Description of problem: Firewall setup fails when public_network or cluster_network are comma delimited lists Version-Release number of selected component (if applicable): ceph-ansible-3.2.33-1.el7cp.noarch 2019-10-30 14:10:21,966 p=28662 u=mistral | Using module file /usr/lib/python2.7/site-packages/ansible/modules/system/firewalld.py 2019-10-30 14:10:22,019 p=28662 u=mistral | The full traceback is: File "/tmp/ansible_NDOOV4/ansible_modlib.zip/ansible/module_utils/firewalld.py", line 103, in action_handler return action_func(*action_func_args) File "/tmp/ansible_NDOOV4/ansible_module_firewalld.py", line 464, in set_enabled_permanent self.update_fw_settings(fw_zone, fw_settings) File "/tmp/ansible_NDOOV4/ansible_modlib.zip/ansible/module_utils/firewalld.py", line 134, in update_fw_settings fw_zone.update(fw_settings) File "<string>", line 2, in update File "/usr/lib/python2.7/site-packages/slip/dbus/polkit.py", line 103, in _enable_proxy return func(*p, **k) File "<string>", line 2, in update File "/usr/lib/python2.7/site-packages/firewall/client.py", line 53, in handle_exceptions return func(*args, **kwargs) File "/usr/lib/python2.7/site-packages/firewall/client.py", line 441, in update self.fw_zone.update(tuple(settings.settings)) File "/usr/lib/python2.7/site-packages/slip/dbus/proxies.py", line 50, in __call__ return dbus.proxies._ProxyMethod.__call__(self, *args, **kwargs) File "/usr/lib64/python2.7/site-packages/dbus/proxies.py", line 145, in __call__ **keywords) File "/usr/lib64/python2.7/site-packages/dbus/connection.py", line 651, in call_blocking message, timeout) 2019-10-30 14:10:22,019 p=28662 u=mistral | Escalation succeeded 2019-10-30 14:10:22,020 p=28662 u=mistral | failed: [overcloud-controller-2] (item={u'service': u'ceph-mon', u'zone': u'public'}) => { "changed": false, "invocation": { "module_args": { "immediate": true, "interface": null, "masquerade": null, "offline": null, "permanent": true, "port": null, "rich_rule": null, "service": "ceph-mon", "source": "172.120.3.0/24,172.117.3.0/24,172.118.3.0/24,172.119.3.0/24", "state": "enabled", "timeout": 0, "zone": "public" } }, "item": { "service": "ceph-mon", "zone": "public" }, "msg": "ERROR: Exception caught: org.fedoraproject.FirewallD1.Exception: INVALID_ADDR: 172.120.3.0/24,172.117.3.0/24,172.118.3.0/24,172.119.3.0/24 Permanent and Non-Permanent(immediate) operation" }
Please specify the severity of this bug. Severity is defined here: https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity.
I think we need to backport [1] in stable-3 1. https://github.com/ceph/ceph-ansible/commit/d94229204d84fc27c5997d273dff577af0ab1684
Created attachment 1631002 [details] ceph-ansible.tar.xz ceph-ansible logs, inventory and group_vars
*** Bug 1764860 has been marked as a duplicate of this bug. ***
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:1320