Correct way to add firewall rules in tripleo | Wallaby
Hi, I am trying to add a rule for zabbix in my tripleo wallaby setup on top of centos 8 stream. i followed https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/features... but got the error message: [ERROR]: Failed, module return: {'msg': 'value of action must be one of: append, insert, got: accept', 'failed': True, 'invocation': {'module_args': {'state': 'present', 'action': 'accept', 'jump': 'ACCEPT', 'chain': 'INPUT', 'protocol': 'tcp', 'source': '172.25.161.50', 'ctstate': ['NEW'], 'ip_version': 'ipv4', 'comment': '301 allow zabbix ipv4', 'destination_port': '10050', 'table': 'filter', 'match': [], 'syn': 'ignore', 'flush': False}}, 'warnings': ["The value 10050 (type int) in a string field was converted to '10050' (type string). If this does not look like what you expect, quote the entire value to ensure it does not change."], '_ansible_parsed': True} [ERROR]: Failed, return data: {'stdout': None, 'stderr': None, 'msg': 'value of action must be one of: append, insert, got: accept', 'cmd': None, 'rc': 0, 'failed': True} 2022-07-21 01:27:33.335477 | 48d539a1-1679-1e80-25fd-000000005aa1 | TASK | Manage firewall rules 2022-07-21 01:27:33.351515 | 48d539a1-1679-1e80-25fd-000000005542 | FATAL | Manage firewall rules | overcloud-controller-0 | error={"changed": false, "cmd": null, "msg": "value of action must be one of: append, insert, got: accept", "rc": 0, "stderr": null, "stdout": null} When i tried the following link: https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/15/... <https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/15/html/security_and_hardening_guide/using_director_to_configure_security_hardening> my script is running fine but rules are not updated in iptables for zabbix. Can you please suggest a correct approach to open port 10050 in tripleo? With regards, Swogat Pradhan
Hello there, I think the "action" keyword is wrong, it should actually be "jump". As stated in the error message, "action" should be insert/append - the drop/accept are actually "jump" values. I'll push a patch against the doc shortly to update that. Cheers, C. On 7/20/22 19:37, Swogat Pradhan wrote:
Hi, I am trying to add a rule for zabbix in my tripleo wallaby setup on top of centos 8 stream. i followed https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/features... <https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/features/security_hardening.html>
but got the error message:
[ERROR]: Failed, module return: {'msg': 'value of action must be one of: append, insert, got: accept', 'failed': True, 'invocation': {'module_args': {'state': 'present', 'action': 'accept', 'jump': 'ACCEPT', 'chain': 'INPUT', 'protocol': 'tcp', 'source': '172.25.161.50', 'ctstate': ['NEW'], 'ip_version': 'ipv4', 'comment': '301 allow zabbix ipv4', 'destination_port': '10050', 'table': 'filter', 'match': [], 'syn': 'ignore', 'flush': False}}, 'warnings': ["The value 10050 (type int) in a string field was converted to '10050' (type string). If this does not look like what you expect, quote the entire value to ensure it does not change."], '_ansible_parsed': True} [ERROR]: Failed, return data: {'stdout': None, 'stderr': None, 'msg': 'value of action must be one of: append, insert, got: accept', 'cmd': None, 'rc': 0, 'failed': True} 2022-07-21 01:27:33.335477 | 48d539a1-1679-1e80-25fd-000000005aa1 | TASK | Manage firewall rules 2022-07-21 01:27:33.351515 | 48d539a1-1679-1e80-25fd-000000005542 | FATAL | Manage firewall rules | overcloud-controller-0 | error={"changed": false, "cmd": null, "msg": "value of action must be one of: append, insert, got: accept", "rc": 0, "stderr": null, "stdout": null}
When i tried the following link: https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/15/... <https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/15/html/security_and_hardening_guide/using_director_to_configure_security_hardening> my script is running fine but rules are not updated in iptables for zabbix.
Can you please suggest a correct approach to open port 10050 in tripleo?
With regards, Swogat Pradhan
-- Cédric Jeanneret (He/Him/His) Sr. Software Engineer - OpenStack Platform Deployment Framework TC Red Hat EMEA https://www.redhat.com/
participants (2)
-
Cédric Jeanneret
-
Swogat Pradhan