Syntax error while running Firewall playbook

28 views
Skip to first unread message

Prashant Jaiswal

unread,
Dec 20, 2018, 1:41:41 AM12/20/18
to Ansible Project
Hi,

While running a playbook to enable multiple TCP & UDP ports on a remote m/c I am getting some syntax error which I can't figure it out. The error says  FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'item' is undefined\n\nThe error appears to have been in '/etc/ansible/playbooks/enable_firewall_ports.yml': line 13, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n    - name: Enable TCP and UDP ports\n      ^ here\n"}


Below is the code


---
- hosts: test
  become : True
  become_user : root
  become_method : sudo
  tasks:
    - name: Start and enable firewalld
      service:
        name: firewalld
        state: started
        enabled: yes
        
    - name: Enable TCP and UDP ports
      firewalld:
        port: '{{item.port}}/{{item.protocol}}'
        with_items:
            - { port: "5301,1302,5903,5672", protocol: tcp }
            - { port: "25238,55692", protocol: udp}
        immediate: true
        permanent: true
        state: enabled
      tags: port
      
    - name: Bounce firewalld
      service: name=firewalld state=restarted



Any suggestions ?
Message has been deleted

Tony Chia

unread,
Dec 20, 2018, 2:52:23 AM12/20/18
to Ansible Project
Hi Prashant,

It looks like your "with_items" is not lined up correctly with firewalld so the list is not passed to {{item.port}}

i.e. try this

    - name: Enable TCP and UDP ports
      firewalld:
        port: '{{item.port}}/{{item.protocol}}'
        immediate: true
        permanent: true
        state: enabled
      with_items:
          - { port: "5301,1302,5903,5672", protocol: tcp }
          - { port: "25238,55692", protocol: udp}
      tags: port

Ravi Ranjan

unread,
Dec 20, 2018, 3:32:40 AM12/20/18
to ansible...@googlegroups.com
It should be like this and it will work for sure .

 - name: Enable TCP and UDP ports
      firewalld:
        port: "{{item.port}}"/"{{item.protocol}}"
        immediate: true
        permanent: true
        state: enabled
      with_items:
          - { port: "5301,1302,5903,5672", protocol: tcp }
          - { port: "25238,55692", protocol: udp}
      tags: port

Ravi

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/6e77644f-e023-4b7e-b6aa-94ad5247caf2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Prashant Jaiswal

unread,
Dec 20, 2018, 4:28:59 AM12/20/18
to Ansible Project
Hi Tony,

That issue got fixed. Corrected the indentation. Now while running the playbook I am facing this error. Unable to pass multiple ports. Below is the error.

failed: [0.0.0.0] (item={u'protocol': u'tcp', u'port': [5301, 1302, 5903, 5672, 5672]}) => {"changed": false, "item": {"port": [5301, 1302, 5903, 5672, 5672], "protocol": "tcp"}, "msg": "ERROR: Exception caught: org.fedoraproject.FirewallD1.Exception: INVALID_PORT: '[5301, 1302, 5903, 5672, 5672]' is invalid port range Permanent and Non-Permanent(immediate) operation"}

My playbook look like this 
---
- hosts: test
  become : True
  become_user : root
  become_method : sudo
  tasks:
    - name: Start and enable firewalld
      service:
        name: firewalld
        state: started
        enabled: yes

    - name: Enable TCP and UDP ports
      firewalld:
        port: ' {{item.port}}/{{item.protocol}}'
        immediate: true
        permanent: true
        state: enabled
      with_items:
          - { port: [ 5301, 1302, 5903, 5672, 5672 ], protocol: tcp }
#          - { port: [ 25238,55692 ], protocol: udp }
      tags: port

Kai Stian Olstad

unread,
Dec 20, 2018, 9:34:20 AM12/20/18
to ansible...@googlegroups.com
On Thursday, 20 December 2018 10:28:59 CET Prashant Jaiswal wrote:
> failed: [0.0.0.0] (item={u'protocol': u'tcp', u'port': [5301, 1302, 5903,
> 5672, 5672]}) => {"changed": false, "item": {"port": [5301, 1302, 5903,
> 5672, 5672], "protocol": "tcp"}, "msg": "ERROR: Exception caught:
> org.fedoraproject.FirewallD1.Exception: INVALID_PORT: '[5301, 1302, 5903,
> 5672, 5672]' is invalid port range Permanent and Non-Permanent(immediate)
> operation"}

It says invalid port, no place in the documentation say that you can send a list in the port section.
Only individual port or range with a dash.


> My playbook look like this
> ---
> - hosts: test
> become : True
> become_user : root
> become_method : sudo
> tasks:
> - name: Start and enable firewalld
> service:
> name: firewalld
> state: started
> enabled: yes
>
> - name: Enable TCP and UDP ports
> firewalld:
> port: ' {{item.port}}/{{item.protocol}}'
> immediate: true
> permanent: true
> state: enabled
> with_items:
> - { port: [ 5301, 1302, 5903, 5672, 5672 ], protocol: tcp }
> # - { port: [ 25238,55692 ], protocol: udp }

The easiest is to just list them like so and use {{ item }} instead

with_items:
- 5301/tcp
- 1302/tcp
- 25238(udp
...
...


--
Kai Stian Olstad


Prashant Jaiswal

unread,
Dec 21, 2018, 1:59:25 AM12/21/18
to Ansible Project
Hi ,

Works now. Thank you :-)
Reply all
Reply to author
Forward
0 new messages