我在ansible-playbook脚本中有一个打开远程机器上的TCP端口的任务。但是当我运行我的脚本时,它抛出了一个错误。但是当我运行"firewall-cmd --permanent --zone=public --add-port=1234/tcp"和"firewalld-cmd --reload"时,我可以看到端口添加在公共区域。
环境本地操作系统:OS x El CapitanAnsible remote: AWS Centos 7最低版本可用版本:2.1.1.0远程python版本:2.7.5
My task
- name: open management console port
firewalld: port=1234/tcp zone=public permanent=true state=enabled immediate=yes
我得到的错误
fatal: [X.X.X.X]: FAILED! => {"changed": false, "failed": true, "module_stderr": "", "module_stdout": "Traceback (most recent call last):rn File "/tmp/ansible_MojhHQ/ansible_module_firewalld.py", line 605, in <module>rn main()rn File "/tmp/ansible_MojhHQ/ansible_module_firewalld.py", line 456, in mainrn is_enabled = get_port_enabled_permanent(zone, [port, protocol])rn File "/tmp/ansible_MojhHQ/ansible_module_firewalld.py", line 170, in get_port_enabled_permanentrn fw_zone = fw.config().getZoneByName(zone)rn File "<string>", line 2, in getZoneByNamern File "/usr/lib/python2.7/site-packages/slip/dbus/polkit.py", line 103, in _enable_proxyrn return func(*p, **k)rn File "<string>", line 2, in getZoneByNamern File "/usr/lib/python2.7/site-packages/firewall/client.py", line 52, in handle_exceptionsrn return func(*args, **kwargs)rn File "/usr/lib/python2.7/site-packages/firewall/client.py", line 1505, in getZoneByNamern path = dbus_to_python(self.fw_config.getZoneByName(name))rn File "/usr/lib64/python2.7/site-packages/dbus/proxies.py", line 70, in __call__rn return self._proxy_method(*args, **keywords)rn File "/usr/lib/python2.7/site-packages/slip/dbus/proxies.py", line 50, in __call__rn return dbus.proxies._ProxyMethod.__call__(self, *args, **kwargs)rn File "/usr/lib64/python2.7/site-packages/dbus/proxies.py", line 145, in __call__rn **keywords)rn File "/usr/lib64/python2.7/site-packages/dbus/connection.py", line 651, in call_blockingrn message, timeout)rndbus.exceptions.DBusException: org.fedoraproject.slip.dbus.service.PolKit.NotAuthorizedException.org.fedoraproject.FirewallD1.config: rn", "msg": "MODULE FAILURE", "parsed": false}
- name: Install firewalld
yum:
name: firewalld
state: latest
notify:
- start firewalld
- name: start firewalld
service:
name: firewalld
state: started
enabled: yes
become: yes
- name: enable 1234
firewalld:
zone: public
port: 1234/tcp
permanent: true
state: enabled
become: yes
这样做。
dbus.exceptions.DBusException: org.fedoraproject.slip.dbus.service.PolKit.NotAuthorizedException.org.fedoraproject.FirewallD1.config表示存在某种权限错误。该任务可能需要使用become: yes来提升其权限。
查看become文档了解更多细节