Skip to content

zpe.nodegrid.firewall fails on whitespace #74

New issue
New issue
Open
Open
zpe.nodegrid.firewall fails on whitespace#74
@m-hau

Description

@m-hau
m-hau
opened on Jul 22, 2025

The zpe.nodegrid.firewall module does not properly quote the values when building the cli commands to execute, resulting in a failure if the values contain whitespace.

Running this simple example playbook:

- hosts: all 
  tasks:
    - zpe.nodegrid.firewall:
        debug: true
        ipv4_firewall:
          chains:
            INPUT:
              - rule_number: 0
                description: my comment
                log_prefix: "[my prefix] "

results in

TASK [zpe.nodegrid.firewall] *********************
fatal: [nodegrid]: FAILED! => 
    changed: true
    cmds:
    -   cmd: config_start
    -   cmd: cd /settings/ipv4_firewall/chains/INPUT/0
    -   cmd: set description=my comment
    -   cmd: 'set log_prefix=[my prefix] '
    -   cmd: set rule_number=0
    -   cmd: set target=ACCEPT
    -   cmd: commit
    -   cmd: config_confirm
    cmds_output:
    -   command: config_start
        error: false
        json: []
        stdout: |-
            config_start
            [ansible@nodegrid /
        stdout_lines:
        - "\aconfig_start"
        - '[ansible@nodegrid /'
    -   command: cd /settings/ipv4_firewall/chains/INPUT/0
        error: false
        json: []
        stdout: |-
            cd /settings/ipv4_firewall/chains/INPUT/0
            [ansible@nodegrid 0
        stdout_lines:
        - cd /settings/ipv4_firewall/chains/INPUT/0
        - '[ansible@nodegrid 0'
    -   command: set description=my comment
        error: true
        json:
        - 'Error: Invalid argument for command: set'
        stdout: |-
            set description=my comment

            Error: Invalid argument for command: set
            [ansible@nodegrid 0
    message: ''
    msg: ''

As a workaround, you can include the requires quotes in the value itself, e.g. description: "'my comment'". But this has the downside that this value will never be equal to the "current value", and thus always create a diff and trigger a change.

As a related side note: When a persistent ssh connection is used, executing the playbook again will fail with a different error, because the configuration transaction is never properly closed/canceled when an error happens.

TASK [zpe.nodegrid.firewall] *********************
fatal: [nodegrid]: FAILED! => 
    changed: false
    cmds:
    -   cmd: config_start
    -   cmd: cd /settings/ipv4_firewall/chains/INPUT/0
    -   cmd: 'set log_prefix=[my prefix] '
    -   cmd: set rule_number=0
    -   cmd: set target=ACCEPT
    -   cmd: commit
    -   cmd: config_confirm
    cmds_output:
    -   command: config_start
        error: true
        json: []
        stdout: |-
            config_start

            Error: Another configuration transaction is underway.

            [ansible@nodegrid /
    message: ''
    msg: ''

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions