all: children: zuul_unreachable: hosts: {} hosts: controller: ansible_connection: ssh ansible_host: 162.253.55.70 ansible_port: 22 ansible_python_interpreter: auto ansible_user: zuul nodepool: az: nova cloud: ansible-vexxhost external_id: a7e75981-2c02-4997-b9a8-54e199db688b host_id: cbf77c162637fdd0e01a5fd1648344bc082ef4e142a7eb44d1145ee2 interface_ip: 162.253.55.70 label: ansible-fedora-37-1vcpu private_ipv4: 192.168.0.59 private_ipv6: null provider: ansible-vexxhost-ca-ymq-1 public_ipv4: 162.253.55.70 public_ipv6: 2604:e100:1:0:f816:3eff:fed0:a203 region: ca-ymq-1 slot: null zuul_use_fetch_output: true vars: zuul: _inheritance_path: - '' - '' - '' ansible_version: '8' artifacts: - branch: dev change: '1168' job: build-ansible-collection metadata: type: zuul_manifest name: Zuul Manifest patchset: 360f94437aef7c673a40680b417cc6d79e81a727 project: sap-linuxlab/community.sap_install url: https://b30fb936d169d13678a3-01be38a7b4d0dcbcf5c7cf93aded0b7c.ssl.cf5.rackcdn.com/ansible/e6ee658940ef4f6a919b9443c62d32b2/zuul-manifest.json - branch: dev change: '1168' job: build-ansible-collection metadata: type: ansible_collection version: 1.8.1 name: community.sap_install patchset: 360f94437aef7c673a40680b417cc6d79e81a727 project: sap-linuxlab/community.sap_install url: https://b30fb936d169d13678a3-01be38a7b4d0dcbcf5c7cf93aded0b7c.ssl.cf5.rackcdn.com/ansible/e6ee658940ef4f6a919b9443c62d32b2/artifacts/community-sap_install-1.8.1.tar.gz attempts: 2 branch: dev build: 9343d2a76b204de08c87f82ea23375c4 build_refs: - branch: dev change: '1168' change_message: "sap_swpm: Update firewall steps\n\n## Changes\r\n- Remove existing firewall tasks:\r\n - pre_tasks, because they were configuring HANA firewall ports, which should not be done by SWPM role.\r\n - post_tasks: because firewall should be configured before SWPM.\r\n- Add new set of firewalla pre_tasks following contecept from `sap_operations.sap_firewall` role and https://github.com/sap-linuxlab/community.sap_install/pull/1157, https://github.com/sap-linuxlab/community.sap_install/pull/1156\r\n\r\nSame concept was used, but service template was split to allow precise port opening for enhanced security:\r\n- Central Services service file: ASCS, SCS, ERS\r\n- Applications service file: PAS, AAS, WD\r\n\r\n## Tests\r\nTested on SLES 15 SP7 on AWS using BW4HANA system with 1 ASCS, 1 PAS and 1 AAS.\r\n```console\r\nb01hana:~ # ls -la /etc/firewalld/services/\r\ntotal 16\r\ndrwxr-x--- 2 root root 108 Feb 18 12:43 .\r\ndrwxr-x--- 8 root root 149 Feb 4 05:38 ..\r\n-rw-r----- 1 root root 815 Feb 18 08:20 sap-hana-90.xml\r\n-rw-r----- 1 root root 698 Feb 18 12:43 sap-nw-app-01.xml\r\n-rw-r----- 1 root root 698 Feb 18 12:43 sap-nw-app-95.xml\r\n-rw-r----- 1 root root 509 Feb 18 12:42 sap-nw-central-00.xml\r\n```\r\n\r\n```console\r\nTASK [community.sap_install.sap_swpm : SAP SWPM - Firewall - Show details of configured firewall] **********************************************************\r\n [started TASK: community.sap_install.sap_swpm : SAP SWPM - Firewall - Show details of configured firewall on b01hana]\r\nok: [b01hana] =>\r\n msg: |-\r\n Firewall was configured for SAP Netweaver instances and reloaded.\r\n \ Output of command 'firewall-cmd --list-all':\r\n You're performing an operation over default zone ('public'),\r\n but your connections/interfaces are in zone 'docker' (see --get-active-zones)\r\n You most likely need to use --zone=docker option.\r\n\r\n public\r\n target: default\r\n icmp-block-inversion: no\r\n interfaces:\r\n \ sources:\r\n services: dhcpv6-client sap-hana-90 sap-nw-app-01 sap-nw-app-95 sap-nw-central-00 ssh\r\n ports:\r\n protocols:\r\n \ forward: yes\r\n masquerade: no\r\n forward-ports:\r\n \ source-ports:\r\n icmp-blocks:\r\n rich rules:\r\n```" change_url: https://github.com/sap-linuxlab/community.sap_install/pull/1168 commit_id: 360f94437aef7c673a40680b417cc6d79e81a727 patchset: 360f94437aef7c673a40680b417cc6d79e81a727 project: canonical_hostname: github.com canonical_name: github.com/sap-linuxlab/community.sap_install name: sap-linuxlab/community.sap_install short_name: community.sap_install src_dir: src/github.com/sap-linuxlab/community.sap_install topic: null buildset: 08dfc21ef9a44438be356b68b9a9e7ed buildset_refs: - branch: dev change: '1168' change_message: "sap_swpm: Update firewall steps\n\n## Changes\r\n- Remove existing firewall tasks:\r\n - pre_tasks, because they were configuring HANA firewall ports, which should not be done by SWPM role.\r\n - post_tasks: because firewall should be configured before SWPM.\r\n- Add new set of firewalla pre_tasks following contecept from `sap_operations.sap_firewall` role and https://github.com/sap-linuxlab/community.sap_install/pull/1157, https://github.com/sap-linuxlab/community.sap_install/pull/1156\r\n\r\nSame concept was used, but service template was split to allow precise port opening for enhanced security:\r\n- Central Services service file: ASCS, SCS, ERS\r\n- Applications service file: PAS, AAS, WD\r\n\r\n## Tests\r\nTested on SLES 15 SP7 on AWS using BW4HANA system with 1 ASCS, 1 PAS and 1 AAS.\r\n```console\r\nb01hana:~ # ls -la /etc/firewalld/services/\r\ntotal 16\r\ndrwxr-x--- 2 root root 108 Feb 18 12:43 .\r\ndrwxr-x--- 8 root root 149 Feb 4 05:38 ..\r\n-rw-r----- 1 root root 815 Feb 18 08:20 sap-hana-90.xml\r\n-rw-r----- 1 root root 698 Feb 18 12:43 sap-nw-app-01.xml\r\n-rw-r----- 1 root root 698 Feb 18 12:43 sap-nw-app-95.xml\r\n-rw-r----- 1 root root 509 Feb 18 12:42 sap-nw-central-00.xml\r\n```\r\n\r\n```console\r\nTASK [community.sap_install.sap_swpm : SAP SWPM - Firewall - Show details of configured firewall] **********************************************************\r\n [started TASK: community.sap_install.sap_swpm : SAP SWPM - Firewall - Show details of configured firewall on b01hana]\r\nok: [b01hana] =>\r\n msg: |-\r\n Firewall was configured for SAP Netweaver instances and reloaded.\r\n \ Output of command 'firewall-cmd --list-all':\r\n You're performing an operation over default zone ('public'),\r\n but your connections/interfaces are in zone 'docker' (see --get-active-zones)\r\n You most likely need to use --zone=docker option.