firewalld not working on Fedora 28
Calling host: las113.las.kit.edu (Fedora 27)
Failing nodes: las118
Summary
All rules that work with the firewalld
module do not work with Fedora 28, because the firewalld module depends on python-firewalld
and does not work with python3-firewalld
as partly documented in the documentation
Steps to reproduce
Try to run the sshd task of the common role
What is the current bug behavior?
The role stops at task common : Open port 22 on Fedora/CentOS
What is the expected correct behaviour?
The role common runs and the firewall opens port 22 for ssh.
Relevant logs and/or screenshots
fatal: [las118.las.kit.edu]: FAILED! => {
"changed": false,
"module_stderr": "OpenSSH_7.6p1, OpenSSL 1.1.0h-fips 27 Mar 2018\r\ndebug1: Reading configuration data /home/gethmann/.ssh/config\r\ndebug1: /home/gethmann/.ssh/config line 124: Applying options for *\r\ndebug1: /home/gethmann/.ssh/config line 128: Deprecated option \"useroaming\"\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 2: Including file /etc/crypto-policies/back-ends/openssh.config depth 1\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-gex-sha1-,gss-group14-sha1-]\r\ndebug3: kex names ok: [curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]\r\ndebug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 4 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 25187\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 1\r\nShared connection to las118.las.kit.edu closed.\r\n",
"module_stdout": "\r\nTraceback (most recent call last):\r\n File \"/tmp/ansible_VyTTtl/ansible_module_firewalld.py\", line 1017, in <module>\r\n main()\r\n File \"/tmp/ansible_VyTTtl/ansible_module_firewalld.py\", line 811, in main\r\n if fw_offline:\r\nNameError: global name 'fw_offline' is not defined\r\n",
"msg": "MODULE FAILURE",
"rc": 1
}
Possible fixes
Search for other ways (iptables) to open the port. Just as a work-around till Python 3 is supported.
/cc @gethmann