] *********************************************
    ok: [instance]
    TASK [Check extension every plugins install] ***********************************
    ok: [instance] => (item=wordpress-xmlrpc-apache)
    ok: [instance] => (item=apache-auth)
    ok: [instance] => (item=apache-badbots)
    ok: [instance] => (item=apache-noscript)
    ok: [instance] => (item=apache-overflows)
    ok: [instance] => (item=apache-nohome)
    ok: [instance] => (item=apache-botsearch)
    ok: [instance] => (item=apache-fakegooglebot)
    ok: [instance] => (item=apache-modsecurity)
    ok: [instance] => (item=apache-shellshock)
    ok: [instance] => (item=zoneminder)
    PLAY RECAP *********************************************************************
    instance                   : ok=12   changed=5    unreachable=0    failed=0    skipped=0    rescued=0    ignored=1   
--> Scenario: 'default'
--> Action: 'idempotence'
Idempotence completed successfully.
--> Scenario: 'default'
--> Action: 'side_effect'
Skipping, side effect playbook not configured.
--> Scenario: 'default'
--> Action: 'verify'
--> Executing Testinfra tests found in fail2ban-versions/molecule/default/tests/...
    ============================= test session starts ==============================
    platform linux -- Python 3.6.8, pytest-5.1.0, py-1.8.0, pluggy-0.12.0
    rootdir: fail2ban-versions/molecule/default
    plugins: testinfra-3.1.0
collected 1 item                                                               
    tests/ .                                                  [100%]
    ============================== 1 passed in 3.48s ===============================
Verifier completed successfully.
--> Scenario: 'default'
--> Action: 'cleanup'
Skipping, cleanup playbook not configured.
--> Scenario: 'default'
--> Action: 'destroy'
    PLAY [Destroy] *****************************************************************
    TASK [Destroy molecule instance(s)] ********************************************
    changed: [localhost] => (item=instance)
    TASK [Wait for instance(s) deletion to complete] *******************************
    FAILED - RETRYING: Wait for instance(s) deletion to complete (300 retries left).
    changed: [localhost] => (item=None)
    changed: [localhost]
    TASK [Delete docker network(s)] ************************************************
    PLAY RECAP *********************************************************************
    localhost                  : ok=2    changed=2    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0
--> Pruning extra files from scenario ephemeral directory


Install fail2ban, choose the version, and some custom jail