\r\n\r\n public\r\n target: default\r\n icmp-block-inversion: no\r\n interfaces:\r\n \ sources:\r\n services: dhcpv6-client sap-hana-90 sap-nw-app-01 sap-nw-app-95 sap-nw-central-00 ssh\r\n ports:\r\n protocols:\r\n \ forward: yes\r\n masquerade: no\r\n forward-ports:\r\n \ source-ports:\r\n icmp-blocks:\r\n rich rules:\r\n```" change_url: https://github.com/sap-linuxlab/community.sap_install/pull/1168 commit_id: 360f94437aef7c673a40680b417cc6d79e81a727 patchset: 360f94437aef7c673a40680b417cc6d79e81a727 project: canonical_hostname: github.com canonical_name: github.com/sap-linuxlab/community.sap_install name: sap-linuxlab/community.sap_install short_name: community.sap_install src_dir: src/github.com/sap-linuxlab/community.sap_install topic: null change: '1168' change_message: "sap_swpm: Update firewall steps\n\n## Changes\r\n- Remove existing firewall tasks:\r\n - pre_tasks, because they were configuring HANA firewall ports, which should not be done by SWPM role.\r\n - post_tasks: because firewall should be configured before SWPM.\r\n- Add new set of firewalla pre_tasks following contecept from `sap_operations.sap_firewall` role and https://github.com/sap-linuxlab/community.sap_install/pull/1157, https://github.com/sap-linuxlab/community.sap_install/pull/1156\r\n\r\nSame concept was used, but service template was split to allow precise port opening for enhanced security:\r\n- Central Services service file: ASCS, SCS, ERS\r\n- Applications service file: PAS, AAS, WD\r\n\r\n## Tests\r\nTested on SLES 15 SP7 on AWS using BW4HANA system with 1 ASCS, 1 PAS and 1 AAS.\r\n```console\r\nb01hana:~ # ls -la /etc/firewalld/services/\r\ntotal 16\r\ndrwxr-x--- 2 root root 108 Feb 18 12:43 .\r\ndrwxr-x--- 8 root root 149 Feb 4 05:38 ..\r\n-rw-r----- 1 root root 815 Feb 18 08:20 sap-hana-90.xml\r\n-rw-r----- 1 root root 698 Feb 18 12:43 sap-nw-app-01.xml\r\n-rw-r----- 1 root root 698 Feb 18 12:43 sap-nw-app-95.xml\r\n-rw-r----- 1 root root 509 Feb 18 12:42 sap-nw-central-00.xml\r\n```\r\n\r\n```console\r\nTASK [community.sap_install.sap_swpm : SAP SWPM - Firewall - Show details of configured firewall] **********************************************************\r\n [started TASK: community.sap_install.sap_swpm : SAP SWPM - Firewall - Show details of configured firewall on b01hana]\r\nok: [b01hana] =>\r\n msg: |-\r\n \ Firewall was configured for SAP Netweaver instances and reloaded.\r\n \ Output of command 'firewall-cmd --list-all':\r\n You're performing an operation over default zone ('public'),\r\n but your connections/interfaces are in zone 'docker' (see --get-active-zones)\r\n You most likely need to use --zone=docker option.\r\n\r\n public\r\n target: default\r\n \ icmp-block-inversion: no\r\n interfaces:\r\n sources:\r\n \ services: dhcpv6-client sap-hana-90 sap-nw-app-01 sap-nw-app-95 sap-nw-central-00 ssh\r\n ports:\r\n protocols:\r\n forward: yes\r\n masquerade: no\r\n forward-ports:\r\n source-ports:\r\n \ icmp-blocks:\r\n rich rules:\r\n```" change_url: https://github.com/sap-linuxlab/community.sap_install/pull/1168 child_jobs: [] commit_id: 360f94437aef7c673a40680b417cc6d79e81a727 event_id: 69a1f410-0cc8-11f1-9e48-701c03710fc5 executor: hostname: ze03.softwarefactory-project.io inventory_file: /var/lib/zuul/builds/9343d2a76b204de08c87f82ea23375c4/ansible/inventory.yaml log_root: /var/lib/zuul/builds/9343d2a76b204de08c87f82ea23375c4/work/logs result_data_file: /var/lib/zuul/builds/9343d2a76b204de08c87f82ea23375c4/work/results.json src_root: /var/lib/zuul/builds/9343d2a76b204de08c87f82ea23375c4/work/src work_root: /var/lib/zuul/builds/9343d2a76b204de08c87f82ea23375c4/work items: - branch: dev change: '1168' change_message: "sap_swpm: Update firewall steps\n\n## Changes\r\n- Remove existing firewall tasks:\r\n - pre_tasks, because they were configuring HANA firewall ports, which should not be done by SWPM role.\r\n - post_tasks: because firewall should be configured before SWPM.\r\n- Add new set of firewalla pre_tasks following contecept from `sap_operations.sap_firewall` role and https://github.com/sap-linuxlab/community.sap_install/pull/1157, https://github.com/sap-linuxlab/community.sap_install/pull/1156\r\n\r\nSame concept was used, but service template was split to allow precise port opening for enhanced security:\r\n- Central Services service file: ASCS, SCS, ERS\r\n- Applications service file: PAS, AAS, WD\r\n\r\n## Tests\r\nTested on SLES 15 SP7 on AWS using BW4HANA system with 1 ASCS, 1 PAS and 1 AAS.\r\n```console\r\nb01hana:~ # ls -la /etc/firewalld/services/\r\ntotal 16\r\ndrwxr-x--- 2 root root 108 Feb 18 12:43 .\r\ndrwxr-x--- 8 root root 149 Feb 4 05:38 ..\r\n-rw-r----- 1 root root 815 Feb 18 08:20 sap-hana-90.xml\r\n-rw-r----- 1 root root 698 Feb 18 12:43 sap-nw-app-01.xml\r\n-rw-r----- 1 root root 698 Feb 18 12:43 sap-nw-app-95.xml\r\n-rw-r----- 1 root root 509 Feb 18 12:42 sap-nw-central-00.xml\r\n```\r\n\r\n```console\r\nTASK [community.sap_install.sap_swpm : SAP SWPM - Firewall - Show details of configured firewall] **********************************************************\r\n [started TASK: community.sap_install.sap_swpm : SAP SWPM - Firewall - Show details of configured firewall on b01hana]\r\nok: [b01hana] =>\r\n msg: |-\r\n Firewall was configured for SAP Netweaver instances and reloaded.\r\n \ Output of command 'firewall-cmd --list-all':\r\n You're performing an operation over default zone ('public'),\r\n but your connections/interfaces are in zone 'docker' (see --get-active-zones)\r\n You most likely need to use --zone=docker option.\r\n\r\n public\r\n target: default\r\n icmp-block-inversion: no\r\n interfaces:\r\n \ sources:\r\n services: dhcpv6-client sap-hana-90 sap-nw-app-01 sap-nw-app-95 sap-nw-central-00 ssh\r\n ports:\r\n protocols:\r\n \ forward: yes\r\n masquerade: no\r\n forward-ports:\r\n \ source-ports:\r\n icmp-blocks:\r\n rich rules:\r\n```" change_url: https://github.com/sap-linuxlab/community.sap_install/pull/1168 commit_id: 360f94437aef7c673a40680b417cc6d79e81a727 patchset: 360f94437aef7c673a40680b417cc6d79e81a727 project: canonical_hostname: