无法使用Ansible停止和禁用firewalld

时间:2016-10-27 17:49:30

标签: ansible

这是我停止和禁用firewalld的剧本:

---
-  hosts : openstack
   connection : ssh
   remote_user : ec2-user
   become_method : sudo
   become : yes
   gather_facts : no
   tasks :
   - command: "{{ item }}"
     with_items:
     - systemctl stop firewalld
     - systemctl disable firewalld

错误: 

failed: [ec2-52-87-240-155.compute-1.amazonaws.com] (item=systemctl stop firewalld) => {"changed": true, "cmd": ["systemctl", "stop", "firewalld"], "delta": "0:00:00.009282", "end": "2016-10-27 13:37:20.620051", "failed": true, "item": "systemctl stop firewalld", "rc": 5, "start": "2016-10-27 13:37:20.610769", "stderr": "Failed to stop firewalld.service: Unit firewalld.service not loaded.", "stdout": "", "stdout_lines": [], "warnings": []}
failed: [ec2-52-87-240-155.compute-1.amazonaws.com] (item=systemctl disable firewalld) => {"changed": true, "cmd": ["systemctl", "disable", "firewalld"], "delta": "0:00:00.004876", "end": "2016-10-27 13:37:20.816710", "failed": true, "item": "systemctl disable firewalld", "rc": 1, "start": "2016-10-27 13:37:20.811834", "stderr": "Failed to execute operation: Access denied", "stdout": "", "stdout_lines": [], "warnings": []}

有人可以帮我解决这个问题吗?

2 个答案:

答案 0 :(得分:0)

这个剧本有一些问题:

  • 请勿在{{1​​}}和space
    • 之间设置parameter个字符
  • 使用:模块而不是service模块

这应该有效:

command

答案 1 :(得分:0)

如果firewalld未安装/未运行,则可以使用“ failed_when:”简单地忽略错误消息

要避免弃用警告,可以通过在ansible.cfg中设置deprecation_warnings = False来禁用

- name: 'Disable firewalld Services'
   service:
     name: "{{item}}"
     state: stopped  
     enabled: no
   loop:
     - firewalld
   register: firewalld_service_disable
   failed_when: "firewalld_service_disable|failed and ('Could not find the requested service' not in firewalld_service_disable.msg)"
   ignore_errors: yes
   tags: test

下面是烦人的剧本执行输出

# ansible-playbook main.yml --tags test

PLAY [all] **********************************************************

TASK [Gathering Facts] **********************************************
ok: [ANSIBLECLIENTNODE]

TASK [hardening : Disable firewalld Services] ***********************
changed: [ANSIBLECLIENTNODE] => (item=firewalld)

PLAY RECAP **********************************************************

ANSIBLECLIENTNODE             : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

如果您的ansible版本2.9及更高版本,请遵循以下“ service_facts”方法

- name: 'Populate service facts'
  service_facts:

- name: 'Disable firewalld Services'
  service:
    name: "{{item}}"
    state: stopped
    enabled: no
  loop:
   - firewalld
  when: ansible_facts.services[item] is defined
  ignore_errors: yes
相关问题
最新问题