linux-system-roles / firewall Goto Github PK
View Code? Open in Web Editor NEWConfigure firewalld and system-config-firewall
Home Page: https://linux-system-roles.github.io/firewall/
License: GNU General Public License v2.0
Configure firewalld and system-config-firewall
Home Page: https://linux-system-roles.github.io/firewall/
License: GNU General Public License v2.0
What happened:
TASK [linux-system-roles.firewall : Configure firewall] ************************
failed: [192.168.88.100] (item={'detailed': True}) => {"ansible_loop_var": "item", "changed": false, "item": {"detailed": true}, "msg": "One of service, port, source_port, forward_port, masquerade, rich_rule, source, interface, icmp_block, icmp_block_inversion, target, zone or set_default_zone needs to be set"}
What you expected to happen:
To get a detailed view of my firewall facts
How to reproduce it (as minimally and precisely as possible):
- name: Test tangd_custom_port
hosts: 192.168.88.100
vars:
firewall:
detailed: true
tasks:
- name: get firewall info
import_role:
name: linux-system-roles.firewall
Anything else we need to know?:
Environment:
dnf info firewalld
or commit hash if developing from git git log -n1 --format=format:"%H"
): firewalld-1.0.5-2.fc35.src.rpmcat /etc/firewalld/firewalld.conf | grep FirewallBackend
): FirewallBackend= nftablesansible --version
): ansible [core 2.12.7]ansible-galaxy list | grep linux-system-roles.firewall
or commit hash if developing from gitgit log -n1 --format=format:"%H"
): linux-system-roles-1.20.2-1.fc35.noarch - linux-system-roles.firewall, (unknown version)cat /etc/os-release
): Fedora Linux 35 (KDE Plasma)fatal: [/cache/Fedora-Cloud-Base-28-1.1.x86_64.qcow2]: FAILED! => {"changed": false, "failed": true, "msg": "No package python-firewall available."}
to retry, use: --limit @/tmp/tmp84e78tme/tests/tests_default.retry
The package might only be available for python3 there iirc. See PR #1
As part of the conscious language project, the master branch is to be renamed to the main branch.
Here are the instructions.
If you use the gh cli (highly recommended) you can use this to check which repos need to be updated:
gh repo list linux-system-roles -L 100 --json name,defaultBranchRef --source | \
jq --raw-output '.[] | select(.defaultBranchRef.name == "master") | .name'
Thanks.
What happened:
I am running this playbook on a latest RHEL 8.6 image:
- hosts: localhost
vars:
# Variables to open the probe port configured in Azure in firewall
firewall:
- port: 59999/tcp
state: enabled
permanent: true
runtime: true
roles:
- fedora.linux_system_roles.firewall
This results in an error:
TASK [fedora.linux_system_roles.firewall : Configure firewall] *******************************************************************************************************************************
failed: [localhost] (item={'port': '59999/tcp', 'state': 'enabled', 'permanent': True, 'runtime': True}) => {"ansible_loop_var": "item", "changed": false, "item": {"permanent": true, "port": "59999/tcp", "runtime": true, "state": "enabled"}, "msg": "No firewall backend could be imported."}
What you expected to happen:
Port 59999/tcp to be enabled
How to reproduce it (as minimally and precisely as possible):
dnf install ansible-core -y
ansible-galaxy collection install fedora.linux_system_roles
playbook.yml
with the above playbook.ansible-playbook playbook.yml
Anything else we need to know?:
I tested this against RHEL 8.7 composes too. There tried both with fedora.linux_system_roles.firewall
and redhat.rhel_system_roles.firewall
- same error.
Environment:
dnf info firewalld
or commit hash if developing from git git log -n1 --format=format:"%H"
):
cat /etc/firewalld/firewalld.conf | grep FirewallBackend
):
ansible --version
)
ansible-galaxy list | grep linux-system-roles.firewall
or commit hash if developing from gitgit log -n1 --format=format:"%H"
):
cat /etc/os-release
):
What would you like to be added:
I would like to add and modify policies in the same way services are modified.
firewall:
- policy: test
priority: -15000
target: CONTINUE
ingress-zones: eth1
egress-zones: eth2
state: present
permanent: true
See also: https://firewalld.org/2020/09/policy-objects-introduction
I am trying to place a snmp request from a server and I receive a snmp response from a client IP say "a.b.c.d". But my firewall is blocking that response from a.b.c.d IP it seems. snmp service uses the udp port 161 which I added already to allow this port in firewall rules.
What is happening:
When I place snmp request from a server to test.com, I am getting => Timeout: No Response from test.com
When I take tcpdump logs in server, I could see the response coming in to the server from test.com
But when I stop the firewall service, I can see the snmp response. When firewall is running, I get "Timeout No response".
What could be the issue in my firewall and how can I find/solve this? It would be really helpful if someone helps me with this. Thanks in advance!
What would you like to be added:
Implement Ansible Facts for the Firewall System Role.
Why is this needed:
This feature is needed to provide users information regarding the remote systems that they are connected with using the Firewall System Role.
What would you like to be added:
Need the ability to add/remove an interface by PCI device ID to a zone.
What would you like to be added:
Overwriting of changed directives in /etc/firewalld.conf, instead of deleting firewalld.conf if it is different from the default configuration file.
Why is this needed:
When /etc/firewalld.conf is deleted, comments describing its directives are also removed (see issue #127).
What would you like to be added:
The firewall
variable is not ansible-lint compliant:
- name: Test
hosts: localhost
tasks:
- name: Configure Firewall for Web Console
ansible.builtin.include_role:
name: linux_system_roles.firewall
vars:
firewall:
service: cockpit
state: enabled
~/.local/bin/ansible-lint test.yml
WARNING Listing 1 violation(s) that are fatal
var-naming[no-role-prefix]: Variables names from within roles should use firewall_ as a prefix. (vars: firewall)
test.yml:10 Task/Handler: Configure Firewall for Web ConsoleRead documentation for instructions on how to ignore specific rule violations.
Rule Violation Summary
count tag profile rule associated tags
1 var-naming[no-role-prefix] basic idiomFailed: 1 failure(s), 0 warning(s) on 1 files. Last profile that met the validation criteria was 'min'.
~/.local/bin/ansible-lint --version
ansible-lint 24.2.0 using ansible-core:2.16.2 ansible-compat:4.1.11 ruamel-yaml:0.18.6 ruamel-yaml-clib:0.2.8
Why is this needed:
Other roles in the collection seems to be compliant with ansible-lint, this makes the behaviour consistent. And it makes user's life easier.
A check expects the firewalld network manager library to always be loaded. This check fails and causes the module to error out when trying to configure iptables on a host.
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: NameError: global name 'nm_is_imported' is not defined
failed: [dso_fire_001] (item={'service': ['ssh', 'http', 'https'], 'state': 'enabled'}) => {"ansible_loop_var": "item", "changed": false, "item": {"service": ["ssh", "http", "https"], "state": "enabled"}, "module_stderr": "Shared connection to 10.254.238.16 closed.\r\n", "module_stdout": "Traceback (most recent call last):\r\n File \"/home/ansible/.ansible/tmp/ansible-tmp-1616521122.719339-79209-241942387082927/AnsiballZ_firewall_lib.py\", line 102, in <module>\r\n _ansiballz_main()\r\n File \"/home/ansible/.ansible/tmp/ansible-tmp-1616521122.719339-79209-241942387082927/AnsiballZ_firewall_lib.py\", line 94, in _ansiballz_main\r\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\r\n File \"/home/ansible/.ansible/tmp/ansible-tmp-1616521122.719339-79209-241942387082927/AnsiballZ_firewall_lib.py\", line 40, in invoke_module\r\n runpy.run_module(mod_name='ansible_collections.fedora.linux_system_roles.plugins.modules.firewall_lib', init_globals=None, run_name='__main__', alter_sys=True)\r\n File \"/usr/lib64/python2.7/runpy.py\", line 176, in run_module\r\n fname, loader, pkg_name)\r\n File \"/usr/lib64/python2.7/runpy.py\", line 82, in _run_module_code\r\n mod_name, mod_fname, mod_loader, pkg_name)\r\n File \"/usr/lib64/python2.7/runpy.py\", line 72, in _run_code\r\n exec code in run_globals\r\n File \"/tmp/ansible_fedora.linux_system_roles.firewall_lib_payload_NLafnX/ansible_fedora.linux_system_roles.firewall_lib_payload.zip/ansible_collections/fedora/linux_system_roles/plugins/modules/firewall_lib.py\", line 783, in <module>\r\n File \"/tmp/ansible_fedora.linux_system_roles.firewall_lib_payload_NLafnX/ansible_fedora.linux_system_roles.firewall_lib_payload.zip/ansible_collections/fedora/linux_system_roles/plugins/modules/firewall_lib.py\", line 420, in main\r\nNameError: global name 'nm_is_imported' is not defined\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
What happened:
In one lab from where I'm taking systems from time to time they provide RHEL8 systems with firewalld.service masked by default. Running firewall role on them fails.
Maybe this is not a bug report, maybe it is not even a feature request, but still I though I report it as capability to deal with this might add another bit of resiliency.
# systemctl status firewalld
โ firewalld.service
Loaded: masked (Reason: Unit firewalld.service is masked.)
Active: inactive (dead)
What you expected to happen:
Given firewall role decided to use firewalld as a provider, it should be able to handle this situation.
How to reproduce it (as minimally and precisely as possible):
I think having this:
# rpm -qa | grep -e iptables -e firewalld | sort
firewalld-0.9.3-13.el8.noarch
firewalld-filesystem-0.9.3-13.el8.noarch
iptables-1.8.4-22.el8.x86_64
iptables-ebtables-1.8.4-22.el8.x86_64
iptables-libs-1.8.4-22.el8.x86_64
and firewalld masked and config like this:
- role: linux-system-roles.firewall
vars:
firewall:
- service: "RH-Satellite-6"
state: enabled
Anything else we need to know?:
N/A
Environment:
# yum info firewalld
Updating Subscription Management repositories.
Satellite 6.12 RHEL8 163 kB/s | 3.0 kB 00:00
Satellite Maintenance 6.12 RHEL8 443 kB/s | 2.3 kB 00:00
Installed Packages
Name : firewalld
Version : 0.9.3
Release : 13.el8
Architecture : noarch
Size : 2.0 M
Source : firewalld-0.9.3-13.el8.src.rpm
Repository : @System
From repo : rhel-8-for-x86_64-baseos-rpms
Summary : A firewall daemon with D-Bus interface providing a dynamic
: firewall
URL : http://www.firewalld.org
License : GPLv2+
Description : firewalld is a firewall service daemon that provides a dynamic
: customizable firewall with a D-Bus interface.
# cat /etc/firewalld/firewalld.conf | grep FirewallBackend
# FirewallBackend
FirewallBackend=nftables
$ ansible --version
ansible [core 2.12.7]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/jenkins/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.10/site-packages/ansible
ansible collection location = /home/jenkins/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible
python version = 3.10.6 (main, Aug 2 2022, 00:00:00) [GCC 12.1.1 20220507 (Red Hat 12.1.1-1)]
jinja version = 3.0.3
libyaml = True
$ ansible-galaxy list | grep linux-system-roles.firewall
- linux-system-roles.firewall, 1.4.0
When using the firewall role only the firewalld service, not nftables, should be running to avoid any conflicts. While it's trivial to disable/mask nftables in a separate task it would be nice to have the role to do the same and thus avoid any risk for issues. Thanks.
When using previous: replaced
and check mode, the playbook fails with the following error:
TASK [rhel-system-roles.firewall : Calculate what has changed] ****************
Monday 26 June 2023 12:10:46 +0300 (0:00:00.104) 0:00:12.707 ***********
task path: /usr/share/ansible/roles/rhel-system-roles.firewall/tasks/main.yml:130
fatal: [192.168.122.170]: FAILED! =>
msg: |-
The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'stdout_lines'. 'dict object' has no attribute 'stdout_lines'
The error appears to be in '/usr/share/ansible/roles/rhel-system-roles.firewall/tasks/main.yml': line 130, column 7, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: Calculate what has changed
^ here
Since replacing previous rules causes firewalld restart it is not suitable for most production environments. In case not replacing previous rules the defined configuration may not be what is in use due to local changes or previous playbook runs with different configuration. An organization might be adhering to security standards that require listing or verifying that only certain ports and services are open in firewall.
There should be a way to display differences between currently defined configuation vs currently in-use configuration. Preferably this would be a configurable step during firewall configuration which would show differences as part of a playbook run after configuring firewall. This should also be doable in check mode. Alternatively, a separate playbook or at least a document example should be available to allow organizations avoid reinventing the wheel here.
Thanks.
