Reworked ufw logic to not use change_when keyword

because it's not available in a stable ansible release yet

roles/common/tasks/ufw.yml

@@ -26,13 +26,15 @@
   register: ufw_status
   changed_when: False  # never report as "changed"
 
-- name: Enable ufw
-  command: ufw --force enable
-  when: "ufw_status.stdout.startswith('Status: inactive')"
-  register: ufw_enable
-  # ignore error resulting from known bug on Debian 7
-  failed_when: ufw_enable|failed and not ansible_lsb['codename'] == 'wheezy'
+- name: Check config of ufw
+  command: cat /etc/ufw/ufw.conf
+  register: ufw_config
+  changed_when: False  # never report as "changed"
 
-- name: Enable ufw again (workaround for known bug in Debian 7)
+- name: Disable logging (workaround for known bug in Debian 7)
+  command: ufw logging off
+  when: "ansible_lsb['codename'] == 'wheezy' and 'LOGLEVEL=off' not in ufw_config.stdout"
+
+- name: Enable ufw
   command: ufw --force enable
-  when: "ufw_status.stdout.startswith('Status: inactive') and ansible_lsb['codename'] == 'wheezy'"
+  when: "ufw_status.stdout.startswith('Status: inactive') or 'ENABLED=yes' not in ufw_config.stdout"