Problem:
When deploying SonarQube, the task to enable port 9000 fails with the following error:
fatal: [172.**.*.***]: FAILED! => {"changed": false, "msg": "Failed to import the required Python library (firewal) on ip-172.**.*.***.ec2.internal's Python /usr/bin/python3. Please read the module documentation and install it in the appropriate location. If the required library is installed, but Ansible is using the wrong Python interpreter please consult the documentation on ansible_python_interpreter. Version 0.2.11 or newer required (0.3.9 or newer or offline operations)"}
What I Have Tried:
- Installed and reinstalled
firewalldlibrary on the target system. - Ensured
/usr/bin/python3is being used by specifyingansible_python_interpreterin my inventory file. - Confirmed the library version is greater than the minimum required (0.2.11) and exceeds the recommended version (0.3.9).
- Verified the
firewalldservice is installed, running, and includedbecometo ensure sufficient permissions. - Ensured the playbook grants
sudoprivileges where necessary.
What am I missing here in my playbook?
-
name: Ensure correct Python interpreter is used
set_fact:
ansible_python_interpreter: /usr/bin/python3
become: true -
name: Ensure firewall Python module is installed
pip:
name: firewall
state: present
become: yes -
name: Install firewalld on Amazon Linux 2
yum:
name: firewalld
state: present
become: yes -
name: Ensure firewalld is started and enabled
service:
name: firewalld
state: started
enabled: yes
become: yes -
name: Install necessary dependencies on Amazon Linux 2
yum:
name:
- wget
- unzip
state: present
when:- ansible_facts[‘distribution’] == ‘Amazon’ and ansible_facts[‘distribution_version’] is search(‘2’)
-
name: Install Java 11 on Amazon Linux 2 using amazon-linux-extras
command: amazon-linux-extras enable java-openjdk11
when:- ansible_facts[‘distribution’] == ‘Amazon’ and ansible_facts[‘distribution_version’] is search(‘2’)
-
name: Install Java 11 on Amazon Linux 2
yum:
name: java-11-openjdk
state: present
when:- ansible_facts[‘distribution’] == ‘Amazon’ and ansible_facts[‘distribution_version’] is search(‘2’)
-
name: Install necessary dependencies on other Linux distributions
yum:
name:
- java-11-openjdk-devel
- wget
- unzip
state: present
when:- ansible_facts[‘distribution’] != ‘Amazon’
-
name: Create sonar user
user:
name: sonar
state: present
shell: /bin/bash -
name: Create sonar group
group:
name: sonar
state: present -
name: Add sonar user to the sonar group
user:
name: sonar
group: sonar
state: present -
name: Allow sonar user to have passwordless sudo
lineinfile:
dest: /etc/sudoers
state: present
line: ‘sonar ALL=(ALL) NOPASSWD: ALL’
validate: ‘visudo -cf %s’ -
name: Download SonarQube tar.gz file
get_url:
url: “https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-9.9.0.65466.zip”
dest: /tmp/sonarqube.zip -
name: Unzip SonarQube archive
unarchive:
src: /tmp/sonarqube.zip
dest: /opt/
remote_src: yes -
name: Set permissions for SonarQube directory
file:
path: /opt/sonarqube-9.9.0.65466
owner: sonar
group: sonar
recurse: yes -
name: Create a systemd service file for SonarQube
copy:
dest: /etc/systemd/system/sonarqube.service
content: |
[Unit]
Description=SonarQube service
After=network.target[Service] Type=simple User=sonar Group=sonar ExecStart=/opt/sonarqube-9.9.0.65466/bin/linux-x86-64/sonar.sh start ExecStop=/opt/sonarqube-9.9.0.65466/bin/linux-x86-64/sonar.sh stop LimitNOFILE=65536 [Install] WantedBy=multi-user.target -
name: Reload systemd to pick up SonarQube service
systemd:
daemon_reload: yes -
name: Start SonarQube service
service:
name: sonarqube
state: started
enabled: yes -
name: Enable port 9000
firewalld:
port: 9000/tcp
permanent: true
state: enabled
become: true -
name: Restart SonarQube service
service:
name: sonarqube
state: restarted