ufw does not support rule removal. For a particular project (a task queue on a
cloud adhoc HPC cluster), I have had the occasion to test it in a relatively
massive parallel rate (20 concurrent uses). I have experienced:
- nice behaviour when adding rules,
- bad behaviour when removing rules.
I was triggering ufw with ansible parallel playbooks execution.
When removing rules the defect rate was high (as soon as more than two
playbooks were launched together, some of the rules were not deleted).
In that case, ufw fails silently, which is quite bad.
As a counter measure I used task-spooler (apt install task-spooler) I changed
my ansible task from:
```yaml
community.general.ufw:
from_ip: "{{ hostvars[nodename].ipv4 }}"
rule: allow
delete: yes
```
to
```yaml
ansible.builtin.script:
cmd: /usr/bin/tsp /usr/sbin/ufw delete allow from "{{
hostvars[nodename].ipv4 }}"
become: true
```
This solved the issue.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1204579
Title:
ufw doesn't support concurrent updates
To manage notifications about this bug go to:
https://bugs.launchpad.net/ufw/+bug/1204579/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
