Open Stack

Hello there,

I think the "action" keyword is wrong, it should actually be "jump".

As stated in the error message, "action" should be insert/append - the 
drop/accept are actually "jump" values.

I'll push a patch against the doc shortly to update that.

Cheers,

C.

On 7/20/22 19:37, Swogat Pradhan wrote:
> Hi,
> I am trying to add a rule for zabbix in my tripleo wallaby setup on top 
> of centos 8 stream.
> i followed 
> https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/features/security_hardening.html 
> <https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/features/security_hardening.html> 
> 
> 
> but got the error message:
> 
>   [ERROR]: Failed, module return: {'msg': 'value of action must be one of:
> append, insert, got: accept', 'failed': True, 'invocation': {'module_args':
> {'state': 'present', 'action': 'accept', 'jump': 'ACCEPT', 'chain': 'INPUT',
> 'protocol': 'tcp', 'source': '172.25.161.50', 'ctstate': ['NEW'], 
> 'ip_version':
> 'ipv4', 'comment': '301 allow zabbix ipv4', 'destination_port': '10050',
> 'table': 'filter', 'match': [], 'syn': 'ignore', 'flush': False}}, 
> 'warnings':
> ["The value 10050 (type int) in a string field was converted to '10050' 
> (type
> string). If this does not look like what you expect, quote the entire 
> value to
> ensure it does not change."], '_ansible_parsed': True}
>   [ERROR]: Failed, return data: {'stdout': None, 'stderr': None, 'msg': 
> 'value
> of action must be one of: append, insert, got: accept', 'cmd': None, 
> 'rc': 0,
> 'failed': True}
> 2022-07-21 01:27:33.335477 | 48d539a1-1679-1e80-25fd-000000005aa1 |     
>    TASK | Manage firewall rules
> 2022-07-21 01:27:33.351515 | 48d539a1-1679-1e80-25fd-000000005542 |     
>   FATAL | Manage firewall rules | overcloud-controller-0 | 
> error={"changed": false, "cmd": null, "msg": "value of action must be 
> one of: append, insert, got: accept", "rc": 0, "stderr": null, "stdout": 
> null}
> 
> 
> When i tried the following link:
> https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/15/html/security_and_hardening_guide/using_director_to_configure_security_hardening 
> <https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/15/html/security_and_hardening_guide/using_director_to_configure_security_hardening>
> my script is running fine but rules are not updated in iptables for zabbix.
> 
> Can you please suggest a correct approach to open port 10050 in tripleo?
> 
> With regards,
> Swogat Pradhan

-- 
Cédric Jeanneret (He/Him/His)
Sr. Software Engineer - OpenStack Platform
Deployment Framework TC
Red Hat EMEA
https://www.redhat.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20220810/6c558b24/attachment.sig>