search

debops / ansible-ferm

Manage iptables firewall using ferm
GNU General Public License v3.0
32 stars 20 forks source link

Failure on task: Remove firewall rules #114

Closed scosist closed 6 years ago

scosist commented 6 years ago

debops: 0.5.0 debops.postgresql_server: v0.3.6 debops.ferm: v0.3.0

excerpt from hosts:

[debops_service_postgresql_server]
my-host.fqdn

Running debops for new host, using defaults for postgresql_server:

TASK [debops.ferm : Remove firewall rules] *************************************
fatal: [my-host.fqdn]: FAILED! =>
{
  "failed": true,
  "msg": "{{ lookup(\"template\", \"lookup/ferm__parsed_rules.j2\", convert_data=False) | from_yaml }}: {{ ferm__default_rules + ferm__fix_dependent_rules + ferm__rules + ferm__group_rules + ferm__host_rules }}: {{ lookup(\"template\", \"lookup/ferm__fix_dependent_rules.j2\", convert_data=False) | from_json }}: [u'{{ postgresql_server__ferm__dependent_rules }}']: {u'rules': u'{% set postgresql_server__tpl_ports = [] %}\\n
{% for cluster in postgresql_server__clusters %}\\n
{% set _ = postgresql_server__tpl_ports.append(cluster.port) %}\\n
{% endfor %}\\n
{% if postgresql_server__tpl_ports|d() and postgresql_server__allow|d() %}\\n
domain $domains table filter chain INPUT {\\n
    protocol tcp dport ({{ postgresql_server__tpl_ports | unique | join(\" \") }}) {\\n
        @def $ITEMS = ( @ipfilter( ({{ postgresql_server__allow | unique | join(\" \") }}) ) );\\n
        @if @ne($ITEMS,\"\") {\\n
                saddr $ITEMS ACCEPT;\\n
        }\\n
    }\\n
}\\n
\\n
{% endif %}\\n
{% for cluster in postgresql_server__clusters %}\\n
{% if cluster.name|d() and cluster.port|d() and cluster.allow|d() %}\\n
domain $domains table filter chain INPUT {\\n
    protocol tcp dport ({{ cluster.port }}) {\\n
        @def $ITEMS = ( @ipfilter( ({{ cluster.allow | unique | join(\" \") }}) ) );\\n
        @if @ne($ITEMS,\"\") {\\n
                saddr $ITEMS ACCEPT;\\n
        }\\n
    }\\n
}\\n
{% endif %}\\n
{% endfor %}\\n', u'weight_class': u'default', u'type': u'custom', u'by_role': u'debops.postgresql_server', u'name': u'postgresql_custom_rules'}: 'list object' has no attribute 'port'"
}

I figure the 'list object' has no attribute 'port' failure is referring to cluster.port but I don't know why it's upset. postgresql_server_clusters by default is defined as [ '{{ postgresql_server__cluster_main }}' ] which by default has a name and port defined.

scosist commented 6 years ago

Disregard, my mistake. I had an old definition for postgresql_server__cluster_main in a group_vars file that was causing the failure:

postgresql_server__cluster_main:
  - name: 'main'
    port: '5432'

whereas the current default definition expects:

postgresql_server__cluster_main:
  name: 'main'
  port: '5432'

hence, the no attribute 'port' failure with the former.