Merge pull request #7 from inviqa/feature/digital_ocean_use_sudo

introduce `digital_ocean_use_sudo`

README.md

@@ -50,6 +50,10 @@ This parameter is necessary and mandatory in the process to temporarily disable
 Default: `true`
 This parameter is necessary and mandatory to define how the `iptables` will be used: via a firewall role or via raw `iptables`
 
+#### [`digital_ocean_use_sudo`][digital_ocean_use_sudo]
+Default: `false`
+This parameter is necessary and mandatory to define if the `become` parameter as to be used when managing firewall or iptables. not necessary if setting `ansible_user: root`
+
 ## Example Playbook
 ----------------
 
@@ -87,4 +91,5 @@ https://github.com/inviqa/ansible-digitalocean-floating-ip/blob/master/defaults/
 [digital_ocean_smtp_ports]: https://github.com/inviqa/ansible-digitalocean-floating-ip/blob/master/defaults/main.yml#L7 "Link to variable on master"
 [digital_ocean_iptables_temp_file]: https://github.com/inviqa/ansible-digitalocean-floating-ip/blob/master/defaults/main.yml#L8 "Link to variable on master"
 [digital_ocean_use_firewall]: https://github.com/inviqa/ansible-digitalocean-floating-ip/blob/master/defaults/main.yml#L9 "Link to variable on master"
+[digital_ocean_use_sudo]: https://github.com/inviqa/ansible-digitalocean-floating-ip/blob/master/defaults/main.yml#L10 "Link to variable on master"
 [licence]: https://raw.githubusercontent.com/inviqa/ansible-digitalocean-floating-ip/master/LICENSE

defaults/main.yml

@@ -9,4 +9,5 @@ digital_ocean_floating_ip: ""
 digital_ocean_smtp_ports: ["25","465","587","2525","2526"]
 digital_ocean_iptables_temp_file: "/tmp/iptables.save"
 digital_ocean_use_firewall: true
+digital_ocean_use_sudo: false
 ...

tasks/assign_new_floating_ip.yml

@@ -23,8 +23,12 @@
   register: do_floating_ip_create_new_json_response
   when: not floating_ip_is_already_assigned_to_this_droplet
 
+- set_fact:
+    do_droplet_floating_ip_address: "{{do_floating_ip_create_new_json_response.json.floating_ip.ip}}"
+  when: not floating_ip_is_already_assigned_to_this_droplet and do_floating_ip_create_new_json_response.status != 422
+
 - debug:
-    msg: "The new Floating IP {{ do_floating_ip_create_new_json_response.json.floating_ip.ip }} has been assigned to the droplet {{ digital_ocean_droplet_id }}"
+    msg: "The new Floating IP {{ do_droplet_floating_ip_address }} has been assigned to the droplet {{ digital_ocean_droplet_id }}"
   when: not floating_ip_is_already_assigned_to_this_droplet and do_floating_ip_create_new_json_response.status != 422
 
 - set_fact:

tasks/check_iptables_is_installed.yml

@@ -4,10 +4,11 @@
   register: iptables_status
   ignore_errors: true
   changed_when: false
+  become: "{{ digital_ocean_use_sudo }}"
 
 - name: Check if `iptables` is installed
   set_fact:
-    iptables_is_installed: "{{ not 'not found' in iptables_status.stdout }}"
+    iptables_is_installed: "{{ not ('not found' in iptables_status.stdout and 'non-zero return code' in iptables_status.msg) }}"
 
 - debug:
     msg: "Warning ==> iptables is not installed"

tasks/flush_iptables.yml

@@ -2,8 +2,10 @@
 - name: Save IPTABLES rules to a temporary file
   shell: iptables-save > "{{ digital_ocean_iptables_temp_file }}"
   changed_when: false
+  become: "{{ digital_ocean_use_sudo }}"
 
 - name: Flush IPTABLES NAT table to be able to retrive the Anchor IP
   command: iptables -F -t nat
   changed_when: false
+  become: "{{ digital_ocean_use_sudo }}"
 ...

tasks/restore_iptables.yml

@@ -2,10 +2,12 @@
 - name: Restore IPTABLES NAT Status from the temporary file
   command: iptables-restore "{{ digital_ocean_iptables_temp_file }}"
   changed_when: false
+  become: "{{ digital_ocean_use_sudo }}"
 
 - name: Dispose of the IPTABLES rules temporary file
   file:
     path: "{{ digital_ocean_iptables_temp_file }}"
     state: absent
   changed_when: false
+  become: "{{ digital_ocean_use_sudo }}"
 ...

tests/group_vars/all/main.yml

@@ -4,6 +4,4 @@
     hostname: "{{ inventory_hostname }}-test-with-ansible"
     digital_ocean_use_firewall: true
     do_test_tag: "ANSIBLE-TEST"
-
-
 ...