github.com canonical_name: github.com/sap-linuxlab/community.sap_install name: sap-linuxlab/community.sap_install short_name: community.sap_install src_dir: src/github.com/sap-linuxlab/community.sap_install topic: null job: ansible-galaxy-importer jobtags: [] max_attempts: 3 message: c2FwX3N3cG06IFVwZGF0ZSBmaXJld2FsbCBzdGVwcwoKIyMgQ2hhbmdlcw0KLSBSZW1vdmUgZXhpc3RpbmcgZmlyZXdhbGwgdGFza3M6DQogIC0gcHJlX3Rhc2tzLCBiZWNhdXNlIHRoZXkgd2VyZSBjb25maWd1cmluZyBIQU5BIGZpcmV3YWxsIHBvcnRzLCB3aGljaCBzaG91bGQgbm90IGJlIGRvbmUgYnkgU1dQTSByb2xlLg0KICAtIHBvc3RfdGFza3M6IGJlY2F1c2UgZmlyZXdhbGwgc2hvdWxkIGJlIGNvbmZpZ3VyZWQgYmVmb3JlIFNXUE0uDQotIEFkZCBuZXcgc2V0IG9mIGZpcmV3YWxsYSBwcmVfdGFza3MgZm9sbG93aW5nIGNvbnRlY2VwdCBmcm9tIGBzYXBfb3BlcmF0aW9ucy5zYXBfZmlyZXdhbGxgIHJvbGUgYW5kIGh0dHBzOi8vZ2l0aHViLmNvbS9zYXAtbGludXhsYWIvY29tbXVuaXR5LnNhcF9pbnN0YWxsL3B1bGwvMTE1NywgaHR0cHM6Ly9naXRodWIuY29tL3NhcC1saW51eGxhYi9jb21tdW5pdHkuc2FwX2luc3RhbGwvcHVsbC8xMTU2DQoNClNhbWUgY29uY2VwdCB3YXMgdXNlZCwgYnV0IHNlcnZpY2UgdGVtcGxhdGUgd2FzIHNwbGl0IHRvIGFsbG93IHByZWNpc2UgcG9ydCBvcGVuaW5nIGZvciBlbmhhbmNlZCBzZWN1cml0eToNCi0gQ2VudHJhbCBTZXJ2aWNlcyBzZXJ2aWNlIGZpbGU6IEFTQ1MsIFNDUywgRVJTDQotIEFwcGxpY2F0aW9ucyBzZXJ2aWNlIGZpbGU6IFBBUywgQUFTLCBXRA0KDQojIyBUZXN0cw0KVGVzdGVkIG9uIFNMRVMgMTUgU1A3IG9uIEFXUyB1c2luZyBCVzRIQU5BIHN5c3RlbSB3aXRoIDEgQVNDUywgMSBQQVMgYW5kIDEgQUFTLg0KYGBgY29uc29sZQ0KYjAxaGFuYTp+ICMgbHMgLWxhIC9ldGMvZmlyZXdhbGxkL3NlcnZpY2VzLw0KdG90YWwgMTYNCmRyd3hyLXgtLS0gMiByb290IHJvb3QgMTA4IEZlYiAxOCAxMjo0MyAuDQpkcnd4ci14LS0tIDggcm9vdCByb290IDE0OSBGZWIgIDQgMDU6MzggLi4NCi1ydy1yLS0tLS0gMSByb290IHJvb3QgODE1IEZlYiAxOCAwODoyMCBzYXAtaGFuYS05MC54bWwNCi1ydy1yLS0tLS0gMSByb290IHJvb3QgNjk4IEZlYiAxOCAxMjo0MyBzYXAtbnctYXBwLTAxLnhtbA0KLXJ3LXItLS0tLSAxIHJvb3Qgcm9vdCA2OTggRmViIDE4IDEyOjQzIHNhcC1udy1hcHAtOTUueG1sDQotcnctci0tLS0tIDEgcm9vdCByb290IDUwOSBGZWIgMTggMTI6NDIgc2FwLW53LWNlbnRyYWwtMDAueG1sDQpgYGANCg0KYGBgY29uc29sZQ0KVEFTSyBbY29tbXVuaXR5LnNhcF9pbnN0YWxsLnNhcF9zd3BtIDogU0FQIFNXUE0gLSBGaXJld2FsbCAtIFNob3cgZGV0YWlscyBvZiBjb25maWd1cmVkIGZpcmV3YWxsXSAqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqDQogW3N0YXJ0ZWQgVEFTSzogY29tbXVuaXR5LnNhcF9pbnN0YWxsLnNhcF9zd3BtIDogU0FQIFNXUE0gLSBGaXJld2FsbCAtIFNob3cgZGV0YWlscyBvZiBjb25maWd1cmVkIGZpcmV3YWxsIG9uIGIwMWhhbmFdDQpvazogW2IwMWhhbmFdID0+DQogICAgbXNnOiB8LQ0KICAgICAgICBGaXJld2FsbCB3YXMgY29uZmlndXJlZCBmb3IgU0FQIE5ldHdlYXZlciBpbnN0YW5jZXMgYW5kIHJlbG9hZGVkLg0KICAgICAgICBPdXRwdXQgb2YgY29tbWFuZCAnZmlyZXdhbGwtY21kIC0tbGlzdC1hbGwnOg0KICAgICAgICBZb3UncmUgcGVyZm9ybWluZyBhbiBvcGVyYXRpb24gb3ZlciBkZWZhdWx0IHpvbmUgKCdwdWJsaWMnKSwNCiAgICAgICAgYnV0IHlvdXIgY29ubmVjdGlvbnMvaW50ZXJmYWNlcyBhcmUgaW4gem9uZSAnZG9ja2VyJyAoc2VlIC0tZ2V0LWFjdGl2ZS16b25lcykNCiAgICAgICAgWW91IG1vc3QgbGlrZWx5IG5lZWQgdG8gdXNlIC0tem9uZT1kb2NrZXIgb3B0aW9uLg0KDQogICAgICAgIHB1YmxpYw0KICAgICAgICAgIHRhcmdldDogZGVmYXVsdA0KICAgICAgICAgIGljbXAtYmxvY2staW52ZXJzaW9uOiBubw0KICAgICAgICAgIGludGVyZmFjZXM6DQogICAgICAgICAgc291cmNlczoNCiAgICAgICAgICBzZXJ2aWNlczogZGhjcHY2LWNsaWVudCBzYXAtaGFuYS05MCBzYXAtbnctYXBwLTAxIHNhcC1udy1hcHAtOTUgc2FwLW53LWNlbnRyYWwtMDAgc3NoDQogICAgICAgICAgcG9ydHM6DQogICAgICAgICAgcHJvdG9jb2xzOg0KICAgICAgICAgIGZvcndhcmQ6IHllcw0KICAgICAgICAgIG1hc3F1ZXJhZGU6IG5vDQogICAgICAgICAgZm9yd2FyZC1wb3J0czoNCiAgICAgICAgICBzb3VyY2UtcG9ydHM6DQogICAgICAgICAgaWNtcC1ibG9ja3M6DQogICAgICAgICAgcmljaCBydWxlczoNCmBgYA== patchset: 