はまったこと
Ansibleを使ってfirewalldの設定を行うと、次のコマンド実行時にsshコネクションが切れてしまうことがあります。
GATHERING FACTS ***************************************************************
TASK: [centos7 | Setting Firewalld] ************************************
ok: [centos7] => (item={'state': 'disabled', 'service': 'http'})
ok: [centos7] => (item={'state': 'enabled', 'service': 'https'})
TASK: [centos7 | Restart service] **************************************
changed: [centos7]
TASK: [centos7 | yum clean] ********************************************
fatal: [centos7] => SSH Error: ssh: connect to host 192.168.33.20 port 22: No route to host
while connecting to 192.168.33.20:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
FATAL: all hosts have already failed -- aborting
yaml
- name: Setting Firewalld
firewalld: zone=public permanent=true service={{ item.service }} state={{ item.state }}
with_items:
- { service: http, state: disabled }
- { service: https, state: enabled }
sudo: yes
- name: Restart service
service: name=firewalld state=restarted enabled=yes
sudo: yes
- name: yum clean
command: yum clean all
動作環境
- CentOS7
- Ansible 1.9.2
対処方法
firewalldの再起動のタイミングで、sshポートで接続できるまで wait_for を使って待ち受けます。
yaml
- name: Restart service
service: name=firewalld state=restarted enabled=yes
sudo: yes
- name: wait for the server to come up
local_action: wait_for host={{ inventory_hostname }} port=22 delay=10