Closed madrover closed 7 years ago
@maxamillion ping, this issue is waiting for your response. click here for bot help
So the issues dues not seem to be related to the lack of the firewall but with isssues loading _ firewall.client import Rich_Rule.
[root@ansible config]# python
Python 2.7.5 (default, Sep 15 2016, 22:37:39)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-4)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from firewall.client import Rich_Rule
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.7/site-packages/firewall/client.py", line 28, in <module>
import dbus.mainloop.glib
ImportError: No module named mainloop.glib
Oddly enough, the package are installed:
[root@ansible config]# yum install dbus-glib-devel dbus-glib python-slip-dbus dbus-python firewalld
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: sunsite.rediris.es
* epel: mir01.syntis.net
* extras: sunsite.rediris.es
* updates: sunsite.rediris.es
Package dbus-glib-devel-0.100-7.el7.x86_64 already installed and latest version
Package dbus-glib-0.100-7.el7.x86_64 already installed and latest version
Package python-slip-dbus-0.4.0-2.el7.noarch already installed and latest version
Package dbus-python-1.1.1-9.el7.x86_64 already installed and latest version
Package firewalld-0.3.9-14.el7.noarch already installed and latest version
Nothing to do
and I can see the files:
[root@ansible config]# locate glib.py
/usr/lib/python2.7/site-packages/dbus/glib.py
/usr/lib/python2.7/site-packages/dbus/glib.pyc
/usr/lib/python2.7/site-packages/dbus/glib.pyo
/usr/lib/python2.7/site-packages/dbus/mainloop/glib.py
/usr/lib/python2.7/site-packages/dbus/mainloop/glib.pyc
/usr/lib/python2.7/site-packages/dbus/mainloop/glib.pyo
/usr/lib/python2.7/site-packages/pyudev/glib.py
/usr/lib/python2.7/site-packages/pyudev/glib.pyc
/usr/lib/python2.7/site-packages/pyudev/glib.pyo
/usr/lib64/python2.7/site-packages/dbus/glib.py
/usr/lib64/python2.7/site-packages/dbus/glib.pyc
/usr/lib64/python2.7/site-packages/dbus/glib.pyo
/usr/lib64/python2.7/site-packages/dbus/mainloop/glib.py
/usr/lib64/python2.7/site-packages/dbus/mainloop/glib.pyc
/usr/lib64/python2.7/site-packages/dbus/mainloop/glib.pyo
/usr/share/glib-2.0/gdb/glib.py
/usr/share/glib-2.0/gdb/glib.pyc
/usr/share/glib-2.0/gdb/glib.pyo
Any hint?
What's exact version of your CentOS? For me this module works fine on 7.1 without any additional effort:
[root@centos-7 ~]# ansible localhost -m firewalld -a 'state=enabled permanent=yes port=80/tcp'
[WARNING]: Host file not found: /etc/ansible/hosts
localhost | SUCCESS => {
"changed": false,
"msg": "Permanent operation"
}
My system:
[root@centos-7 vagrant]# ansible --version
ansible 2.1.0.0
config file =
configured module search path = Default w/o overrides
[root@centos-7 vagrant]# cat /etc/redhat-release
CentOS Linux release 7.1.1503 (Core)
[root@centos-7 vagrant]# rpm -qa|grep python
rpm-python-4.11.1-25.el7.x86_64
python-pip-7.1.0-1.el7.noarch
python-libs-2.7.5-39.el7_2.x86_64
python-devel-2.7.5-39.el7_2.x86_64
python-decorator-3.4.0-3.el7.noarch
python-slip-0.4.0-2.el7.noarch
python-configobj-4.7.2-7.el7.noarch
newt-python-0.52.15-4.el7.x86_64
python-urlgrabber-3.10-6.el7.noarch
python-backports-ssl_match_hostname-3.4.0.2-4.el7.noarch
python-pyudev-0.15-6.el7.noarch
python-2.7.5-39.el7_2.x86_64
dbus-python-1.1.1-9.el7.x86_64
libselinux-python-2.2.2-6.el7.x86_64
python-slip-dbus-0.4.0-2.el7.noarch
python-iniparse-0.4-9.el7.noarch
python-pycurl-7.19.0-17.el7.x86_64
python-backports-1.0-8.el7.x86_64
python-setuptools-0.9.8-3.el7.noarch
Here you have my data:
[root@ansible ~]# ansible localhost -m firewalld -a 'state=enabled permanent=yes port=80/tcp'
[WARNING]: Host file not found: /etc/ansible/hosts
localhost | FAILED! => {
"changed": false,
"failed": true,
"msg": "firewalld and its python 2 module are required for this module"
}
[root@ansible ~]# ansible --version
ansible 2.1.0.0
config file =
configured module search path = Default w/o overrides
[root@ansible ~]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
[root@ansible ~]# rpm -qa|grep python
python-backports-1.0-8.el7.x86_64
python-six-1.9.0-2.el7.noarch
python-2.7.5-39.el7_2.x86_64
dbus-python-1.1.1-9.el7.x86_64
python-pyasn1-0.1.6-2.el7.noarch
python-jinja2-2.7.2-2.el7.noarch
python-slip-dbus-0.4.0-2.el7.noarch
newt-python-0.52.15-4.el7.x86_64
python-chardet-2.2.1-1.el7_1.noarch
python-IPy-0.75-6.el7.noarch
policycoreutils-python-2.2.5-20.el7.x86_64
rpm-python-4.11.3-17.el7.x86_64
python-backports-ssl_match_hostname-3.4.0.2-4.el7.noarch
python-pip-7.1.0-1.el7.noarch
python-devel-2.7.5-39.el7_2.x86_64
python-libs-2.7.5-39.el7_2.x86_64
python2-ecdsa-0.13-4.el7.noarch
python-decorator-3.4.0-3.el7.noarch
python2-crypto-2.6.1-9.el7.x86_64
python-pyudev-0.15-7.el7_2.1.noarch
python-slip-0.4.0-2.el7.noarch
python-iniparse-0.4-9.el7.noarch
python-configobj-4.7.2-7.el7.noarch
python-kitchen-1.1.1-5.el7.noarch
python-urlgrabber-3.10-7.el7.noarch
python-babel-0.9.6-8.el7.noarch
python-keyczar-0.71c-2.el7.noarch
python-markupsafe-0.11-10.el7.x86_64
python-psycopg2-2.5.1-3.el7.x86_64
audit-libs-python-2.4.1-5.el7.x86_64
libxml2-python-2.9.1-6.el7_2.3.x86_64
libsemanage-python-2.1.10-18.el7.x86_64
python-virtualenv-1.10.1-2.el7.noarch
python-setuptools-0.9.8-4.el7.noarch
python2-paramiko-1.16.1-1.el7.noarch
python-httplib2-0.7.7-3.el7.noarch
libselinux-python-2.2.2-6.el7.x86_64
python-perf-3.10.0-327.36.1.el7.x86_64
python-meld3-0.6.10-1.el7.x86_64
python-pycurl-7.19.0-17.el7.x86_64
Likewise, this happens as well in ansible 2.1.3.0:
[root@ansible ~]# ansible --version
ansible 2.1.3.0
config file =
configured module search path = Default w/o overrides
[root@ansible ~]# ansible localhost -m firewalld -a 'state=enabled permanent=yes port=80/tcp'
[WARNING]: Host file not found: /etc/ansible/hosts
[WARNING]: provided hosts list is empty, only localhost is available
localhost | FAILED! => {
"changed": false,
"failed": true,
"msg": "firewalld and its python 2 module are required for this module"
}
However, if I upgrade to ansible 2.2.0.0 it works:
[root@ansible ~]# pip install ansible --upgrade
...
[root@ansible ~]# ansible --version
ansible 2.2.0.0
config file =
configured module search path = Default w/o overrides
[root@ansible ~]# ansible localhost -m firewalld -a 'state=enabled permanent=yes port=80/tcp'
[WARNING]: Host file not found: /etc/ansible/hosts
[WARNING]: provided hosts list is empty, only localhost is available
localhost | FAILED! => {
"changed": false,
"failed": true,
"msg": "firewalld service must be running"
}
I'm not sure what's the support plan for the 2.1 series. Might this be fixed on it or our only option is to upgrade Ansible to 2.2? We tend to develop for a specific Ansible version to avoid unexpected behaviors so changing versions is something that needs to be evaluated with care.
Hi @madrover
Are you sure firewalld
service is running?
Code in Ansible 2.1 does not differentiate between lack of firewalld library for python and between lack of connection to daemon - the displayed error is the same.
[root@centos-7 vagrant]# ansible localhost -m firewalld -a 'state=enabled permanent=yes port=443/tcp'
localhost | FAILED! => {
"changed": false,
"failed": true,
"msg": "firewalld and its python 2 module are required for this module"
}
[root@centos-7 vagrant]# systemctl start firewalld
[root@centos-7 vagrant]# ansible localhost -m firewalld -a 'state=enabled permanent=yes port=443/tcp'
localhost | SUCCESS => {
"changed": true,
"msg": "Permanent operation, Changed port 443/tcp to enabled"
}
needs_info
aha! You nailed it there. I'm using Vagrant's vanilla Centos 7 box to test our playbooks and it does not have Firewalld service enabled by default. Once started the Firewalld service has been started the module has starter working correctly:
[root@ansible ~]# ansible localhost -m firewalld -a 'state=enabled permanent=yes port=80/tcp'
[WARNING]: Host file not found: /etc/ansible/hosts
[WARNING]: provided hosts list is empty, only localhost is available
localhost | FAILED! => {
"changed": false,
"failed": true,
"msg": "firewalld and its python 2 module are required for this module"
}
[root@ansible ~]# service firewalld status
Redirecting to /bin/systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
[root@ansible ~]# service firewalld start
Redirecting to /bin/systemctl start firewalld.service
[root@ansible ~]# ansible localhost -m firewalld -a 'state=enabled permanent=yes port=80/tcp'
[WARNING]: Host file not found: /etc/ansible/hosts
[WARNING]: provided hosts list is empty, only localhost is available
localhost | SUCCESS => {
"changed": true,
"msg": "Permanent operation, Changed port 80/tcp to enabled"
}
So the workaround for Ansible 2.1 is to ensure that Firewalld service is started before executing any Firewalled module service.
Thank you very much, @krzysztof-magosa!
i got ansible 2.4.1.0-2.fc26 and have same issue
atal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "firewalld and its python 2 module are required for this module, version 2.0.11 or newer required (3.0.9 or newer for offline operations) \n No module named firewall.config"}
@mgamboa Fedora 26 doesn't have python2 version of the firewalld libraries installed by default, you can either set ansible_python_interpreter=/usr/bin/python3
as per Ansible python3 support or make sure to install the python-firewall
package which will pull in the python2 version of the firewalld libraries.
ISSUE TYPE
COMPONENT NAME
firewalld module
ANSIBLE VERSION
OS / ENVIRONMENT
SUMMARY
The module documentation states that: Requires the python2 bindings of firewalld, which may not be installed by default if the distribution switched to python 3 but these python2 bindings of firewalld do not seem to be available on Centos 7 and makes its execution fail.
STEPS TO REPRODUCE
Execute the following statement:
EXPECTED RESULTS
ACTUAL RESULTS