Ansible UFW module: inaccurate documentation?

575 views
Skip to first unread message

Lars Sommer

unread,
Jul 30, 2014, 6:48:29 PM7/30/14
to ansible...@googlegroups.com
Having a hell of a time getting UFW to play nicely. Here's what I've got:

Each role (in this case the role is "common", part of our baseline role) has a ufw.yml task file that gets imported to main.yml:

---
- name: Configure UFW for baseline access
  ufw:
    rule=allow
    from_ip={{ item.ip }}
    to_port={{ item.port }}
    state=enabled
  with_items:
    - { ip: "10.0.0.0/8", port: "any" }
    - { ip: "172.16.0.0/12", port: "any" }
    - { ip: "192.168.0.0/16", port: "any" }
    - { ip: bellevue_office_ip, port: "any" }
  sudo: yes

Now there's two problems- 
For the with_items entries that have a non-variable value for ip, those lines return "Error: Could not find protocol" 
For the line that uses the bellevue_office_ip variable, that line returns: "Error: Bad source address"

My confusion is that the protocol parameter shouldn't be mandatory according to the UFW docs page: http://docs.ansible.com/ufw_module.html and that I should be able to use variables in this manner according to the Loops page: http://docs.ansible.com/playbooks_loops.html

What am I missing? I can probably get away from trying to use variables in the with_items loop but boy I'd sure love to use it. The protocol thing though I have no idea, I don't know why that'd be choking me up.

Thanks for any help,
Lars

Michael DeHaan

unread,
Jul 31, 2014, 4:47:36 PM7/31/14
to ansible...@googlegroups.com
With regards to the variable question:

  with_items:
    - { ip: "10.0.0.0/8", port: "any" }
    - { ip: "172.16.0.0/12", port: "any" }
    - { ip: "192.168.0.0/16", port: "any" }
    - { ip: "{{ bellevue_office_ip }}", port: "any" }

Can you include the full output from the part about the protocol error?




--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/0e2962f5-9497-4c89-af81-2d3f49baf06b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Daniel Pool

unread,
Jul 7, 2016, 4:47:12 PM7/7/16
to Ansible Project
Realising that by posting I'm very much raising a zombie, but it's also the first hit on google when searching for the term "ufw Could not find protocol", and it's unsolved; an internet pet peeve of mine.

I've had a similar instance of this error today; it stems from the fact that you can't use the keyword 'any' for the to_port or from_port parameters, it appears the only acceptable values are integers.
Reply all
Reply to author
Forward
0 new messages