lueschem
commented
2 months ago Hi Nils
It looks like other ufw users are also running into the same issue: https://bugs.launchpad.net/ufw/+bug/1830127
The workaround proposed by Paul Wise might help. Otherwise you could try to generate the ufw rules file on your Compulab device and then copy the resulting rules file into the Ansible playbook (as I don't know the ufw details I am not sure if this could work out).
About testing and debugging an individual role:
- You might want to use the
--debugoption when building the image - then you can modify and repeat the playbook that was failing. This will save a lot of time. - You can step into the container (e.g.
lxc exec edi-2ebded6f-a5c2baac bash) and test out things manually. - You can make sure that you use
--recursive-clean 5to not entirely remove the bootstrapped artifacts. This will give a certain speedup.
What do you think: Would the Ansible start-at-task feature be useful in your case? If yes, I could try to expose this feature when edi is being used.
nils-ossenbrink
Hello Matthias,
I have an issue configuratind the ufw rules for my comulab gateway. Maybe you can point me to the right direction.
I added a role "ufw"
When executing the playbook I get the following error:
TASK [ufw : Reset UFW and deny everything] *********************************************************************************** fatal: [edi-2ebded6f-a5c2baac]: FAILED! => {"changed": false, "commands": ["/usr/sbin/ufw status verbose"], "msg": "ERROR: Couldn't determine iptables version\n"}I checked if I can read the version of iptables on the gateway:
compulab@iot-gate-imx8-0001c034e69b:~$ sudo iptables --version iptables v1.8.9 (nf_tables)Maybe it is not the right way of setting the rules? Should I copy a script which runs on first boot?
Additional question: Is it possible to test such a new role seperately without building the complete image?
Thanks for your help!
Cheers Nils