FAQ
Having a hell of a time getting UFW to play nicely. Here's what I've got:

Each role (in this case the role is "common", part of our baseline role)
has a ufw.yml task file that gets imported to main.yml:

---
- name: Configure UFW for baseline access
   ufw:
     rule=allow
     from_ip={{ item.ip }}
     to_port={{ item.port }}
     state=enabled
   with_items:
     - { ip: "10.0.0.0/8", port: "any" }
     - { ip: "172.16.0.0/12", port: "any" }
     - { ip: "192.168.0.0/16", port: "any" }
     - { ip: bellevue_office_ip, port: "any" }
   sudo: yes

Now there's two problems-
For the with_items entries that have a non-variable value for ip, those
lines return "Error: Could not find protocol"
For the line that uses the bellevue_office_ip variable, that line returns:
"Error: Bad source address"

My confusion is that the protocol parameter shouldn't be mandatory
according to the UFW docs page: http://docs.ansible.com/ufw_module.html and
that I should be able to use variables in this manner according to the
Loops page: http://docs.ansible.com/playbooks_loops.html

What am I missing? I can probably get away from trying to use variables in
the with_items loop but boy I'd sure love to use it. The protocol thing
though I have no idea, I don't know why that'd be choking me up.

Thanks for any help,
Lars

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/0e2962f5-9497-4c89-af81-2d3f49baf06b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Search Discussions

  • Michael DeHaan at Jul 31, 2014 at 8:47 pm
    With regards to the variable question:

       with_items:
         - { ip: "10.0.0.0/8", port: "any" }
         - { ip: "172.16.0.0/12", port: "any" }
         - { ip: "192.168.0.0/16", port: "any" }
         - { ip: "{{ bellevue_office_ip }}", port: "any" }

    Can you include the full output from the part about the protocol error?



    On Wed, Jul 30, 2014 at 6:48 PM, Lars Sommer wrote:

    Having a hell of a time getting UFW to play nicely. Here's what I've got:

    Each role (in this case the role is "common", part of our baseline role)
    has a ufw.yml task file that gets imported to main.yml:

    ---
    - name: Configure UFW for baseline access
    ufw:
    rule=allow
    from_ip={{ item.ip }}
    to_port={{ item.port }}
    state=enabled
    with_items:
    - { ip: "10.0.0.0/8", port: "any" }
    - { ip: "172.16.0.0/12", port: "any" }
    - { ip: "192.168.0.0/16", port: "any" }
    - { ip: bellevue_office_ip, port: "any" }
    sudo: yes

    Now there's two problems-
    For the with_items entries that have a non-variable value for ip, those
    lines return "Error: Could not find protocol"
    For the line that uses the bellevue_office_ip variable, that line returns:
    "Error: Bad source address"

    My confusion is that the protocol parameter shouldn't be mandatory
    according to the UFW docs page: http://docs.ansible.com/ufw_module.html
    and that I should be able to use variables in this manner according to the
    Loops page: http://docs.ansible.com/playbooks_loops.html

    What am I missing? I can probably get away from trying to use variables in
    the with_items loop but boy I'd sure love to use it. The protocol thing
    though I have no idea, I don't know why that'd be choking me up.

    Thanks for any help,
    Lars

    --
    You received this message because you are subscribed to the Google Groups
    "Ansible Project" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to ansible-project+unsubscribe@googlegroups.com.
    To post to this group, send email to ansible-project@googlegroups.com.
    To view this discussion on the web visit
    https://groups.google.com/d/msgid/ansible-project/0e2962f5-9497-4c89-af81-2d3f49baf06b%40googlegroups.com
    <https://groups.google.com/d/msgid/ansible-project/0e2962f5-9497-4c89-af81-2d3f49baf06b%40googlegroups.com?utm_medium=email&utm_source=footer>
    .
    For more options, visit https://groups.google.com/d/optout.
    --
    You received this message because you are subscribed to the Google Groups "Ansible Project" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
    To post to this group, send email to ansible-project@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgwOYAyZ2ZY2dusEsrsGdfga%3D6FxW5pkyd%3DNpOFuUCEAbw%40mail.gmail.com.
    For more options, visit https://groups.google.com/d/optout.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupansible-project @
postedJul 30, '14 at 10:48p
activeJul 31, '14 at 8:47p
posts2
users2

2 users in discussion

Michael DeHaan: 1 post Lars Sommer: 1 post

People

Translate

site design / logo © 2022 Grokbase