New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

firewalld module fails to remove forwarding #43025

Open
juame opened this Issue Jul 19, 2018 · 12 comments

Comments

Projects
None yet
4 participants
@juame

juame commented Jul 19, 2018

SUMMARY

When I try to remove a port forwarding with state: disabled I've get an exception saying: ERROR: Exception caught: org.fedoraproject.FirewallD1.Exception: %x format: a number is required, not NoneType Permanent and Non-Permanent(immediate) operation

ISSUE TYPE
  • Bug Report
COMPONENT NAME

firewalld

ANSIBLE VERSION
ansible 2.6.1
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /bin/ansible
  python version = 2.7.5 (default, Jul 13 2018, 13:06:57) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
CONFIGURATION
OS / ENVIRONMENT

CentOS Linux release 7.5.1804 (Core)
firewalld 0.4.4.4 (firewall-cmd --version)

STEPS TO REPRODUCE
- name: ensure forwarding rule in firewalld
  firewalld:
    state: disabled
    rich_rule: rule family=ipv4 forward-port port=80 protocol=tcp to-port=8080
    zone: public
    permanent: true
    immediate: true
  become: yes
  notify: reload firewalld
EXPECTED RESULTS

Expected results would be that if the rich rule exists, it will be removed. If the rule doesn't exist anymore, it would say OK (unchanged).

ACTUAL RESULTS
TASK [role_xyz : ensure forwarding rule in firewalld] ********************************************************************************************************************************
task path: /vagrant/tasks/main.yml:23
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<localhost> EXEC /bin/sh -c 'echo ~root && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1532010752.74-196838908680302 `" && echo ansible-tmp-1532010752.74-196838908680302="` echo /root/.ansible/tmp/ansible-tmp-1532010752.74-196838908680302 `" ) && sleep 0'
Using module file /usr/lib/python2.7/site-packages/ansible/modules/system/firewalld.py
<localhost> PUT /root/.ansible/tmp/ansible-local-25138IhClqS/tmpvK5K0H TO /root/.ansible/tmp/ansible-tmp-1532010752.74-196838908680302/firewalld.py
<localhost> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1532010752.74-196838908680302/ /root/.ansible/tmp/ansible-tmp-1532010752.74-196838908680302/firewalld.py && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-tmp-1532010752.74-196838908680302/firewalld.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1532010752.74-196838908680302/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
  File "/tmp/ansible_NyKLYt/ansible_modlib.zip/ansible/module_utils/firewalld.py", line 103, in action_handler
    return action_func(*action_func_args)
  File "/tmp/ansible_NyKLYt/ansible_module_firewalld.py", line 421, in set_disabled_immediate
    self.fw.removeRichRule(self.zone, rule)
  File "<string>", line 2, in removeRichRule
  File "/usr/lib/python2.7/site-packages/slip/dbus/polkit.py", line 103, in _enable_proxy
    return func(*p, **k)
  File "<string>", line 2, in removeRichRule
  File "/usr/lib/python2.7/site-packages/firewall/client.py", line 53, in handle_exceptions
    return func(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/firewall/client.py", line 3017, in removeRichRule
    return dbus_to_python(self.fw_zone.removeRichRule(zone, rule))
  File "/usr/lib/python2.7/site-packages/slip/dbus/proxies.py", line 50, in __call__
    return dbus.proxies._ProxyMethod.__call__(self, *args, **kwargs)
  File "/usr/lib64/python2.7/site-packages/dbus/proxies.py", line 145, in __call__
    **keywords)
  File "/usr/lib64/python2.7/site-packages/dbus/connection.py", line 651, in call_blocking
    message, timeout)

fatal: [localhost]: FAILED! => {
    "changed": false, 
    "invocation": {
        "module_args": {
            "immediate": true, 
            "interface": null, 
            "masquerade": null, 
            "offline": null, 
            "permanent": true, 
            "port": null, 
            "rich_rule": "rule family=ipv4 forward-port port=80 protocol=tcp to-port=8080", 
            "service": null, 
            "source": null, 
            "state": "disabled", 
            "timeout": 0, 
            "zone": "public"
        }
    }, 
    "msg": "ERROR: Exception caught: org.fedoraproject.FirewallD1.Exception: %x format: a number is required, not NoneType Permanent and Non-Permanent(immediate) operation"
}
@ansibot

This comment has been minimized.

Show comment
Hide comment
@ansibot

ansibot Jul 19, 2018

Contributor

Files identified in the description:

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

Contributor

ansibot commented Jul 19, 2018

Files identified in the description:

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

@ansibot

This comment has been minimized.

Show comment
Hide comment
@ansibot
Contributor

ansibot commented Jul 19, 2018

@maxamillion

This comment has been minimized.

Show comment
Hide comment
@maxamillion

maxamillion Aug 15, 2018

Contributor

I'm sorry but I'm unable to reproduce. Is there any more information you can provide?

$ ansible-playbook /tmp/foo.yml
 [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does
not match 'all'


PLAY [test] *************************************************************************************************

TASK [ensure forwarding rule in firewalld] ******************************************************************
ok: [localhost]

PLAY RECAP **************************************************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=0

$ cat /tmp/foo.yml
- name: test
  hosts: localhost
  gather_facts: False
  tasks:
  - name: ensure forwarding rule in firewalld
    firewalld:
      state: disabled
      rich_rule: rule family=ipv4 forward-port port=80 protocol=tcp to-port=8080
      zone: public
      permanent: true
      immediate: true
    become: yes
    notify: reload firewalld

$ ansible --version
ansible 2.6.1
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, May 31 2018, 09:41:32) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
Contributor

maxamillion commented Aug 15, 2018

I'm sorry but I'm unable to reproduce. Is there any more information you can provide?

$ ansible-playbook /tmp/foo.yml
 [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does
not match 'all'


PLAY [test] *************************************************************************************************

TASK [ensure forwarding rule in firewalld] ******************************************************************
ok: [localhost]

PLAY RECAP **************************************************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=0

$ cat /tmp/foo.yml
- name: test
  hosts: localhost
  gather_facts: False
  tasks:
  - name: ensure forwarding rule in firewalld
    firewalld:
      state: disabled
      rich_rule: rule family=ipv4 forward-port port=80 protocol=tcp to-port=8080
      zone: public
      permanent: true
      immediate: true
    become: yes
    notify: reload firewalld

$ ansible --version
ansible 2.6.1
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, May 31 2018, 09:41:32) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
@maxamillion

This comment has been minimized.

Show comment
Hide comment
@maxamillion

maxamillion Aug 15, 2018

Contributor

needs_info

Contributor

maxamillion commented Aug 15, 2018

needs_info

@ansibot ansibot added the needs_info label Aug 15, 2018

@ansibot

This comment has been minimized.

Show comment
Hide comment
@ansibot

ansibot Sep 16, 2018

Contributor

@juame This issue is waiting for your response. Please respond or the issue will be closed.

click here for bot help

Contributor

ansibot commented Sep 16, 2018

@juame This issue is waiting for your response. Please respond or the issue will be closed.

click here for bot help

@juame

This comment has been minimized.

Show comment
Hide comment
@juame

juame Oct 1, 2018

@maxamillion sorry for the delay. Here a full example:

[root@localhost ~]# cat /tmp/foo.yml 
- name: test
  hosts: localhost
  gather_facts: False
  tasks:
  - name: ensure forwarding rule in firewalld
    firewalld:
      state: enabled
      rich_rule: rule family=ipv4 forward-port port=80 protocol=tcp to-port=8080
      zone: public
      permanent: true
      immediate: true
    become: yes
[root@localhost ~]# ansible-playbook /tmp/foo.yml
 [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'


PLAY [test] ************************************************************************************************************************************************************************************************

TASK [ensure forwarding rule in firewalld] *****************************************************************************************************************************************************************
changed: [localhost]

PLAY RECAP *************************************************************************************************************************************************************************************************
localhost                  : ok=1    changed=1    unreachable=0    failed=0   

[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# sed -i 's/enabled/disabled/g' /tmp/foo.yml 
[root@localhost ~]# ansible-playbook /tmp/foo.yml
 [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'


PLAY [test] ************************************************************************************************************************************************************************************************

TASK [ensure forwarding rule in firewalld] *****************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "ERROR: Exception caught: org.fedoraproject.FirewallD1.Exception: %x format: a number is required, not NoneType Permanent and Non-Permanent(immediate) operation"}
	to retry, use: --limit @/tmp/foo.retry

PLAY RECAP *************************************************************************************************************************************************************************************************
localhost                  : ok=0    changed=0    unreachable=0    failed=1   

Thank you!

juame commented Oct 1, 2018

@maxamillion sorry for the delay. Here a full example:

[root@localhost ~]# cat /tmp/foo.yml 
- name: test
  hosts: localhost
  gather_facts: False
  tasks:
  - name: ensure forwarding rule in firewalld
    firewalld:
      state: enabled
      rich_rule: rule family=ipv4 forward-port port=80 protocol=tcp to-port=8080
      zone: public
      permanent: true
      immediate: true
    become: yes
[root@localhost ~]# ansible-playbook /tmp/foo.yml
 [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'


PLAY [test] ************************************************************************************************************************************************************************************************

TASK [ensure forwarding rule in firewalld] *****************************************************************************************************************************************************************
changed: [localhost]

PLAY RECAP *************************************************************************************************************************************************************************************************
localhost                  : ok=1    changed=1    unreachable=0    failed=0   

[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# sed -i 's/enabled/disabled/g' /tmp/foo.yml 
[root@localhost ~]# ansible-playbook /tmp/foo.yml
 [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'


PLAY [test] ************************************************************************************************************************************************************************************************

TASK [ensure forwarding rule in firewalld] *****************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "ERROR: Exception caught: org.fedoraproject.FirewallD1.Exception: %x format: a number is required, not NoneType Permanent and Non-Permanent(immediate) operation"}
	to retry, use: --limit @/tmp/foo.retry

PLAY RECAP *************************************************************************************************************************************************************************************************
localhost                  : ok=0    changed=0    unreachable=0    failed=1   

Thank you!

@maxamillion

This comment has been minimized.

Show comment
Hide comment
@maxamillion

maxamillion Oct 9, 2018

Contributor

@juame confirmed, thank you. Fun fact, this isn't an issue with versions of firewalld in Fedora but only in RHEL/CentOS 7 :)

Contributor

maxamillion commented Oct 9, 2018

@juame confirmed, thank you. Fun fact, this isn't an issue with versions of firewalld in Fedora but only in RHEL/CentOS 7 :)

@maxamillion

This comment has been minimized.

Show comment
Hide comment
@maxamillion

maxamillion Oct 9, 2018

Contributor

@juame this appears to be a RHEL7 bug. I've filed it upstream: https://bugzilla.redhat.com/show_bug.cgi?id=1637675

I'm going to close this issue but feel free to reopen it if there's something else we can address from the Ansible side of the issue. Thanks!

Contributor

maxamillion commented Oct 9, 2018

@juame this appears to be a RHEL7 bug. I've filed it upstream: https://bugzilla.redhat.com/show_bug.cgi?id=1637675

I'm going to close this issue but feel free to reopen it if there's something else we can address from the Ansible side of the issue. Thanks!

@maxamillion maxamillion closed this Oct 9, 2018

@maxamillion maxamillion reopened this Oct 12, 2018

@maxamillion

This comment has been minimized.

Show comment
Hide comment
@maxamillion

maxamillion Oct 12, 2018

Contributor

@juame this is super weird, I can't reproduce the issue as of this morning (I was following up on the bugzilla issue I filed). Are you able to reproduce after a yum update on the machine?

$ ansible-playbook /tmp/firewall.yml -i ~/inventory

PLAY [test] *************************************************************************

TASK [ensure forwarding rule in firewalld] ******************************************
changed: [35.226.217.26]
changed: [centos@ec2-34-201-29-246.compute-1.amazonaws.com]

TASK [ensure forwarding rule in firewalld again] ************************************
ok: [35.226.217.26]
ok: [centos@ec2-34-201-29-246.compute-1.amazonaws.com]

TASK [disable forwarding rule in firewalld] *****************************************
changed: [35.226.217.26]
changed: [centos@ec2-34-201-29-246.compute-1.amazonaws.com]

PLAY RECAP **************************************************************************
35.226.217.26              : ok=3    changed=2    unreachable=0    failed=0
centos@ec2-34-201-29-246.compute-1.amazonaws.com : ok=3    changed=2    unreachable=0    failed=0

$ cat /tmp/firewall.yml
- name: test
  hosts: el7
  become: true
  gather_facts: False
  tasks:
  - name: ensure forwarding rule in firewalld
    firewalld:
      state: enabled
      rich_rule: rule family=ipv4 forward-port port=80 protocol=tcp to-port=8080
      zone: public
      permanent: true
      immediate: true
  - name: ensure forwarding rule in firewalld again
    firewalld:
      state: enabled
      rich_rule: rule family=ipv4 forward-port port=80 protocol=tcp to-port=8080
      zone: public
      permanent: true
      immediate: true
  - name: disable forwarding rule in firewalld
    firewalld:
      state: disabled
      rich_rule: rule family=ipv4 forward-port port=80 protocol=tcp to-port=8080
      zone: public
      permanent: true
      immediate: true

needs_info

Contributor

maxamillion commented Oct 12, 2018

@juame this is super weird, I can't reproduce the issue as of this morning (I was following up on the bugzilla issue I filed). Are you able to reproduce after a yum update on the machine?

$ ansible-playbook /tmp/firewall.yml -i ~/inventory

PLAY [test] *************************************************************************

TASK [ensure forwarding rule in firewalld] ******************************************
changed: [35.226.217.26]
changed: [centos@ec2-34-201-29-246.compute-1.amazonaws.com]

TASK [ensure forwarding rule in firewalld again] ************************************
ok: [35.226.217.26]
ok: [centos@ec2-34-201-29-246.compute-1.amazonaws.com]

TASK [disable forwarding rule in firewalld] *****************************************
changed: [35.226.217.26]
changed: [centos@ec2-34-201-29-246.compute-1.amazonaws.com]

PLAY RECAP **************************************************************************
35.226.217.26              : ok=3    changed=2    unreachable=0    failed=0
centos@ec2-34-201-29-246.compute-1.amazonaws.com : ok=3    changed=2    unreachable=0    failed=0

$ cat /tmp/firewall.yml
- name: test
  hosts: el7
  become: true
  gather_facts: False
  tasks:
  - name: ensure forwarding rule in firewalld
    firewalld:
      state: enabled
      rich_rule: rule family=ipv4 forward-port port=80 protocol=tcp to-port=8080
      zone: public
      permanent: true
      immediate: true
  - name: ensure forwarding rule in firewalld again
    firewalld:
      state: enabled
      rich_rule: rule family=ipv4 forward-port port=80 protocol=tcp to-port=8080
      zone: public
      permanent: true
      immediate: true
  - name: disable forwarding rule in firewalld
    firewalld:
      state: disabled
      rich_rule: rule family=ipv4 forward-port port=80 protocol=tcp to-port=8080
      zone: public
      permanent: true
      immediate: true

needs_info

@juame

This comment has been minimized.

Show comment
Hide comment
@juame

juame Oct 12, 2018

@maxamillion thanks for your effort! I tested it last time with a vagrant box. I have no GCP or AWS account, sorry.

A bit off-topic but here's my Vagrantfile:

# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure("2") do |config|
  config.vm.box = "centos/7"
  config.vm.provision "shell", inline: <<-SHELL
    yum install -y epel-release vim net-tools
    yum update -y
    yum install -y ansible
    systemctl restart sshd
  SHELL
end

Issue:

goofy:firewalld julian$ vagrant box update
==> default: Checking for updates to 'centos/7'
    default: Latest installed version: 1804.02
    default: Version constraints: 
    default: Provider: virtualbox
==> default: Updating 'centos/7' with provider 'virtualbox' from version
==> default: '1804.02' to '1809.01'...
==> default: Loading metadata for box 'https://vagrantcloud.com/centos/7'
==> default: Adding box 'centos/7' (v1809.01) for provider: virtualbox
    default: Downloading: https://vagrantcloud.com/centos/boxes/7/versions/1809.01/providers/virtualbox.box
...
goofy:firewalld julian$ vagrant up
goofy:firewalld julian$ vagrant ssh
[vagrant@localhost ~]$ sudo su -
[root@localhost ~]# systemctl start firewalld
[root@localhost ~]# cat /etc/redhat-release 
CentOS Linux release 7.5.1804 (Core)
[root@localhost ~]# cat /tmp/foo.yml
- name: test
  hosts: localhost
  gather_facts: False
  tasks:
  - name: ensure forwarding rule in firewalld
    firewalld:
      state: enabled
      rich_rule: rule family=ipv4 forward-port port=80 protocol=tcp to-port=8080
      zone: public
      permanent: true
      immediate: true
    become: yes
[root@localhost ~]# ansible-playbook /tmp/foo.yml
 [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'


PLAY [test] *************************************************************************************************************************************************************

TASK [ensure forwarding rule in firewalld] ******************************************************************************************************************************
changed: [localhost]

PLAY RECAP **************************************************************************************************************************************************************
localhost                  : ok=1    changed=1    unreachable=0    failed=0   

[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# sed -i 's/enabled/disabled/g' /tmp/foo.yml 
[root@localhost ~]# ansible-playbook /tmp/foo.yml
 [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'


PLAY [test] *************************************************************************************************************************************************************

TASK [ensure forwarding rule in firewalld] ******************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "ERROR: Exception caught: org.fedoraproject.FirewallD1.Exception: %x format: a number is required, not NoneType Permanent and Non-Permanent(immediate) operation"}
	to retry, use: --limit @/tmp/foo.retry

PLAY RECAP **************************************************************************************************************************************************************
localhost                  : ok=0    changed=0    unreachable=0    failed=1   

[root@localhost ~]# firewall-cmd --version
0.4.4.4
[root@localhost ~]# rpm -q firewalld
firewalld-0.4.4.4-15.el7_5.noarch
[root@localhost ~]# rpm -q ansible
ansible-2.6.5-1.el7.noarch
[root@localhost ~]# ansible --version
ansible 2.6.5
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /bin/ansible
  python version = 2.7.5 (default, Jul 13 2018, 13:06:57) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]

juame commented Oct 12, 2018

@maxamillion thanks for your effort! I tested it last time with a vagrant box. I have no GCP or AWS account, sorry.

A bit off-topic but here's my Vagrantfile:

# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure("2") do |config|
  config.vm.box = "centos/7"
  config.vm.provision "shell", inline: <<-SHELL
    yum install -y epel-release vim net-tools
    yum update -y
    yum install -y ansible
    systemctl restart sshd
  SHELL
end

Issue:

goofy:firewalld julian$ vagrant box update
==> default: Checking for updates to 'centos/7'
    default: Latest installed version: 1804.02
    default: Version constraints: 
    default: Provider: virtualbox
==> default: Updating 'centos/7' with provider 'virtualbox' from version
==> default: '1804.02' to '1809.01'...
==> default: Loading metadata for box 'https://vagrantcloud.com/centos/7'
==> default: Adding box 'centos/7' (v1809.01) for provider: virtualbox
    default: Downloading: https://vagrantcloud.com/centos/boxes/7/versions/1809.01/providers/virtualbox.box
...
goofy:firewalld julian$ vagrant up
goofy:firewalld julian$ vagrant ssh
[vagrant@localhost ~]$ sudo su -
[root@localhost ~]# systemctl start firewalld
[root@localhost ~]# cat /etc/redhat-release 
CentOS Linux release 7.5.1804 (Core)
[root@localhost ~]# cat /tmp/foo.yml
- name: test
  hosts: localhost
  gather_facts: False
  tasks:
  - name: ensure forwarding rule in firewalld
    firewalld:
      state: enabled
      rich_rule: rule family=ipv4 forward-port port=80 protocol=tcp to-port=8080
      zone: public
      permanent: true
      immediate: true
    become: yes
[root@localhost ~]# ansible-playbook /tmp/foo.yml
 [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'


PLAY [test] *************************************************************************************************************************************************************

TASK [ensure forwarding rule in firewalld] ******************************************************************************************************************************
changed: [localhost]

PLAY RECAP **************************************************************************************************************************************************************
localhost                  : ok=1    changed=1    unreachable=0    failed=0   

[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# sed -i 's/enabled/disabled/g' /tmp/foo.yml 
[root@localhost ~]# ansible-playbook /tmp/foo.yml
 [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'


PLAY [test] *************************************************************************************************************************************************************

TASK [ensure forwarding rule in firewalld] ******************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "ERROR: Exception caught: org.fedoraproject.FirewallD1.Exception: %x format: a number is required, not NoneType Permanent and Non-Permanent(immediate) operation"}
	to retry, use: --limit @/tmp/foo.retry

PLAY RECAP **************************************************************************************************************************************************************
localhost                  : ok=0    changed=0    unreachable=0    failed=1   

[root@localhost ~]# firewall-cmd --version
0.4.4.4
[root@localhost ~]# rpm -q firewalld
firewalld-0.4.4.4-15.el7_5.noarch
[root@localhost ~]# rpm -q ansible
ansible-2.6.5-1.el7.noarch
[root@localhost ~]# ansible --version
ansible 2.6.5
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /bin/ansible
  python version = 2.7.5 (default, Jul 13 2018, 13:06:57) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
@maxamillion

This comment has been minimized.

Show comment
Hide comment
@maxamillion

maxamillion Oct 12, 2018

Contributor

@juame just out of curiosity, before you run the ansible-playbook /tmp/foo.yml command can you do a yum -y update ... I'm wondering if this is recent fix because I'm not able to reproduce it anymore on any of my machines that are fully updated but I could on Monday.

Contributor

maxamillion commented Oct 12, 2018

@juame just out of curiosity, before you run the ansible-playbook /tmp/foo.yml command can you do a yum -y update ... I'm wondering if this is recent fix because I'm not able to reproduce it anymore on any of my machines that are fully updated but I could on Monday.

@juame

This comment has been minimized.

Show comment
Hide comment
@juame

juame Oct 12, 2018

@maxamillion the vagrantfile contains yum update ;-)

[root@localhost ~]# yum -y update
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.switch.ch
 * epel: mirror.switch.ch
 * extras: mirror.switch.ch
 * updates: mirror.switch.ch
No packages marked for update

juame commented Oct 12, 2018

@maxamillion the vagrantfile contains yum update ;-)

[root@localhost ~]# yum -y update
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.switch.ch
 * epel: mirror.switch.ch
 * extras: mirror.switch.ch
 * updates: mirror.switch.ch
No packages marked for update
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment