flatkey / ansible-firewalld-role Goto Github PK
View Code? Open in Web Editor NEWAdvanced Base role to configure firewalld through variables.
License: MIT License
Advanced Base role to configure firewalld through variables.
License: MIT License
It's not possible to remove an interface from a zone or purge unconfigured interfaces.
In check mode, set firewalld default zone fails with this error:
The conditional check 'defaultzone.stdout != default_zone' failed. The error was: error while evaluating conditional (defaultzone.stdout != default_zone): 'dict object' has no attribute 'stdout'
because the tasks is skipped.
To prevent this, you should add check_mode: no
into the task :
- name: get actual firewalld default zone
command: /bin/firewall-cmd --get-default-zone
register: defaultzone
changed_when: false
check_mode: no
tags: firewalld
Thx
The example in README.md refers to "firewalld__zone_interface" but it should be "firewalld_zone_interface" (one underscore between firewall and zone).
The purge of unconfigured rich rules should be possible.
I'm getting this conditional check error since recently:
The conditional check 'firewalld_purge_services and item not in firewalld_service_rules' failed. The error was: error while evaluating conditional (firewalld_purge_services and item not in firewalld_service_rules): 'firewalld_purge_services' is undefined\n\nThe error appears to have been in '/var/lib/awx/projects/_10__soe/roles/FlatKey.firewalld/tasks/main.yml': line 53, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: purge unconfigured firewalld service rules\n ^ here\n
I don't have the firewalld_purge_services variable defined, but thought it was optional
set firewalld default zone fails when default_zone not set because of the conditional:
when: defaultzone.stdout != default_zone
I suggest removing the conditional altogether, as well as task "get actual firewalld default zone", since removing these would produce the same effect:
There seems to be a hardcoded interface name in https://github.com/FlatKey/ansible-firewalld-role/blob/master/tasks/main.yml#L25 :
if [[ "$(/bin/firewall-cmd --get-zone-of-interface=enp4s0)" != "public" ]]
Most tasks where a zone is required default to 'public'.
I suggest they should default to 'default_zone' and then to public, which can be achieved by doing this:
zone: "{{ item.value.zone|default(default_zone|default('public')) }}"
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.