360f94437aef7c673a40680b417cc6d79e81a727 pipeline: third-party-check playbook_context: playbook_projects: trusted/project_0/github.com/ansible/zuul-config: canonical_name: github.com/ansible/zuul-config checkout: master commit: 37fffa04f493d219128c726e720c43c411d2b7f0 trusted/project_1/opendev.org/zuul/zuul-jobs: canonical_name: opendev.org/zuul/zuul-jobs checkout: master commit: 571c0efa3491d12ecb8fc1169c510716d55c0fc2 untrusted/project_0/github.com/ansible/ansible-zuul-jobs: canonical_name: github.com/ansible/ansible-zuul-jobs checkout: master commit: 192320b9d41936ac6065fcaf6e286bf4dca783a5 untrusted/project_1/github.com/ansible/zuul-config: canonical_name: github.com/ansible/zuul-config checkout: master commit: 37fffa04f493d219128c726e720c43c411d2b7f0 untrusted/project_2/opendev.org/zuul/zuul-jobs: canonical_name: opendev.org/zuul/zuul-jobs checkout: master commit: 571c0efa3491d12ecb8fc1169c510716d55c0fc2 playbooks: - path: untrusted/project_0/github.com/ansible/ansible-zuul-jobs/playbooks/ansible-galaxy-importer/run.yaml roles: - checkout: master checkout_description: playbook branch link_name: ansible/playbook_0/role_0/zuul-jobs link_target: untrusted/project_0/github.com/ansible/ansible-zuul-jobs role_path: ansible/playbook_0/role_0/zuul-jobs/roles - checkout: master checkout_description: project default branch link_name: ansible/playbook_0/role_1/zuul-config link_target: untrusted/project_1/github.com/ansible/zuul-config role_path: ansible/playbook_0/role_1/zuul-config/roles - checkout: master checkout_description: project default branch link_name: ansible/playbook_0/role_2/zuul-jobs link_target: untrusted/project_2/opendev.org/zuul/zuul-jobs role_path: ansible/playbook_0/role_2/zuul-jobs/roles post_review: false project: canonical_hostname: github.com canonical_name: github.com/sap-linuxlab/community.sap_install name: sap-linuxlab/community.sap_install short_name: community.sap_install src_dir: src/github.com/sap-linuxlab/community.sap_install projects: github.com/ansible-network/releases: canonical_hostname: github.com canonical_name: github.com/ansible-network/releases checkout: master checkout_description: project default branch commit: 646b310655c531e4904be07f4ff8fc3a29addd09 name: ansible-network/releases required: true short_name: releases src_dir: src/github.com/ansible-network/releases github.com/sap-linuxlab/community.sap_install: canonical_hostname: github.com canonical_name: github.com/sap-linuxlab/community.sap_install checkout: dev checkout_description: zuul branch commit: 0adc01c6fba32456d2fa51961c69c80022cd183e name: sap-linuxlab/community.sap_install required: false short_name: community.sap_install src_dir: src/github.com/sap-linuxlab/community.sap_install ref: refs/pull/1168/head resources: {} tenant: ansible timeout: 1800 topic: null voting: true zuul_use_fetch_output: true