What happened:
/etc/firewalld/firewalld.conf is resetted, and all default comment are deleted
What you expected to happen:
only parameters are modified
How to reproduce it (as minimally and precisely as possible):
---
- name: "[@@ firewalld @@]"
ansible.builtin.include_role:
name: linux-system-roles.firewall
vars:
firewall:
- previous: replaced
- zone: myownzone
state: present
- zone: myownzone
service: [ssh]
icmp_block_inversion: true
icmp_block: [ echo-reply, echo-request ]
rich_rule: rule family="ipv4" source address="192.168.1.95" service name="zabbix-agent" accept
state: enabled
target: "%%REJECT%%"
permanent: true
- set_default_zone: myownzone
permanent: true
# cat /etc/firewalld/firewalld.conf
DefaultZone=myownzone
CleanupOnExit=yes
CleanupModulesOnExit=yes
Lockdown=no
IPv6_rpfilter=yes
IndividualCalls=no
LogDenied=off
FirewallBackend=nftables
FlushAllOnReload=yes
RFC3964_IPv4=yes
AllowZoneDrifting=yes
# cat /etc/firewalld/firewalld.conf.rpmnew
# firewalld config file
# default zone
# The default zone used if an empty zone string is used.
# Default: public
DefaultZone=public
# Clean up on exit
# If set to no or false the firewall configuration will not get cleaned up
# on exit or stop of firewalld.
# Default: yes
CleanupOnExit=yes
# Clean up kernel modules on exit
# If set to yes or true the firewall related kernel modules will be
# unloaded on exit or stop of firewalld. This might attempt to unload
# modules not originally loaded by firewalld.
# Default: yes
CleanupModulesOnExit=yes
....
why don't you use something like this:
- name: "[firewalld] AllowZoneDrifting=no"
ansible.builtin.lineinfile:
path: "/etc/firewalld/firewalld.conf"
regexp: '^(AllowZoneDrifting=)(.*)'
line: 'AllowZoneDrifting=no'
insertafter: '#AllowZoneDrifting='
notify:
- reload firewalld
in the current ansible playbook, how to force AllowZoneDrifting=no?
What happened:
In my playbook firewall.yaml
I first create a http-alt
service, and then enable it in a subsequent task (I think this is the approach that must be taken? I tried to do it all in one but the role didn't seem to like that, and it seemed sensible to me.)
ansible-playbook firewall.yaml -v --check
TASK [linux-system-roles.firewall : Configure firewall] *******************************************************************************************************************************************************************************************************************
changed: [my-host] => (item={'service': 'http', 'state': 'enabled', 'zone': 'public', 'permanent': True}) => {"__firewall_changed": true, "ansible_loop_var": "item", "changed": true, "item": {"permanent": true, "service": "http", "state": "enabled", "zone": "public"}}
changed: [my-host] => (item={'service': 'http-alt', 'state': 'present', 'short': 'HTTP on alternative port', 'port': '8080/tcp', 'permanent': True}) => {"__firewall_changed": true, "ansible_loop_var": "item", "changed": true, "item": {"permanent": true, "port": "8080/tcp", "service": "http-alt", "short": "HTTP on alternative port", "state": "present"}}
failed: [my-host] (item={'service': 'http-alt', 'state': 'enabled', 'zone': 'public', 'permanent': True}) => {"ansible_loop_var": "item", "changed": false, "item": {"permanent": true, "service": "http-alt", "state": "enabled", "zone": "public"}, "msg": "INVALID_SERVICE: http-alt"}
The subsequent task fails because it does not recognise the service created in the previous task.
What you expected to happen:
The task to pass in check mode. I'd be fine even if it had something like the official Ansible documentation suggests:
ignore_errors: "{{ ansible_check_mode }}"
How to reproduce it (as minimally and precisely as possible):
With the following variables in your playbook using this role:
firewall:
- service: http-alt
state: present
short: HTTP on alternative port
port: 8080/tcp
permanent: true
- service: http-alt
state: enabled
zone: public
permanent: true
Anything else we need to know?:
Environment:
0.9.3
nftables
core 2.15.0
1.4.4
When using previous: replaced
there's a small time window when firewall is being reset and all new connections to the system are rejected. This should be at least documented if it is not feasible to avoid this as applying changes with this approach in production might cause temporary service failures during the operation. Thanks.
What happened:
State is currently mandatory even for parameters it doesn't make sense for it. For example icmp_block_inversion and masquerading and setting the default zone should not require the state being enabled but it does.
What you expected to happen:
Expectation: For example be able to write the yaml to add masquerading to zone dmz
WITHOUT having to have state to be set to enabled
How to reproduce it (as minimally and precisely as possible):
N/A
Anything else we need to know?:
N/A
As of version 1.0.1 it is possible to create a zone, however, until firewall is reloaded this zone is non-functional, so it can't be included in a dict with any rules that anticipate using it. I am anticipating that this would be remedied with the functionality of 'immediate' supplied by firewalld but perhaps not. Open to discussion!
