-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ufw disable task intermittently fails #2336
Comments
Files identified in the description: If these files are inaccurate, please update the |
This is getting checked in community.general/tests/integration/targets/ufw/tasks/tests/basic.yml Lines 342 to 348 in 2799cd4
I will see if this is getting run against ubuntu 20.04 or not. Edit: I don't think this is running in CI, needs to be investigated more. |
-label needs_triage |
The ufw tests only run on the RHEL VMs, since they don't work well in docker containers (the Ubuntu tests run in docker containers). |
I'm trying to determine how I can run the ufw integration test via ansible-test on my Ubuntu 20.04 VM to see if I can trouble shoot this intermittent failure but I'm having trouble accomplishing that. I'm viewing https://www.ansible.com/blog/introduction-to-ansible-test but it doesn't state how ansible-test is installed. Does anybody have any suggestions or advise? |
I'd also like to note that the focal-20.04-server-cloudimg-amd64 image was used to create the VM and Python 3.8 is being used, iptables 1.8.4-3ubuntu2 and ufw 0.36-6 |
If you have ansible-core/ansible-base/Ansible 2.9 installed, you already have ansible-test installed. To run the ufw tests on your machine (which is discouraged, since the tests need root access and modify your machine's state!), you can run |
Understood and thanks for the warning I performed the test on a rundant test server.
I've attached the output of the test. |
@tekenny It's failing at a different task, right?
It's failing when it's enabled and task is "Reset ufw to factory defaults and disable", not disable when it's disabled, so the problem must be somewhere else. |
Yes it failed upon a ufw disable in my playbook but it appears the integration tests did not get that far and failed before it got to the disable test. I could be wrong but it seems that iptables maybe holding the xtables lock longer in Ubuntu 20.04 than it did in 18.04. Any suggestions on next steps? |
It's already failing in That In any case, the module could be better by relying less on "just run the command and see whether something changed", but instead using the same logic as in dry-mode (where it cannot just run commands). I'm not sure whether it would help with this specific bug, but it definitely does not hurt to do that. |
I agree this looks like the failure is due to a ufw bug unrelated to ansible. Thank you very much for all the assistance! |
Summary
Performing an ansible run that includes a task to disable ufw when ufw is already disabled ocassionally causes a fatal error regarding another app holding the xtables lock.
Note we've only started getting these failures once we've started using Ubuntu 20.04. Previously we were using Ubuntu 18.04 and this error never occurred on the same systems.
Issue Type
Bug Report
Component Name
ufw module
Ansible Version
Configuration
OS / Environment
Distributor ID: Ubuntu
Description: Ubuntu 20.04.2 LTS
Release: 20.04
Codename: focal
Steps to Reproduce
Expected Results
I expect that the task to disable ufw to always be succesful (even if ufw is already disabled)
Actual Results
Code of Conduct
The text was updated successfully, but these errors were encountered: