search

linux-system-roles / firewall

Configure firewalld and system-config-firewall
https://linux-system-roles.github.io/firewall/
GNU General Public License v2.0
57 stars 32 forks source link

Check mode fails when creating new firewall service #146

Closed Alveel closed 1 year ago

Alveel commented 1 year ago

What happened:

In my playbook firewall.yaml I first create a http-alt service, and then enable it in a subsequent task (I think this is the approach that must be taken? I tried to do it all in one but the role didn't seem to like that, and it seemed sensible to me.)

ansible-playbook firewall.yaml -v --check

TASK [linux-system-roles.firewall : Configure firewall] *******************************************************************************************************************************************************************************************************************
changed: [my-host] => (item={'service': 'http', 'state': 'enabled', 'zone': 'public', 'permanent': True}) => {"__firewall_changed": true, "ansible_loop_var": "item", "changed": true, "item": {"permanent": true, "service": "http", "state": "enabled", "zone": "public"}}
changed: [my-host] => (item={'service': 'http-alt', 'state': 'present', 'short': 'HTTP on alternative port', 'port': '8080/tcp', 'permanent': True}) => {"__firewall_changed": true, "ansible_loop_var": "item", "changed": true, "item": {"permanent": true, "port": "8080/tcp", "service": "http-alt", "short": "HTTP on alternative port", "state": "present"}}
failed: [my-host] (item={'service': 'http-alt', 'state': 'enabled', 'zone': 'public', 'permanent': True}) => {"ansible_loop_var": "item", "changed": false, "item": {"permanent": true, "service": "http-alt", "state": "enabled", "zone": "public"}, "msg": "INVALID_SERVICE: http-alt"}

The subsequent task fails because it does not recognise the service created in the previous task.

What you expected to happen:

The task to pass in check mode. I'd be fine even if it had something like the official Ansible documentation suggests:

ignore_errors: "{{ ansible_check_mode }}"

How to reproduce it (as minimally and precisely as possible):

With the following variables in your playbook using this role:

firewall:
  - service: http-alt
    state: present
    short: HTTP on alternative port
    port: 8080/tcp
    permanent: true
  - service: http-alt
    state: enabled
    zone: public
    permanent: true

Anything else we need to know?:

Environment: