From c5773c8c45150dbc2530d0207d555159afa51301 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 26 Jun 2023 13:04:15 -0700
Subject: [PATCH] base / iptables: fix some syntax issues

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/base/tasks/main.yml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index 739a913ce8..53ebd785cf 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -149,8 +149,9 @@
   - base
 
 - name: setup builder ipset if this is a new install
-  command: /usr/sbin/ipset create osbuildapi hash:ip
-  creates: /etc/sysconfig/ipset-osbuildapi
+  shell: "/usr/sbin/ipset create osbuildapi hash:ip; touch /etc/sysconfig/ipset-osbuildapi"
+  args:
+      creates: /etc/sysconfig/ipset-osbuildapi
   when: "'osbuild' in group_names"
   tags:
     - base
@@ -169,8 +170,9 @@
   when: "'iad2' not in inventory_hostname or ( datacenter == 'iad2' and external == 'true')"
 
 - name: setup blocklist ipset if this is a new install
-  command: /usr/sbin/ipset create blocklist hash:ip
-  creates: /etc/sysconfig/blocklist
+  command: "/usr/sbin/ipset create blocklist hash:ip; touch /etc/sysconfig/ipset-blocklist"
+  args:
+      creates: /etc/sysconfig/ipset-blocklist
   when: "'iad2' not in inventory_hostname or ( datacenter == 'iad2' and external == 'true')"
   tags:
     - base