Awall activate hangs
21 views
Skip to first unread message
Andrew Duty
Mar 24, 2020, 11:38:29 PM3/24/20
to Ansible Project
I suspect I am missing something simple, but when I try to use the awall module to establish firewall rules on Alpine Linux, ansible hangs on the awall activate task, even though allowing ssh is one of the rules I active. If I ssh to the machine before running the task, the connection remains intact, and I can establish new ssh connections as expected. It is only the ansible connection that seems to get interrupted, but it does successfully populate iptables rules via awall. Furthermore, I do not see the ansible activate task in /var/log/messages. I'm guessing this is because the ssh connection gets broken by the firewall. I am using ansible 2.9.6 and awall 1.7.1-r0, and Alpine Linux 3.11.3 (will try on 3.11.5 soon). Is this just an unavoidable limitation due to the way awall activates, making it impossible to use ansible to configure awall from the ground up?
Dick Visser
Mar 25, 2020, 1:31:11 AM3/25/20
to ansible...@googlegroups.com
Thanks for using ansible. To answer your question more information is needed.
- Which commands did you run, and what actual output did you get (copied as plain text - not as screenshots, images, or other binary attachments).
- What do the relevant inventory/tasks/playbooks/code/variables look like.
- The output of ‘ansible --version’
On Wed, 25 Mar 2020 at 04:38, Andrew Duty <andrew....@gmail.com> wrote:
I suspect I am missing something simple, but when I try to use the awall module to establish firewall rules on Alpine Linux, ansible hangs on the awall activate task, even though allowing ssh is one of the rules I active. If I ssh to the machine before running the task, the connection remains intact, and I can establish new ssh connections as expected. It is only the ansible connection that seems to get interrupted, but it does successfully populate iptables rules via awall. Furthermore, I do not see the ansible activate task in /var/log/messages. I'm guessing this is because the ssh connection gets broken by the firewall. I am using ansible 2.9.6 and awall 1.7.1-r0, and Alpine Linux 3.11.3 (will try on 3.11.5 soon). Is this just an unavoidable limitation due to the way awall activates, making it impossible to use ansible to configure awall from the ground up?
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/cfaaed80-323b-494a-aa2d-4b176a02daf7%40googlegroups.com.
Sent from a mobile device - please excuse the brevity, spelling and punctuation.
Andrew Duty
Mar 25, 2020, 12:20:50 PM3/25/20
to Ansible Project
$ ansible --version
ansible 2.9.6
config file = ~/repos/ansible/ansible.cfg
configured module search path = ['~/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = ~/.local/lib/python3.7/site-packages/ansible
executable location = ~/.local/bin/ansible
python version = 3.7.3 (default, Dec 20 2019, 18:57:59) [GCC 8.3.0]
Here is the playbook:
---
- hosts: vpn
become: yes
become_method: sudo
become_user: root
roles:
- vpn-alpine
- hosts: vpn
become: yes
become_method: sudo
become_user: root
roles:
- vpn-alpine
Here is the relevant part of my role:
- name: Activate awall rules
awall:
activate: yes
tags: awall-activate
awall:
activate: yes
tags: awall-activate
$ ansible-playbook -vvvv -t awall-activate -K playbooks/openvpn.yml
TASK [vpn-alpine : Activate awall rules] ***************************************************************************************************************************************************
task path: ~/repos/ansible/roles/vpn-alpine/tasks/awall.yml:85
Wednesday 25 March 2020 09:43:30 -0600 (0:00:02.577) 0:00:02.653 *******
Using module file ~/.local/lib/python3.7/site-packages/ansible/modules/system/awall.py
Pipelining is enabled.
<192.168.XXX.XXX> ESTABLISH SSH CONNECTION FOR USER: None
<192.168.XXX.XXX> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=~/.ansible/cp/fbbc1c5955 192.168.XXX.XXX '/bin/sh -c '"'"'sudo -H -S -p "[sudo via ansible, key=XXXXXXXXXXXXXXXXXXXXXXX] password:" -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-XXXXXXXXXXXXXXXXXXXXXXX ; /usr/bin/python3'"'"'"'"'"'"'"'"' && sleep 0'"'"''
Escalation succeeded
task path: ~/repos/ansible/roles/vpn-alpine/tasks/awall.yml:85
Wednesday 25 March 2020 09:43:30 -0600 (0:00:02.577) 0:00:02.653 *******
Using module file ~/.local/lib/python3.7/site-packages/ansible/modules/system/awall.py
Pipelining is enabled.
<192.168.XXX.XXX> ESTABLISH SSH CONNECTION FOR USER: None
<192.168.XXX.XXX> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=~/.ansible/cp/fbbc1c5955 192.168.XXX.XXX '/bin/sh -c '"'"'sudo -H -S -p "[sudo via ansible, key=XXXXXXXXXXXXXXXXXXXXXXX] password:" -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-XXXXXXXXXXXXXXXXXXXXXXX ; /usr/bin/python3'"'"'"'"'"'"'"'"' && sleep 0'"'"''
Escalation succeeded
Reply all
Reply to author
Forward
0 new messages