firewalld: will remove previos rules about ansible-modules-extras HOT 16 CLOSED

How are you formatting these plays? Copy and pasting them from your post errors out because everything is on a single line.

But if you separate them out into separate lines like this:

- name: Firewall settings
  firewalld: zone=public port=8080/tcp permanent=true state=enabled
  firewalld: zone=public port=8983/tcp permanent=true state=enabled
  firewalld: zone=public port=443/tcp permanent=true state=enabled
  firewalld: zone=public port=80/tcp permanent=true state=enabled
- shell: firewall-cmd --reload

I can confirm the issue, but your 'workaround' doesn't even do as much as the above. Ansible appears to only be running the last action listed in each task, so your workaround only reloads firewalld without adding any ports to it.

If I change the play to have each firewalld action be its own task (with the shell reload command at the end), it works as expected.

Could you also post which version of ansible you are running? I (partially) recreated it in version 1.8.2

Markdown ProTip: You can format your play as code (preserving - and new lines) by starting the line with 4 spaces.

from ansible-modules-extras.

what i've been doing is this:

 firewalld:
    service: "{{ item.service }}"
    permanent: "{{ item.permanent }}"
    state: enabled
  with_items:
    - { service: 'postgresql', permanent: true }
    - { service: 'postgresql', permanent: false }

no need for a manual reload call.

ansible 1.9 will feature an option called immediate to apply the option immediately, but for now, this is the best way to use firewalld from ansible. The current permanent false option is the same thing as enabling at runtime.

EDIT: with some clever usage of jinja cycle i can probably simplify it, but i didn't bother, since the fix is coming in 1.9

from ansible-modules-extras.

I'll redo yours in a simlar fashion as mine:

 firewalld:
    port: "{{ item.port }}"
    permanent: "{{ item.permanent }}"
    state: enabled
  with_items:
    - { port: '8080', permanent: true }
    - { port: '8080', permanent: false }
    - { port: '8983', permanent: true }
    - { port: '8938', permanent: false }
    - { port: '443', permanent: true }
    - { port: '443', permanent: false }
    - { port: '80', permanent: true }
    - { port: '80', permanent: false }

from ansible-modules-extras.

Hi,
thanks for the formating tips. For your information I was using version on centos 7:

[root@localhost ~]# ansible-playbook --version
ansible-playbook 1.7.2

from ansible-modules-extras.

[module: system/firewalld.py]

from ansible-modules-extras.

@xrow Thanks for submitting this bug report. Apologies for taking so long to triage it. Since this bug has been open for a while, we would appreciate if you can verify if you are still seeing the reported behavior in the latest version.

If you are seeing the reported behavior, just let us know and we will leave the bug open and notify the module maintainer.

If you are no longer seeing the reported behavior, please let us know and we will close the bug report.

from ansible-modules-extras.

Just to confirm this might still be a live issue: I saw this the other day - using more than one firewalld action in a single task with immediate=yes and permanent=true results in only the last action being saved. Ansible 1.9.4, running on CentOS 6.6 against CentOS 7 servers.

I worked around it by using separate tasks for each firewalld rule, which works fine, so this isn't a major problem.

from ansible-modules-extras.

@maxamillion, ping. This issue is still waiting on your response.
click here for bot help

from ansible-modules-extras.

@maxamillion, ping. This issue is still waiting on your response.
click here for bot help

from ansible-modules-extras.

@maxamillion, ping. This issue is still waiting on your response.
click here for bot help

from ansible-modules-extras.

I have this fixed in a topic branch (linked below), but am awaiting #3108 be merged so they don't conflict.

https://github.com/maxamillion/ansible-modules-extras/tree/fix-permanent-immediate

from ansible-modules-extras.

resolved_by_pr 3112

from ansible-modules-extras.

@maxamillion, ping. This issue is still waiting on your response.
click here for bot help

from ansible-modules-extras.

@maxamillion, ping. This issue is still waiting on your response.
click here for bot help

from ansible-modules-extras.

resolved_by_pr 3112

from ansible-modules-extras.

#3112

from ansible-modules-extras.