First deploy tests fail - due to private-IP/NAT-problem?


i’m doing my first deploy tests with a test project and looks like ansible fails with ferm for me.

Here’s my log/output:

TASK: [ferm | ensure iptables rules are enabled] ****************************** 
failed: [] => {"changed": false, "cmd": ["ferm", "--slow", "/etc/ferm/ferm.conf"], "delta": "0:00:00.330372", "end": "2015-09-18 14:01:44.816909", "rc": 1, "start": "2015-09-18 14:01:44.486537", "warnings": []}
stderr: iptables: No chain/target/match by that name.

Firewall rules rolled back.

NOTIFIED: [fail2ban | restart fail2ban] *************************************** 
changed: []

NOTIFIED: [ferm | restart ferm] *********************************************** 
failed: [] => {"failed": true}
msg: iptables: No chain/target/match by that name.

Firewall rules rolled back.

PLAY RECAP ******************************************************************** 
           to retry, use: --limit @/Users/helmi/server.retry             : ok=24   changed=15   unreachable=0    failed=2   

Don’t worry about the IP address being public - this is just a test machine that i will delete afterwards.

May there be a problem with the fact that this servers network interface only has a private IP instead of the public IP? I guess the provider does a NAT to map the public to the private IP, the interface itself only has a private one:

# ifconfig -a

eth0      Link encap:Ethernet  HWaddr 00:07:cb:03:2a:69  
          inet addr:  Bcast:  Mask:
          inet6 addr: fe80::207:cbff:fe03:2a69/64 Scope:Link
          RX packets:2631956 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2059778 errors:0 dropped:7 overruns:0 carrier:0
          collisions:0 txqueuelen:532 
          RX bytes:381706753 (381.7 MB)  TX bytes:3104558709 (3.1 GB)

The playbook stops at this point so i can’t continue testing. Is there anything i can reconfigure for such a case?


Haven’t ever seen or come across that error, but the easy solution for the time being is just to skip ferm by setting ferm_enabled: false.

You could further debug by looking at the generated /etc/ferm/ferm.conf and the files in /etc/ferm/conf.d to see what’s going on. You could then try commenting things out until you got it working to actually narrow down the problem.

By default we only apply a few basic ferm rules:

1 Like

I should also point out there’s a ton of results on Google for exactly this error. You can probably assume it’s not directly a problem with Trellis/Ansible but with ferm and your networking setup (not saying you caused it though :smile:)

1 Like

thanks, @swalkinshaw. Probably it was a bit too optimistic to try it on an arm based Ubuntu :smile:

Even when disabling ferm this led to serveral other problems. I switched to DigitalOcean for a bit more easiness :wink:

And i’ve come way further but i’m stuck a bit. I enabled hhvm which made ansible not skip the php5-fpm installation which i think should be right but then in the deploy process it seems to want to restart php5-fpm what i don’t understand.

TASK: [deploy | Run post_finalize_commands] *********************************** 
changed: [] => (item=if wp core is-installed; then wp eval 'wp_clean_themes_cache(); switch_theme(get_stylesheet());'; fi)
failed: [] => (item=sudo service php5-fpm reload) => {"changed": true, "cmd": "sudo service php5-fpm reload", "delta": "0:00:00.037030", "end": "2015-09-18 16:48:38.742472", "item": "sudo service php5-fpm reload", "rc": 1, "start": "2015-09-18 16:48:38.705442", "warnings": []}
stderr: php5-fpm: unrecognized service

or am I probably just understanding things wrong?

That’s a known bug:

We’re actively working on HHVM fixes here:

In the meantime I wouldn’t use it. Please start a new thread if you have further separate issues. We don’t like these threads continuing on with multiple different subjects.

1 Like

won’t happen again. sorry.

If you want just split it out and link it - looks like my karma isn’t yet good enough to do so myself.