For example, our dict might look like;
{"zone":"000_new_zone","state":"present"},{"permanent":"True","target":"ACCEPT","state":"enabled","zone":"000_new_zone"}
{"permanent":"True","source":"1.0.0.0/24","state":"enabled","zone":"000_new_zone"},{"permanent":"True","source":"2.0.0.0/28","state":"enabled","zone":"000_new_zone"}
(The excessive quotes comes from this being an array parameter from Red Hat Satellite which is running the role against target hosts)
So when the role is run, it successfully creates the zones but then will try to move through the rest of the dict and apply sources/services/whatever else to the newly created zone and fail because the zone is still invalid until the daemon is reloaded. Rerunning the role would not work as the failure results in firewall daemon never being reloaded.
So my question is, are we missing something with our intended usage here or is this missing a function such as detecting when a new zone is created and triggering a firewall-cmd --reload
before proceeding with the creation of rule sets? Right now though, the role's ability to create zones appears not to be as useful as it could be
What would you like to be added:
I could'nt come up with an easy solution for dynamically overwrite or not overwrite the whole firewall config depending on a boolean.
Why is the variable "previous: replaced" and not "overwrite_config: true|false" (or something like this).
Why is this needed:
I need an easy way to trigger the overwriting of the configuration exernally, without have to manipulate the firewall-list-of-dict.
If I understood the code, at the moment there is just filtered for "replaced" and I could not find the reason for this.
Regards
Markus
What happened:
command: ansible-galaxy role install linux-system-roles.firewall linux-system-roles.kernel_settings
[WARNING]: - linux-system-roles.firewall was NOT installed successfully: Unable
to compare role versions (0.1, 0.1.0, 0.1.1, 0.2.0, 0.2.1, 0.3.0, 1.0.0, 1.0.1,
1.0.2, 1.0.3, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.2.2, 1.3.0, 1.4.0, 1.4.1, 1.4.2,
1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.5.0, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4,
main) to determine the most recent version due to incompatible version formats.
Please contact the role author to resolve versioning conflicts, or specify an
explicit role version to install.
ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.
Starting galaxy role install process
What you expected to happen:
no error and role installed
How to reproduce it (as minimally and precisely as possible):
i think it is a major problem that is easy to reproduce with running command:
ansible-galaxy role install linux-system-roles.firewall
Anything else we need to know?:
have tested in my automated environment (gitlab ci) and locally
Environment:
like i mentioned the error comes on local command line and on an gitlab ci that was building a docker image that includes the role.
My team is looking to use this role but a necessary aspect of our setup requires us to limit source by zone, (effectively firewall-cmd --add-source)
Is this functionality a part of the roadmap?
(Alternatively, am I missing something that would allow this kind of configuration which is already in play?)
Any insight appreciated!
What would you like to be added:
I want to manage des protocols of a zone by using this role.
#> firewall-cmd --zone=block --add-protocol=ipv6-icmp
Why is this needed:
For Ipv6 I want to add ipv6-icmp in an easy way.
https://firewalld.org/documentation/zone/options.html#protocol
What would you like to be added:
I would like to run the command like "firewall-cmd --new-ipset=foobar --permanent --type=hash:ip" in a playbook rather than using a command module.
Why is this needed:
The customer requested in the technical support channel.
What happened:
forward_port
argument validation does not accept dictionary argument
What you expected to happen:
forward_port
functionality to work when using a dictionary argument instead of a string, which is the deprecated format
How to reproduce it (as minimally and precisely as possible):
firewall:
forward_port:
- port: [any port]
proto: [tcp/udp]
Anything else we need to know?:
No
We are currently using this role, and it was noted by one of our admins that firewalld entries that were made manually on a server were not clobbered by this role when run.
We would like to ensure that our firewall definitions as described in the Ansible playbook are accurate with what we would expect to find on the servers.
Is there something that I am missing? Or is this maybe on a future roadmap?
set_default_zone
is a valid option, and it's working, but it is not documented in the README.
firewall:
# Set default zone
- set_default_zone: my_zone
The test gives deprecation warnings because it uses the deprecated immediate
. We should change it to use runtime
instead.
What would you like to be added:
Ability to add user defined services using the Firewall System Role.
Why is this needed:
It's needed because user's may want to be able to add their own services rather than the set of services that Firewalld comes with in its defaults.
