fix: undo changes done with the systemd override for rpcbind.socket, because...

fix: undo changes done with the systemd override for rpcbind.socket, because the 'ListenStream=' and 'ListenDatagram=' don't work like I thought and are useless for what we're trying to accomplish

fix: undo changes done with the systemd override for rpcbind.socket, because...
b1064159 · Jörg Sachse · 4f738758 · b1064159
Commit b1064159 authored 1 year ago by Jörg Sachse
--- a/tasks/configure_rpcbind.yml
+++ b/tasks/configure_rpcbind.yml
@@ -11,42 +11,7 @@
 - name: create directory for Systemd unit override
  ansible.builtin.file:
    path: "/etc/systemd/system/rpcbind.socket.d/"
-    state: directory
-    mode: "0755"
-  when: rpcbind_installed
-
- name: implement access control in rpcbind socket unit by creating an override - general settings
-  ansible.builtin.blockinfile:
-    path: "/etc/systemd/system/rpcbind.socket.d/override.conf"
-    create: true
-    mode: "0644"
-    marker: "### {mark} ANSIBLE MANAGED BLOCK - clear previous settings"
-    block: |
-      # from `man 5 systemd.socket`:
-      # "SOCK_STREAM (i.e. ListenStream=) when used for IP sockets refers to
-      # TCP sockets, SOCK_DGRAM (i.e. ListenDatagram=) to UDP."
-
-      # Clear any previously set options...
-      #ListenStream=0.0.0.0:111      # DISTRO DEFAULT
-      #ListenDatagram=0.0.0.0:111    # DISTRO DEFAULT
-      ListenStream=
-      ListenDatagram=
-      # ...and now set new stricter values in subsequent blocks.
-  when: rpcbind_installed
-  notify: daemon_reload
-
- name: implement access control in rpcbind socket unit by creating an override - interface specific settings
-  ansible.builtin.blockinfile:
-    path: "/etc/systemd/system/rpcbind.socket.d/override.conf"
-    create: true
-    mode: "0644"
-    marker: "### {mark} ANSIBLE MANAGED BLOCK - allow access for {{ item.source }}"
-    block: |
-      ListenStream={{ item.source }}
-      ListenDatagram={{ item.source }}
-  loop: "{{ vault_nfs_server_interfaces }}"
-  when: rpcbind_installed
-  notify: daemon_reload
+    state: absent

 - name: implement rpcbind access control in iptables
  ansible.builtin.iptables:
@@ -57,3 +22,4 @@
    jump: "ACCEPT"
  loop: "{{ vault_nfs_server_interfaces }}"
  notify: "save iptables rules"
+  when: rpcbind_installed