Skip to content

Chapter 3 - Possible Firewall configuration issue #602

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wmbell65 opened this issue Feb 3, 2025 · 0 comments
Open

Chapter 3 - Possible Firewall configuration issue #602

wmbell65 opened this issue Feb 3, 2025 · 0 comments

Comments

@wmbell65
Copy link

wmbell65 commented Feb 3, 2025

Host configuration

Command host: RHEL 9..5 (Plow)
Ansible version: 2.14.17

Section: Configure the Database servers

The following commands fail:

ansible db -b -m firewalld -a "zone=database state=present permanent=yes"
ansible db -b -m firewalld -a "source=192.168.56.0/24 zone=database state=enabled permanent=yes"
ansible db -b -m firewalld -a "port=3306/tcp zone=database state=enabled permanent=yes"

The error message:

192.168.56.6 | FAILED! => {
    "msg": "The module firewalld was redirected to ansible.posix.firewalld, which could not be loaded."
}

To make the example code work, the ansible.posix collection is required. The collection is not supported until Ansible 2.15, but the default yum install of ansible-core installs 2.14. Newer versions can be downloaded from the Ansible community site and installed manually.

Workaround:
Modify the ansible commands as follows:

ansible db -b -a "firewall-cmd --new-zone=database --permanent"
ansible db -b -a "firewall-cmd --add-source=192.168.65.0/24 --zone=database --permanent"
ansible db -b -a "firewall-cmd --add-port=3306/tcp --zone=database --permanent"
ansible db -b -a "firewall-cmd --add-port=22/tcp --zone=database --permanent"
ansible db -b -a "firewall-cmd --set-default-zone=database"
ansible db -b -a "firewall-cmd --reload"

Note that port 22 for ssh needs to be opened in the database zone in order for vagrant ssh to be able to reconnect

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant