如何在Centos 7上使用ansible firewalld任务打开防火墙端口
我的ansible playbook脚本中有一项任务,就是在远程机器上打开TCP端口。但当我运行ansible playbook时,它抛出了一个错误。但当我运行“firewall cmd--permanent--zone=public--add port=1234/tcp”和“firewalld cmd--reload”时,我可以看到端口被添加到了公共区域中 环境 本地Ansible:OS x El Capitan Ansible remote:AWS Centos 7最低版本 Ansible版本:2.1.1.0 远程python版本:2.7.5 我的任务如何在Centos 7上使用ansible firewalld任务打开防火墙端口,centos,ansible,firewall,ansible-playbook,firewalld,Centos,Ansible,Firewall,Ansible Playbook,Firewalld,我的ansible playbook脚本中有一项任务,就是在远程机器上打开TCP端口。但当我运行ansible playbook时,它抛出了一个错误。但当我运行“firewall cmd--permanent--zone=public--add port=1234/tcp”和“firewalld cmd--reload”时,我可以看到端口被添加到了公共区域中 环境 本地Ansible:OS x El Capitan Ansible remote:AWS Centos 7最低版本 Ansible版
- name: open management console port
firewalld: port=1234/tcp zone=public permanent=true state=enabled immediate=yes
fatal: [X.X.X.X]: FAILED! => {"changed": false, "failed": true, "module_stderr": "", "module_stdout": "Traceback (most recent call last):\r\n File \"/tmp/ansible_MojhHQ/ansible_module_firewalld.py\", line 605, in <module>\r\n main()\r\n File \"/tmp/ansible_MojhHQ/ansible_module_firewalld.py\", line 456, in main\r\n is_enabled = get_port_enabled_permanent(zone, [port, protocol])\r\n File \"/tmp/ansible_MojhHQ/ansible_module_firewalld.py\", line 170, in get_port_enabled_permanent\r\n fw_zone = fw.config().getZoneByName(zone)\r\n File \"<string>\", line 2, in getZoneByName\r\n File \"/usr/lib/python2.7/site-packages/slip/dbus/polkit.py\", line 103, in _enable_proxy\r\n return func(*p, **k)\r\n File \"<string>\", line 2, in getZoneByName\r\n File \"/usr/lib/python2.7/site-packages/firewall/client.py\", line 52, in handle_exceptions\r\n return func(*args, **kwargs)\r\n File \"/usr/lib/python2.7/site-packages/firewall/client.py\", line 1505, in getZoneByName\r\n path = dbus_to_python(self.fw_config.getZoneByName(name))\r\n File \"/usr/lib64/python2.7/site-packages/dbus/proxies.py\", line 70, in __call__\r\n return self._proxy_method(*args, **keywords)\r\n File \"/usr/lib/python2.7/site-packages/slip/dbus/proxies.py\", line 50, in __call__\r\n return dbus.proxies._ProxyMethod.__call__(self, *args, **kwargs)\r\n File \"/usr/lib64/python2.7/site-packages/dbus/proxies.py\", line 145, in __call__\r\n **keywords)\r\n File \"/usr/lib64/python2.7/site-packages/dbus/connection.py\", line 651, in call_blocking\r\n message, timeout)\r\ndbus.exceptions.DBusException: org.fedoraproject.slip.dbus.service.PolKit.NotAuthorizedException.org.fedoraproject.FirewallD1.config: \r\n", "msg": "MODULE FAILURE", "parsed": false}
fatal:[X.X.X.X]:失败!=>{“changed”:false,“failed”:true,“module_stderr”:““module_stdout”:“Traceback(最近一次调用):\r\n File\”/tmp/ansible\u mojhq/ansible\u module\u firewalld.py\”,第605行,在\r\n main()文件\“/tmp/ansible\u mojhq/ansible\u firewalld.py\”,第456行,在main中\r\r\n是\r\n已启用=获得\u端口已启用\u永久(区域,[端口,协议])\r\n文件\“/tmp/ansible\u mojhq/ansible\u module\u firewalld.py\”,第170行,在getZoneByName\r\n文件\“/usr/lib/python2.7/site packages/slip/dbus/polkit.py\”,第103行,在getZoneByName\r\n返回函数(*p,**\r\n文件\)中的第2行\,第2行,在getZoneByName\r\n文件\“/usr/lib/python2.7/site packages/firewall/client.py\”,第52行,在handle_exceptions\r\n return func(*args,**kwargs)\r\n File \“/usr/lib/python2.7/site packages/firewall/client.py\”,在getZoneByName(self.fw\r\n-config.getZoneByName)文件中的第1505行\“/usr/lib64/python2.7/site packages/dbus/proxies.py\”,第70行,在调用返回self.\r\n代理方法(*args,**关键字)\r\n文件\“/usr/lib/python2.7/site packages/slip/dbus/proxies.py\”,第50行,在调用返回dbus.ProxyMethod.\r\n.\r\r\n调用返回dbus.ProxyMethod.\r\n文件(self,**args,**args)\”/usr/lib64/python2.7/site-packages/dbus/proxies.py\”,第145行,在\u-call\u\r\n**keywords)\r\n文件\“/usr/lib64/python2.7/site-packages/dbus/connection.py\“,第651行,在调用\r\n阻塞消息中,超时)\r\ndbus.exceptions.DBusException:org.fedoraproject.slip.dbus.service.PolKit.NotAuthorizedException.org.fedoraproject.FirewallD1.config:\r\n”,“msg”:“模块故障”,“已解析”:false}”
dbus.exceptions.DBusException:org.fedoraproject.slip.dbus.service.PolKit.NotAuthorizedException.org.fedoraproject.FirewallD1.config
表示存在某种权限错误。任务可能需要使用将其权限提升为:yes
有关更多详细信息,请参阅
- name: Install firewalld
yum:
name: firewalld
state: latest
notify:
- start firewalld
- name: start firewalld
service:
name: firewalld
state: started
enabled: yes
become: yes
- name: enable 1234
firewalld:
zone: public
port: 1234/tcp
permanent: true
state: enabled
become: yes
这样做。它会起作用的是的,就是这样。谢谢@XiongChiamiov