Fix StrongSwan handlers - handlers cannot be blocks

Ansible handlers cannot be blocks. Fixed by: 1. Making each handler a separate task that can notify the next handler 2. restart strongswan -> notifies -> wait for strongswan 3. rereadcrls -> notifies -> purgecrls This maintains the proper execution order while conforming to Ansible's handler constraints. The wait and retry logic is preserved. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-03 10:33:13 +02:00 · 2025-08-06 21:41:31 -07:00 · 2025-08-06 21:41:31 -07:00 · 4479c0318a
commit 4479c0318a
parent bb9a9aab59
1 changed files with 17 additions and 19 deletions
--- a/roles/strongswan/handlers/main.yml
+++ b/roles/strongswan/handlers/main.yml
@ -1,16 +1,15 @@
 ---
 - name: restart strongswan
-  block:
-    - name: restart strongswan service
-      service: name={{ strongswan_service }} state=restarted
+  service: name={{ strongswan_service }} state=restarted
+  notify: wait for strongswan

-    - name: wait for strongswan to be ready
-      wait_for:
-        port: 500
-        host: 127.0.0.1
-        delay: 2
-        timeout: 30
-        state: started
+- name: wait for strongswan
+  wait_for:
+    port: 500
+    host: 127.0.0.1
+    delay: 2
+    timeout: 30
+    state: started

 - name: daemon-reload
  systemd: daemon_reload=true
@ -19,13 +18,12 @@
  service: name=apparmor state=restarted

 - name: rereadcrls
-  block:
-    - name: reload certificate revocation lists
-      command: ipsec rereadcrls
-      register: rereadcrls_result
-      retries: 3
-      delay: 2
-      until: rereadcrls_result.rc == 0
+  command: ipsec rereadcrls
+  register: rereadcrls_result
+  retries: 3
+  delay: 2
+  until: rereadcrls_result.rc == 0
+  notify: purgecrls

-    - name: purge old certificate revocation lists
-      command: ipsec purgecrls
+- name: purgecrls
+  command: ipsec purgecrls