What happened: During the MSSQL role, it can optionally call this role to add port 1433/tcp. When adding, it returns the error: No firewall backend could be imported.
What you expected to happen: Successfully add the firewall port
How to reproduce it (as minimally and precisely as possible):
- hosts: localhost
vars:
mssql_accept_microsoft_odbc_driver_17_for_sql_server_eula: true
mssql_accept_microsoft_cli_utilities_for_sql_server_eula: true
mssql_accept_microsoft_sql_server_standard_eula: true
mssql_version: 2019
mssql_password: "<password>"
mssql_edition: Evaluation
mssql_manage_firewall: true
mssql_ad_configure: true
mssql_ad_join: false
mssql_ad_netbios_name: <domain_short>
mssql_ad_sql_user: "<sql_user>"
mssql_ad_sql_password: "<sql_password>"
ad_integration_realm: <domain_fqdn>
mssql_post_input_sql_content: |-
USE master;
IF NOT EXISTS (
SELECT name FROM sys.server_principals
WHERE name = '<user>'
)
BEGIN
PRINT 'A <user> login does not exist, creating';
CREATE LOGIN [<user>] FROM WINDOWS;
PRINT 'The <user> login created successfully';
END
ELSE
BEGIN
PRINT 'A <user> login already exists, skipping'
END
roles:
- microsoft.sql-server
Anything else we need to know?:
This was also tested using the version of rhel-system-roles.firewall that's included in the package rhel-system-roles.noarch
I also tried setting SELinux to permissive, but it did not change the error message
Environment:
Full error message:
failed: [localhost] (item={'port': '1433/tcp', 'state': 'enabled', 'permanent': True, 'runtime': True}) => {"ansible_loop_var": "item", "changed": false, "item": {"permanent": true, "port": "1433/tcp", "runtime": true, "state": "enabled"}, "msg": "No firewall backend could be imported."}
Hi
Galaxy has the last import of this role 2 yrs ago:
https://galaxy.ansible.com/linux-system-roles/firewall
Could you please update Galaxy? I had issues with the role from Galaxy and they are already fixed here in Github.
Thanks & br
Thomas
What happened:
Job synchronization to remote container fails due to symlink: firewall/tests/roles/linux-system-roles.firewall
(This is also the case for other modules like "linux-system-roles/cockpit")
What you expected to happen:
no errors when syncing the module to the execution container.
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?:
PLAY [Prepare data, dispatch job in isolated environment.] *********************
TASK [Output job the playbook is running for] **********************************
Thursday 30 December 2021 14:06:12 +0000 (0:00:00.061) 0:00:00.061 *****
ok: [awx-job-3706] => { "msg": "Checking on job 3706" }
TASK [synchronize job environment with isolated host] **************************
Thursday 30 December 2021 14:06:13 +0000 (0:00:00.154) 0:00:00.215 *****
skipping: [awx-job-3706]
TASK [synchronize job environment with remote job container] *******************
Thursday 30 December 2021 14:06:13 +0000 (0:00:00.111) 0:00:00.327 ***** ockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit") failed: Too many levels of symbolic links (40)\nrsync: readlink_stat("/tmp/bwrap_3706_44k_vvzf/awx_3706_4ugdg34u/requirements_roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall") failed: Too many levels of symbolic links (40)\ncommand terminated wifatal: [awx-job-3706]: FAILED! => {"changed": false, "cmd": "/usr/bin/rsync --delay-updates -F --compress --copy-links --archive --blocking-io --rsh=$RSH --out-format=<>%i %n%L /tmp/bwrap_3706_44k_vvzf/awx_3706_4ugdg34u awx-job-3706:/tmp/bwrap_3706_44k_vvzf", "msg": "Flag --config has been deprecated, use --kubeconfig instead\nrsync: readlink_stat("/tmp/bwrap_3706_44k_vvzf/awx_3706_4ugdg34u/requirements_roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit/tests/roles/linux-system-roles.cockpit") failed: Too many levels of symbolic links (40)\nrsync: readlink_stat("/tmp/bwrap_3706_44k_vvzf/awx_3706_4ugdg34u/requirements_roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall/tests/roles/linux-system-roles.firewall") failed: Too many levels of symbolic links (40)\ncommand terminated with exit code 23\nrsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1179) [sender=3.1.2]\n", "rc": 23} PLAY RECAP *********************************************************************
awx-job-3706 : ok=1 changed=0 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0
Environment:
ansible 2.9.17
1.0.1
RHEL 7.9
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.