Comments (16)
How are you formatting these plays? Copy and pasting them from your post errors out because everything is on a single line.
But if you separate them out into separate lines like this:
- name: Firewall settings
firewalld: zone=public port=8080/tcp permanent=true state=enabled
firewalld: zone=public port=8983/tcp permanent=true state=enabled
firewalld: zone=public port=443/tcp permanent=true state=enabled
firewalld: zone=public port=80/tcp permanent=true state=enabled
- shell: firewall-cmd --reload
I can confirm the issue, but your 'workaround' doesn't even do as much as the above. Ansible appears to only be running the last action listed in each task, so your workaround only reloads firewalld without adding any ports to it.
If I change the play to have each firewalld action be its own task (with the shell reload command at the end), it works as expected.
Could you also post which version of ansible you are running? I (partially) recreated it in version 1.8.2
Markdown ProTip: You can format your play as code (preserving - and new lines) by starting the line with 4 spaces.
from ansible-modules-extras.
what i've been doing is this:
firewalld:
service: "{{ item.service }}"
permanent: "{{ item.permanent }}"
state: enabled
with_items:
- { service: 'postgresql', permanent: true }
- { service: 'postgresql', permanent: false }
no need for a manual reload call.
ansible 1.9 will feature an option called immediate to apply the option immediately, but for now, this is the best way to use firewalld from ansible. The current permanent false option is the same thing as enabling at runtime.
EDIT: with some clever usage of jinja cycle i can probably simplify it, but i didn't bother, since the fix is coming in 1.9
from ansible-modules-extras.
I'll redo yours in a simlar fashion as mine:
firewalld:
port: "{{ item.port }}"
permanent: "{{ item.permanent }}"
state: enabled
with_items:
- { port: '8080', permanent: true }
- { port: '8080', permanent: false }
- { port: '8983', permanent: true }
- { port: '8938', permanent: false }
- { port: '443', permanent: true }
- { port: '443', permanent: false }
- { port: '80', permanent: true }
- { port: '80', permanent: false }
from ansible-modules-extras.
Hi,
thanks for the formating tips. For your information I was using version on centos 7:
[root@localhost ~]# ansible-playbook --version
ansible-playbook 1.7.2
from ansible-modules-extras.
[module: system/firewalld.py]
from ansible-modules-extras.
@xrow Thanks for submitting this bug report. Apologies for taking so long to triage it. Since this bug has been open for a while, we would appreciate if you can verify if you are still seeing the reported behavior in the latest version.
If you are seeing the reported behavior, just let us know and we will leave the bug open and notify the module maintainer.
If you are no longer seeing the reported behavior, please let us know and we will close the bug report.
from ansible-modules-extras.
Just to confirm this might still be a live issue: I saw this the other day - using more than one firewalld action in a single task with immediate=yes and permanent=true results in only the last action being saved. Ansible 1.9.4, running on CentOS 6.6 against CentOS 7 servers.
I worked around it by using separate tasks for each firewalld rule, which works fine, so this isn't a major problem.
from ansible-modules-extras.
@maxamillion, ping. This issue is still waiting on your response.
click here for bot help
from ansible-modules-extras.
@maxamillion, ping. This issue is still waiting on your response.
click here for bot help
from ansible-modules-extras.
@maxamillion, ping. This issue is still waiting on your response.
click here for bot help
from ansible-modules-extras.
I have this fixed in a topic branch (linked below), but am awaiting #3108 be merged so they don't conflict.
https://github.com/maxamillion/ansible-modules-extras/tree/fix-permanent-immediate
from ansible-modules-extras.
resolved_by_pr 3112
from ansible-modules-extras.
@maxamillion, ping. This issue is still waiting on your response.
click here for bot help
from ansible-modules-extras.
@maxamillion, ping. This issue is still waiting on your response.
click here for bot help
from ansible-modules-extras.
resolved_by_pr 3112
from ansible-modules-extras.
from ansible-modules-extras.
Related Issues (20)
- win_updates Not working on localized Windows Server 2012R2 (russian) HOT 3
- Pushover Hostname api.pushover.net:443 doesn't match HOT 2
- ipa_user: fails with 'repsonse user_mod: no modifications to be performed' if sshpubkey is an empty list and user has no public keys in FreeIPA HOT 2
- ovirt_clusters fails with 'NoneType' object has no attribute 'policy' HOT 2
- locale_gen fails with python3 HOT 1
- Region eu-west-2 missing on ansible-2.2 ec2 module HOT 1
- kubernetes library module doesn't support `apis/extensions/v1beta1/` HOT 2
- customer GW module HOT 1
- composer: Unable to use "working-dir" with spaces HOT 1
- Add instance_type to ec2_remote_facts result HOT 1
- v HOT 1
- openvswitch_bridge ansible 2.3.0 HOT 1
- win_regedit - Not adding new reg entries HOT 1
- EFS Name is blank when created with ansible efs module HOT 1
- pexpect 4.0.1 Ansible variable issue HOT 1
- module vmware_vm_facts folder HOT 1
- installing npm mongodb error HOT 3
- Ovirt_vms module to support custom VM UUID HOT 1
- vmware vsphere_guest with drs HOT 1
- Getting "HTTP Error 504": HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-modules-extras.