Correct way to add firewall rules in tripleo | Wallaby
Cédric Jeanneret
cjeanner at redhat.com
Wed Aug 10 05:54:53 UTC 2022
Hello there,
I think the "action" keyword is wrong, it should actually be "jump".
As stated in the error message, "action" should be insert/append - the
drop/accept are actually "jump" values.
I'll push a patch against the doc shortly to update that.
Cheers,
C.
On 7/20/22 19:37, Swogat Pradhan wrote:
> Hi,
> I am trying to add a rule for zabbix in my tripleo wallaby setup on top
> of centos 8 stream.
> i followed
> https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/features/security_hardening.html
> <https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/features/security_hardening.html>
>
>
> but got the error message:
>
> [ERROR]: Failed, module return: {'msg': 'value of action must be one of:
> append, insert, got: accept', 'failed': True, 'invocation': {'module_args':
> {'state': 'present', 'action': 'accept', 'jump': 'ACCEPT', 'chain': 'INPUT',
> 'protocol': 'tcp', 'source': '172.25.161.50', 'ctstate': ['NEW'],
> 'ip_version':
> 'ipv4', 'comment': '301 allow zabbix ipv4', 'destination_port': '10050',
> 'table': 'filter', 'match': [], 'syn': 'ignore', 'flush': False}},
> 'warnings':
> ["The value 10050 (type int) in a string field was converted to '10050'
> (type
> string). If this does not look like what you expect, quote the entire
> value to
> ensure it does not change."], '_ansible_parsed': True}
> [ERROR]: Failed, return data: {'stdout': None, 'stderr': None, 'msg':
> 'value
> of action must be one of: append, insert, got: accept', 'cmd': None,
> 'rc': 0,
> 'failed': True}
> 2022-07-21 01:27:33.335477 | 48d539a1-1679-1e80-25fd-000000005aa1 |
> TASK | Manage firewall rules
> 2022-07-21 01:27:33.351515 | 48d539a1-1679-1e80-25fd-000000005542 |
> FATAL | Manage firewall rules | overcloud-controller-0 |
> error={"changed": false, "cmd": null, "msg": "value of action must be
> one of: append, insert, got: accept", "rc": 0, "stderr": null, "stdout":
> null}
>
>
> When i tried the following link:
> https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/15/html/security_and_hardening_guide/using_director_to_configure_security_hardening
> <https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/15/html/security_and_hardening_guide/using_director_to_configure_security_hardening>
> my script is running fine but rules are not updated in iptables for zabbix.
>
> Can you please suggest a correct approach to open port 10050 in tripleo?
>
> With regards,
> Swogat Pradhan
--
Cédric Jeanneret (He/Him/His)
Sr. Software Engineer - OpenStack Platform
Deployment Framework TC
Red Hat EMEA
https://www.redhat.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20220810/6c558b24/attachment.sig>
More information about the openstack-discuss
mailing list