configuring firewalld using ansible with system facts

Question

I have the following play:

- command: "hostname -I"
  register: IP_ADRESSS
  changed_when: False
- firewalld:
    interface: eth0
    state: enabled
    permanent: yes
    zone: public
    source: {{ IP_ADDRESS.stdout }}
  notify: "RESTART FIREWALL"

The result of the play is as follows:

fatal: [test-server]: FAILED! => {
     "changed": false,
     "invocation": {
         "module_args": {
         "immediate": false,
         "interface": "eth0",
         "masquerade": null,
         "offline": null,
         "permanent": true,
         "port": null,
         "rich_rule": null,
         "service": null,
         "source": "10.0.0.5 "
         "state": "enabled"
         "timeout": 0,
         "zone": "public"
         }
     },
  "msg": "ERROR: Exception caught: org.fedoraproject.FirewallD1.Exception: INVALID_ADDR: 10.0.0.5  Permanent operation"
}

The error happens when the value of "source" comes from the value of "IP_ADDRESS.stdout". The result of the IP_ADDRESS.stdout has an added space at the end of the ip address and it causes the failure. When I "hardcode" the ip address it works.

can anyone please guide me on how to correct the stdout output?

Thanks

score 0 · Answer 1 · answered Jan 18 '18 at 17:53

0

You can apply trim filter:

source: "{{ IP_ADDRESS.stdout | trim }}"

answered Jan 18 '18 at 17:53

Konstantin Suvorov

65,183
9
162
193

score 0 · Answer 2 · answered Jan 19 '18 at 03:20

0

Using hostname -I might leads to another problem as it return every IPs on the servers. Another options is to use facts ansible_default_ipv4.address which will return only one IP.

answered Jan 19 '18 at 03:20

drhojun

41
5

configuring firewalld using ansible with system facts

2 Answers2