search

cisagov / ansible-role-ufw

An Ansible role for installing Uncomplicated Firewall (UFW)
Creative Commons Zero v1.0 Universal
3 stars 1 forks source link

Fedora and Ubuntu Focal builds pass locally but fail in GitHub Actions #3

Open jsf9k opened 4 years ago

jsf9k commented 4 years ago

🐛 Bug Report

For reasons I haven't been able to discern, the Fedora and Ubuntu Focal molecule tests work fine locally but fail in GitHub Actions due to being unable to perform some iptables operations. I would think this was due to some kernel module not being loaded in the underlying host instance, except that other platforms pass just fine in GitHub Actions.

Note that:

To Reproduce

Steps to reproduce the behavior:

Expected behavior

The Fedora and Ubuntu Focal runs should behave the same whether run locally or in GitHub Actions.

Any helpful log output

All three failing platforms fail in the same way:

    TASK [ansible-role-ufw : Configure UFW logging and state] **********************
  fatal: [fedora38-systemd]: FAILED! => {"changed": false, "commands": ["/usr/sbin/ufw status verbose", "/usr/bin/grep -h '^### tuple' /lib/ufw/user.rules /lib/ufw/user6.rules /etc/ufw/user.rules /etc/ufw/user6.rules /var/lib/ufw/user.rules /var/lib/ufw/user6.rules", "/usr/sbin/ufw -f enable"], "msg": "ERROR: initcaps\n[Errno 2] ip6tables v1.8.9 (legacy): can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)\nPerhaps ip6tables or your kernel needs to be upgraded.\n\n"}
mcdonnnj commented 1 year ago

Just wanted to mention trying again with the new ubuntu-22.04 runners to see if the behavior remains.

jsf9k commented 4 months ago

Just wanted to mention trying again with the new ubuntu-22.04 runners to see if the behavior remains.

The behavior remains with the ubuntu-22.04 runners. Possibly the forthcoming ubuntu-24.04 runners will make a difference.

dav3r commented 4 months ago

FYI @jsf9k the log output in the PR description above is from Ubuntu Xenial and Bionic, not Ubuntu Focal or Fedora. Can you either provide up-to-date error output or otherwise clarify thangs (in case you want to preserve the old log output)?

jsf9k commented 4 months ago

FYI @jsf9k the log output in the PR description above is from Ubuntu Xenial and Bionic, not Ubuntu Focal or Fedora. Can you either provide up-to-date error output or otherwise clarify thangs (in case you want to preserve the old log output)?

Now all three failing platforms fail in the same way, and I updated the log output in the PR description.