Syntax error while running Firewall playbook

Archives Ansible Project
1

Hi,

While running a playbook to enable multiple TCP & UDP ports on a remote m/c I am getting some syntax error which I can’t figure it out. The error says FAILED! => {“msg”: “The task includes an option with an undefined variable. The error was: ‘item’ is undefined\n\nThe error appears to have been in ‘/etc/ansible/playbooks/enable_firewall_ports.yml’: line 13, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - name: Enable TCP and UDP ports\n ^ here\n”}

Below is the code

2

Hi Prashant,

It looks like your “with_items” is not lined up correctly with firewalld so the list is not passed to {{item.port}}

i.e. try this

  • name: Enable TCP and UDP ports
    firewalld:
    port: ‘{{item.port}}/{{item.protocol}}’
    immediate: true

permanent: true
state: enabled

with_items:

  • { port: “5301,1302,5903,5672”, protocol: tcp }
  • { port: “25238,55692”, protocol: udp}

tags: port

3

It should be like this and it will work for sure .

  • name: Enable TCP and UDP ports
    firewalld:
    port: “{{item.port}}”/“{{item.protocol}}”
    immediate: true

permanent: true
state: enabled

with_items:

  • { port: “5301,1302,5903,5672”, protocol: tcp }
  • { port: “25238,55692”, protocol: udp}

tags: port

Ravi

4

Hi Tony,

That issue got fixed. Corrected the indentation. Now while running the playbook I am facing this error. Unable to pass multiple ports. Below is the error.

failed: [0.0.0.0] (item={u’protocol’: u’tcp’, u’port’: [5301, 1302, 5903, 5672, 5672]}) => {“changed”: false, “item”: {“port”: [5301, 1302, 5903, 5672, 5672], “protocol”: “tcp”}, “msg”: “ERROR: Exception caught: org.fedoraproject.FirewallD1.Exception: INVALID_PORT: ‘[5301, 1302, 5903, 5672, 5672]’ is invalid port range Permanent and Non-Permanent(immediate) operation”}

My playbook look like this

5

failed: [0.0.0.0] (item={u'protocol': u'tcp', u'port': [5301, 1302, 5903,
5672, 5672]}) => {"changed": false, "item": {"port": [5301, 1302, 5903,
5672, 5672], "protocol": "tcp"}, "msg": "ERROR: Exception caught:
org.fedoraproject.FirewallD1.Exception: INVALID_PORT: '[5301, 1302, 5903,
5672, 5672]' is invalid port range Permanent and Non-Permanent(immediate)
operation"}

It says invalid port, no place in the documentation say that you can send a list in the port section.
Only individual port or range with a dash.

My playbook look like this
---
- hosts: test
  become : True
  become_user : root
  become_method : sudo
  tasks:
    - name: Start and enable firewalld
      service:
        name: firewalld
        state: started
        enabled: yes

    - name: Enable TCP and UDP ports
      firewalld:
        port: ' {{item.port}}/{{item.protocol}}'
        immediate: true
        permanent: true
        state: enabled
      with_items:
          - { port: [ 5301, 1302, 5903, 5672, 5672 ], protocol: tcp }
# - { port: [ 25238,55692 ], protocol: udp }

The easiest is to just list them like so and use {{ item }} instead

with_items:
  - 5301/tcp
  - 1302/tcp
  - 25238(udp
  ...
  ...

6

Hi ,

Works now. Thank you :slight_smile: