Chapter 3 - Possible Firewall configuration issue

Question

Chapter 3 - Possible Firewall configuration issue

wmbell65 opened this issue 9 months ago · 0 comments

Host configuration

Command host: RHEL 9..5 (Plow)
Ansible version: 2.14.17

Section: Configure the Database servers

The following commands fail:

ansible db -b -m firewalld -a "zone=database state=present permanent=yes"
ansible db -b -m firewalld -a "source=192.168.56.0/24 zone=database state=enabled permanent=yes"
ansible db -b -m firewalld -a "port=3306/tcp zone=database state=enabled permanent=yes"

The error message:

192.168.56.6 | FAILED! => {
    "msg": "The module firewalld was redirected to ansible.posix.firewalld, which could not be loaded."
}

To make the example code work, the ansible.posix collection is required. The collection is not supported until Ansible 2.15, but the default yum install of ansible-core installs 2.14. Newer versions can be downloaded from the Ansible community site and installed manually.

Workaround:
Modify the ansible commands as follows:

ansible db -b -a "firewall-cmd --new-zone=database --permanent"
ansible db -b -a "firewall-cmd --add-source=192.168.65.0/24 --zone=database --permanent"
ansible db -b -a "firewall-cmd --add-port=3306/tcp --zone=database --permanent"
ansible db -b -a "firewall-cmd --add-port=22/tcp --zone=database --permanent"
ansible db -b -a "firewall-cmd --set-default-zone=database"
ansible db -b -a "firewall-cmd --reload"

Note that port 22 for ssh needs to be opened in the database zone in order for vagrant ssh to be able to reconnect