search

ikke-t / podman-container-systemd

creates systemd files and creates containers using podman
118 stars 44 forks source link

playbook fails on firewalld check. #11

Closed gleeman2 closed 4 years ago

gleeman2 commented 4 years ago

Hi

Playbook fails at below task. It seems to be an noted issue in RHEL 8.1b, but there seems to be no working resolution I could find. Possible solution, but not working https://github.com/ansible/ansible/issues/63254

Anyone have a workaround?

TASK [podman_container_systemd : ensure container's exposed ports firewall state] **** task path: /data/Containers/awx_pod/roles/podman_container_systemd/tasks/main.yml:179 <127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: root <127.0.0.1> EXEC /bin/sh -c 'echo ~root && sleep 0' <127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /root/.ansible/tmp/ansible-tmp-1588203708.2969663-77036133413819" && echo ansible-tmp-1588203708.2969663-77036133413819="echo /root/.ansible/tmp/ansible-tmp-1588203708.2969663-77036133413819" ) && sleep 0' Using module file /usr/lib/python3.6/site-packages/ansible/modules/system/firewalld.py <127.0.0.1> PUT /root/.ansible/tmp/ansible-local-13423frx74i3t/tmpysi5h_je TO /root/.ansible/tmp/ansible-tmp-1588203708.2969663-77036133413819/AnsiballZ_firewalld.py <127.0.0.1> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1588203708.2969663-77036133413819/ /root/.ansible/tmp/ansible-tmp-1588203708.2969663-77036133413819/AnsiballZ_firewalld.py && sleep 0' <127.0.0.1> EXEC /bin/sh -c '/usr/libexec/platform-python /root/.ansible/tmp/ansible-tmp-1588203708.2969663-77036133413819/AnsiballZ_firewalld.py && sleep 0' <127.0.0.1> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1588203708.2969663-77036133413819/ > /dev/null 2>&1 && sleep 0' The full traceback is: Traceback (most recent call last): File "/root/.ansible/tmp/ansible-tmp-1588203708.2969663-77036133413819/AnsiballZ_firewalld.py", line 114, in _ansiballz_main() File "/root/.ansible/tmp/ansible-tmp-1588203708.2969663-77036133413819/AnsiballZ_firewalld.py", line 106, in _ansiballz_main invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS) File "/root/.ansible/tmp/ansible-tmp-1588203708.2969663-77036133413819/AnsiballZ_firewalld.py", line 49, in invoke_module imp.load_module('main', mod, module, MOD_DESC) File "/usr/lib64/python3.6/imp.py", line 235, in load_module return load_source(name, filename, file) File "/usr/lib64/python3.6/imp.py", line 170, in load_source module = _exec(spec, sys.modules[name]) File "", line 618, in _exec File "", line 678, in exec_module File "", line 219, in _call_with_frames_removed File "/tmp/ansible_firewalld_payload_mcrd1b1l/main.py", line 869, in File "/tmp/ansible_firewalld_payload_mcrd1b1l/main.py", line 686, in main ValueError: too many values to unpack (expected 2)

failed: [127.0.0.1] (item=8052/tcp/tcp) => { "ansible_loop_var": "item", "changed": false, "item": "8052/tcp/tcp", "module_stderr": "Traceback (most recent call last):\n File \"/root/.ansible/tmp/ansible-tmp-1588203708.2969663-77036133413819/AnsiballZ_firewalld.py\", line 114, in \n _ansiballz_main()\n File \"/root/.ansible/tmp/ansible-tmp-1588203708.2969663-77036133413819/AnsiballZ_firewalld.py\", line 106, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/root/.ansible/tmp/ansible-tmp-1588203708.2969663-77036133413819/AnsiballZ_firewalld.py\", line 49, in invoke_module\n imp.load_module('main', mod, module, MOD_DESC)\n File \"/usr/lib64/python3.6/imp.py\", line 235, in load_module\n return load_source(name, filename, file)\n File \"/usr/lib64/python3.6/imp.py\", line 170, in load_source\n module = _exec(spec, sys.modules[name])\n File \"\", line 618, in _exec\n File \"\", line 678, in exec_module\n File \"\", line 219, in _call_with_frames_removed\n File \"/tmp/ansible_firewalld_payload_mcrd1b1l/main.py\", line 869, in \n File \"/tmp/ansible_firewalld_payload_mcrd1b1l/main.py\", line 686, in main\nValueError: too many values to unpack (expected 2)\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1 }

Snippit of playbook that fails. ----`-

[@container01 ~]$ sudo firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens192 sources: services: cockpit dhcpv6-client ssh ports: 7937-9986/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:

[@container01 ~]$ uname -a Linux container01.mtsu.edu 4.18.0-147.3.1.el8_1.x86_64 #1 SMP Wed Nov 27 01:11:44 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

[@container01 ~]$ cat /etc/os-release NAME="Red Hat Enterprise Linux" VERSION="8.1 (Ootpa)" ID="rhel" ID_LIKE="fedora" VERSION_ID="8.1" PLATFORM_ID="platform:el8" PRETTY_NAME="Red Hat Enterprise Linux 8.1 (Ootpa)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:redhat:enterprise_linux:8.1:GA" HOME_URL="https://www.redhat.com/" BUG_REPORT_URL="https://bugzilla.redhat.com/"

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8" REDHAT_BUGZILLA_PRODUCT_VERSION=8.1 REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux" REDHAT_SUPPORT_PRODUCT_VERSION="8.1"

Possible solution: https://github.com/ansible/ansible/issues/63254

ikke-t commented 4 years ago

If you are Red Hat Ansible customer, please file issue to Red Hat.

gleeman2 commented 4 years ago

Thank you, Ilkka I'll open a case and report back here on the findings.

gleeman2 commented 4 years ago

The issue was with the port values set container_firewall_ports in var. From the stdout, we found that the return port value for the item is ("item": "8052/tcp/tcp") which is the reason this error is being thrown. The port value should be "8052/tcp

cwawak commented 1 year ago

I'm still running into this. What was the actual solution, @gleeman?