0

我创建了一个任务来初始化 ufw ,首先我安装 ufw 然后我想改变它的策略来拒绝:

---

- name: Ensure UFW is enabled
  ufw:
    state: enabled
    policy: reject
  become: true
  register: firewall_enabled
  when: '(firewall_enabled | default({})) | dictsort | length < 1'

当我运行时出现molecule converge此错误:

fatal: [focal]: FAILED! => {"changed": false, "commands": ["/usr/sbin/ufw status verbose", "/usr/bin/grep -h '^### tuple' /lib/ufw/user.rules /lib/ufw/user6.rules /etc/ufw/user.rules /etc/ufw/user6.rules /var/lib/ufw/user.rules /var/lib/ufw/user6.rules", "/usr/sbin/ufw -f enable"], "msg": "ERROR: initcaps\n[Errno 2] ip6tables v1.8.4 (legacy): can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)\nPerhaps ip6tables or your kernel needs to be upgraded.\n\n"}

经过一番搜索,我意识到这是因为创建 docker 容器的能力,所以我将能力添加到了分子.yaml 文件中,但它根本不起作用,我得到了同样的错误。

这是我的分子.yaml 文件:

---
dependency:
  name: galaxy
driver:
  name: docker
lint: |
    yamllint .
    ansible-lint
    flake8
platforms:
  - name: bionic
    image: ubuntu:18.04
    volumes:
      - /sys/fs/cgroup:/sys/fs/cgroup:ro
    privileged: true
    capabilities: ['NET_ADMIN']
provisioner:
  name: ansible
verifier:
  name: testinfra
4

1 回答 1

0

通过创建自定义 docker 映像并在容器内安装 uff 包解决了这个问题

分子.yml 

---
dependency:
  name: galaxy
driver:
  name: docker
platforms:
 - name: instance
   dockerfile: ./Dockerfile.j2
   image: ubuntu:18.04
   privileged: true   #To elevate privilages as become: true failes in *Gather fatcs task*
provisioner:
  name: ansible
  lint:
    name: ansible-lint
verifier:
  name: testinfra

Dockerfile.j2 

{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}

RUN apt-get update -y && apt-get install ufw -y

于 2022-01-10T23:01:01.310 回答