Check mode fails with replacing previous rules

linux-system-roles / firewall

Configure firewalld and system-config-firewall

https://linux-system-roles.github.io/firewall/

GNU General Public License v2.0

57 stars 32 forks source link

Check mode fails with replacing previous rules #151

Closed myllynen closed 1 year ago

myllynen commented 1 year ago

When using previous: replaced and check mode, the playbook fails with the following error:

TASK [rhel-system-roles.firewall : Calculate what has changed] ****************
Monday 26 June 2023  12:10:46 +0300 (0:00:00.104)       0:00:12.707 ***********                                      
task path: /usr/share/ansible/roles/rhel-system-roles.firewall/tasks/main.yml:130
fatal: [192.168.122.170]: FAILED! =>                                                                                   
    msg: |-                                                                                                            
        The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'stdout_lines'. 'dict object' has no attribute 'stdout_lines'

        The error appears to be in '/usr/share/ansible/roles/rhel-system-roles.firewall/tasks/main.yml': line 130, column 7, but may
        be elsewhere in the file depending on the exact syntax problem.

        The offending line appears to be:

            - name: Calculate what has changed
              ^ here

BrennanPaciorek commented 1 year ago

Hello myllynen,

I am having difficulty replicating this error.

All of my testing of previous: replaced in check mode has failed to reproduce this (or any) error. I have attempted to purge config in check mode both with a default firewall configuration and with the following configuration active:

- zone: customzone
  state: present
- set_default_zone: customzone
   state: enabled
 - service: [tftp, ftp]
   port: ['443/tcp', '443/udp']
   forward_port: ['447/tcp;;1.2.3.4',
                   '448/tcp;;1.2.3.5']
   state: enabled
- zone: internal
   service: [tftp, ftp]
   port: ['443/tcp', '443/udp']
   forward_port: ['447/tcp;;1.2.3.4',
                  '448/tcp;;1.2.3.5']
   state: enabled
- masquerade: true
- service: http
  state: enabled

Could you provide any instructions on how this error was initially produced?

Thank you,

Brennan Paciorek

juliaschindler commented 1 year ago

Hello! I am experiencing this error for example using the following playbook against a freshly installed RHEL 9.2 host:

---
- hosts: all
  become: true
  gather_facts: false

  tasks:
    - name: Test firewall configuration
      vars:
        firewall:
          - previous: replaced
          - service: cockpit
            zone: public
            state: disabled
            permanent: true
      ansible.builtin.include_role:
        name: rhel-system-roles.firewall

Running the playbook without --check it completes without error.

richm commented 1 year ago

https://github.com/linux-system-roles/firewall/pull/163

@juliaschindler are you able to test this?