8a07431bf8
Updat ZoneTransaction to support operations when firewalld is offline SUMMARY Fixes #398 by checking the flag self.fw_offline and calling the offline specific APIs when the flag is true. ISSUE TYPE Bugfix Pull Request COMPONENT NAME ansible.posix.firewalld ADDITIONAL INFORMATION When attempting to add or remove zones, the ansible.posix.firewalld module would always call APIs as if it was online. Specifically, the ZoneTransaction class assumed that self.fw was a FirewallClient, but when the daemon is offline, it is instead either a Firewall or Firewall_test based on the version of firewalld installed. See #398 for additional background. Sample task - name: 'Zone example - Create new zone' ansible.posix.firewalld: zone: "example" state: "present" permanent: Yes Before The full traceback is: File "/tmp/ansible_ansible.posix.firewalld_payload_04lptorx/ansible_ansible.posix.firewalld_payload.zip/ansible_collections/ansible/posix/plugins/module_utils/firewalld.py", line 111, in action_handler return action_func(*action_func_args) File "/tmp/ansible_ansible.posix.firewalld_payload_04lptorx/ansible_ansible.posix.firewalld_payload.zip/ansible_collections/ansible/posix/plugins/modules/firewalld.py", line 678, in get_enabled_permanent fatal: [boot]: FAILED! => { "changed": false, "invocation": { "module_args": { "icmp_block": null, "icmp_block_inversion": null, "immediate": false, "interface": null, "masquerade": null, "offline": null, "permanent": true, "port": null, "port_forward": null, "rich_rule": null, "service": null, "source": null, "state": "present", "target": null, "timeout": 0, "zone": "example" } }, "msg": "ERROR: Exception caught: 'FirewallConfig' object is not callable" } After changed: [boot] => { "changed": true, "invocation": { "module_args": { "icmp_block": null, "icmp_block_inversion": null, "immediate": false, "interface": null, "masquerade": null, "offline": null, "permanent": true, "port": null, "port_forward": null, "rich_rule": null, "service": null, "source": null, "state": "present", "target": null, "timeout": 0, "zone": "example" } }, "msg": "Permanent operation, Added zone example, Changed zone example to present, (offline operation: only on-disk configs were altered)" Reviewed-by: Gonéri Le Bouder <goneri@lebouder.net> |
||
|---|---|---|
| .azure-pipelines | ||
| .github | ||
| changelogs | ||
| docs | ||
| hacking | ||
| meta | ||
| plugins | ||
| tests | ||
| .gitignore | ||
| bindep.txt | ||
| CHANGELOG.rst | ||
| codecov.yml | ||
| COPYING | ||
| galaxy.yml | ||
| PSF-license.txt | ||
| README.md | ||
| requirements.txt | ||
| shippable.yml | ||
| test-requirements.txt | ||
ansible.posix
An Ansible Collection of modules and plugins that target POSIX UNIX/Linux and derivative Operating Systems.
Supported Versions of Ansible
Ansible version compatibility
This collection has been tested against following Ansible versions: >=2.9.
For collections that support Ansible 2.9, please ensure you update your network_os to use the
fully qualified collection name (for example, cisco.ios.ios).
Plugins and modules within a collection may be tested with only specific Ansible versions.
A collection may contain metadata that identifies these versions.
PEP440 is the schema used to describe the versions of Ansible.
Included content
Modules
| Name | Description |
|---|---|
| ansible.posix.acl | Set and retrieve file ACL information. |
| ansible.posix.at | Schedule the execution of a command or script file via the at command |
| ansible.posix.authorized_key | Adds or removes an SSH authorized key |
| ansible.posix.firewalld | Manage arbitrary ports/services with firewalld |
| ansible.posix.firewalld_info | Gather information about firewalld |
| ansible.posix.mount | Control active and configured mount points |
| ansible.posix.patch | Apply patch files using the GNU patch tool |
| ansible.posix.seboolean | Toggles SELinux booleans |
| ansible.posix.selinux | Change policy and state of SELinux |
| ansible.posix.synchronize | A wrapper around rsync to make common tasks in your playbooks quick and easy |
| ansible.posix.sysctl | Manage entries in sysctl.conf. |
Installing this collection
You can install the ansible.posix collection with the Ansible Galaxy CLI:
ansible-galaxy collection install ansible.posix
You can also include it in a requirements.yml file and install it with ansible-galaxy collection install -r requirements.yml, using the format:
---
collections:
- name: ansible.posix
Using this collection
See Ansible Using collections for more details.
NOTE: For Ansible 2.9, you may not see deprecation warnings when you run your playbooks with this collection. Use this documentation to track when a module is deprecated.
Contributing to this collection
We welcome community contributions to this collection. See Contributing to Ansible-maintained collections for complete details.
Code of Conduct
This collection follows the Ansible project's Code of Conduct. Please read and familiarize yourself with this document.
Release notes
See changelog for more details.
External requirements
None
Tested with Ansible
- ansible-core 2.14 (devel)
- ansible-core 2.13 (stable)
- ansible-core 2.12 (stable)
- ansible-core 2.11 (stable)
- ansible-base 2.10 (stable)
- ansible 2.9 (stable)
Roadmap
More information
- Ansible Collection overview
- Ansible User guide
- Ansible Developer guide
- Ansible Community code of conduct
Licensing
GNU General Public License v3.0 or later.
See COPYING to see the full text.