Firewall-cmd throws ModuleNotFoundError

Morning all. I may have dug myself into a hole here.

I’ve been writing an ansible role to configure my fileserver, and I’ve been running into some trouble with the ansible.posix.firewalld module. This was throwing errors suggesting the interpreter was the wrong one (fair enough, I had recently manually installed python311 because the built in 3.6 was giving me issues) and decided to SSH into the box and do it manually.
Here, I discovered that I couldn’t do anything with firewall-cmd because it can’t import the module ‘firewall’. This is strange to me because zypper tells me I do indeed have python3-firewall installed.

Any idea what I might be doing wrong here? I’m sure it must be something to do with installing multiple versions of python, I noticed for example that in spite of 3.11 being available, /usr/bin/python3 was still symlinked to 3.6, which I changed to see if it had any effect.

Let me know what other info I can provide, I’m a bit of a noob here so apologies if I’m missing the most obvious things. Thanks!

Welcome to the openSUSE forums.

I can tell you one thing, that telling stories like: “when I do …, it tells me …” are not what people want to see, because they are only your interpretations from what you see. And they want to see the original stuff. This because every character may tell things you think are unimportant.

Thus copy/paste from your terminal emulator starting with the line containing the prompt and the command, all output and the line with the new prompt. Past as Preformatted text (the button </> from the tool bar of the post editor, or put ``` above and below the text).

1 Like

Fair point, thanks. Here’s the output of firewall-cmd:

Traceback (most recent call last):
  File "/usr/bin/firewall-cmd", line 31, in <module>
    from firewall.client import FirewallClient, FirewallClientIPSetSettings, \
ModuleNotFoundError: No module named 'firewall'

And the output of zypper search firewall:

S  | Name                        | Summary                                                             | Type
---+-----------------------------+---------------------------------------------------------------------+-----------
   | firewall-applet             | Firewall panel applet                                               | package
   | firewall-config             | Firewall configuration application                                  | package
   | firewall-macros             | FirewallD RPM macros                                                | package
i+ | firewalld                   | A firewall daemon with D-Bus interface providing a dynamic firewall | package
   | firewalld                   | A firewall daemon with D-Bus interface providing a dynamic firewall | srcpackage
i  | firewalld-lang              | Translations for package firewalld                                  | package
   | firewalld-prometheus-config | Firewalld configuration file for Prometheus                         | package
   | firewalld-rpcbind-helper    | Tool for static port assignment of NFSv3, ypserv, ypbind services   | package
   | HANA-Firewall               | Generate firewalld service definitions for SAP HANA                 | srcpackage
   | HANA-Firewall               | Generate firewalld service definitions for SAP HANA                 | package
   | keylime-firewalld           | Firewalld service file for keylime                                  | package
   | plasma5-firewall            | Config Module for the System Firewall                               | srcpackage
   | plasma5-firewall            | Config Module for the System Firewall                               | package
   | plasma5-firewall-lang       | Translations for package plasma5-firewall                           | package
i+ | python3-firewall            | Python3 bindings for FirewallD                                      | package
   | SuSEfirewall2               | Stateful Packet Filter Using iptables and netfilter                 | package
   | susefirewall2-to-firewalld  | Basic SuSEfirewall2 to FirewallD migration script                   | package
i  | yast2-firewall              | YaST2 - Firewall Configuration                                      | package
   | yast2-firewall              | YaST2 - Firewall Configuration                                      | srcpackage

I hope now others can come to your help.
BUT, you apparently missed what I said:

First because copy/pasting what is already there is probably more easy then typing:

and secondly because we now miss that and it e.g. could tell us if you executed this “as root” and what your working directory is. All things that might or might not be important for a specific case, but it is sooo easy to copy/paste.

Show

ls -l /usr/bin/python3

I see what you mean. I missed out the prompt because it’s custom and doesn’t show whether I’m root or not, but you wouldn’t know that unless I told you.

~ > ls -l /usr/bin/python3
lrwxrwxrwx 1 root root 19 Jun  8 09:21 /usr/bin/python3 -> /usr/bin/python3.11

I’d set up this symlink before because ansible.legacy.setup had thrown this exception:

Traceback (most recent call last):
  File "/home/blorf/.ansible/tmp/ansible-tmp-1717851503.717052-24877-160241396993147/AnsiballZ_setup.py", line 107, in <module>
    _ansiballz_main()
  File "/home/blorf/.ansible/tmp/ansible-tmp-1717851503.717052-24877-160241396993147/AnsiballZ_setup.py", line 99, in _ansiballz_main
    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
  File "/home/blorf/.ansible/tmp/ansible-tmp-1717851503.717052-24877-160241396993147/AnsiballZ_setup.py", line 44, in invoke_module
    from ansible.module_utils import basic
  File "<frozen importlib._bootstrap>", line 971, in _find_and_load
  File "<frozen importlib._bootstrap>", line 951, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 894, in _find_spec
  File "<frozen importlib._bootstrap_external>", line 1157, in find_spec
  File "<frozen importlib._bootstrap_external>", line 1131, in _get_spec
  File "<frozen importlib._bootstrap_external>", line 1112, in _legacy_get_spec
  File "<frozen importlib._bootstrap>", line 441, in spec_from_loader
  File "<frozen importlib._bootstrap_external>", line 544, in spec_from_file_location
  File "/tmp/ansible_ansible.legacy.setup_payload_bpeuy_lf/ansible_ansible.legacy.setup_payload.zip/ansible/module_utils/basic.py", line 5
SyntaxError: future feature annotations is not defined

…and using a more modern interpreter had solved this issue. In fact, I tried out a few different interpreters. In interactive use, 3.6 seems to work:

~ > sudo ln -sf /usr/bin/python3.6 /usr/bin/python3
~ > firewall-cmd
usage: see firewall-cmd man page
No option specified.
~ > sudo ln -sf /usr/bin/python3.6m /usr/bin/python3
~ > firewall-cmd
usage: see firewall-cmd man page
No option specified.

But that’s not very useful to me because my Ansible playbook fails at the first step (Gathering Facts). Even setting up the firewalld task itself to use python3.6 doesn’t work, but that’s beside the point I think, because it’s down to how that Ansible module is written.
Out of interest, I also tried the command with a slightly more recent version:

~ > sudo ln -sf /usr/bin/python3.9 /usr/bin/python3
~ > firewall-cmd
Traceback (most recent call last):
  File "/usr/bin/firewall-cmd", line 24, in <module>
    from gi.repository import GObject
ModuleNotFoundError: No module named 'gi'

The system Python3 version is Python 3.6. You broke it, now every program built for the system Python is broken.

Then start new topic and describe your actual problem. This one is solved.

The system Python3 version is Python 3.6. You broke it, now every program built for the system Python is broken.

Irreparably?

Then start new topic and describe your actual problem. This one is solved.

I suppose the actual problem is that I don’t quite understand how different Python versions work in Leap. I’d assumed that if /usr/bin/python3 was a symlink to Python 3.6 it could also be a symlink to 3.11 (or one of the other available interpreters).

Is there any official guidance on what to do if you need 3.11 but the modules you need don’t have a 3.11 version in the repos?

Thanks very much for your help, as I said in the beginning I’m new to this distro so I appreciate you taking the time.

You restored the link and it worked.

There is the single system version. All Python programs that are part of Leap are built against this version. There is also basic support for different versions, but it is limited to the interpreter itself. No additional modules/programs are built against these different versions.

Build modules for 3.11.

But you really should consider Python virtual environments or containers (e.g. distrobox aims at tight integration with host so you may run Tumbleweed distrobox container with 3.11 on Leap).

Leap 15.6 comes with Python 3.11. 15.6 should be feature complete so you may consider updating to it.

Sounds good, I’ll look into that then. Thanks!

Sorry, I was wrong. I have seen it on some announcement page. Now I updated by 15.4 to 15.6 and 15.6 comes with the same system Python 3.6.15.

I just noticed the same thing myself. I’d had the same understanding of the announcement but on a second look it does say that the standard is still 3.6
Interestingly, after updating my server and adjusting the ansible playbook to use the Python3.11 interpreter, any tasks depending on python3-firewall still fail saying it’s not up to date. I’ll have to take a closer look at what version of the module that is

Hi arvidjaar,
I am genuinely puzzled. As you said, Python 3.11 is supposed to be there:
https://en.opensuse.org/index.php?title=Features_15.6&redirect=no#Transition_to_Python_3.11

When I search for python with zypper --releasever=15.6 se -s python3 it threw masses of packages, a lot named python311* claiming python311 is already installed. So I got this:

pluto:~ # LANG=C zypper if python3
Refreshing service 'NVIDIA'.
Refreshing service 'openSUSE'.
Loading repository data...
Reading installed packages...


Information for package python3:
--------------------------------
Repository     : update-sle (15.5)
Name           : python3
Version        : 3.6.15-150300.10.60.1
Arch           : x86_64
Vendor         : SUSE LLC <https://www.suse.com/>
Installed Size : 141.3 KiB
Installed      : Yes
Status         : up-to-date
Source package : python3-3.6.15-150300.10.60.1.src
Upstream URL   : https://www.python.org/
Summary        : Python 3 Interpreter
Description    : 
    Python 3 is modern interpreted, object-oriented programming language,
    often compared to Tcl, Perl, Scheme, or Java.  You can find an overview
    of Python in the documentation and tutorials included in the python3-doc
    package.

    This package supplies rich command line features provided by readline,
    and sqlite3 support for the interpreter core, thus forming a so called
    "extended" runtime.
    Installing "python3" is sufficient for the vast majority of usecases.
    In addition, recommended packages provide UI toolkit support (python3-curses,
    python3-tk), legacy UNIX database bindings (python3-dbm), and the IDLE
    development environment (python3-idle).

pluto:~ # LANG=C zypper if python311
Refreshing service 'NVIDIA'.
Refreshing service 'openSUSE'.
Loading repository data...
Reading installed packages...


Information for package python311:
----------------------------------
Repository     : update-sle (15.5)
Name           : python311
Version        : 3.11.9-150400.9.26.1
Arch           : x86_64
Vendor         : SUSE LLC <https://www.suse.com/>
Installed Size : 207.9 KiB
Installed      : Yes (automatically)
Status         : up-to-date
Source package : python311-3.11.9-150400.9.26.1.src
Upstream URL   : https://www.python.org/
Summary        : Python 3 Interpreter
Description    : 
    Python 3 is modern interpreted, object-oriented programming language,
    often compared to Tcl, Perl, Scheme, or Java.  You can find an overview
    of Python in the documentation and tutorials included in the python3-doc
    package.

    This package supplies rich command line features provided by readline,
    and sqlite3 support for the interpreter core, thus forming a so called
    "extended" runtime.
    Installing "python3" is sufficient for the vast majority of usecases.
    In addition, recommended packages provide UI toolkit support (python3-curses,
    python3-tk), legacy UNIX database bindings (python3-dbm), and the IDLE
    development environment (python3-idle).

pluto:~ # 

Honestly, I have no idea. What’s with these packages python311* and why would the transition to 3.11 be worth mentioning if it’s already available in Leap 15.5?
Would the version of the package “python311” have to be to changed to the package “python3” with the version 3.11?
BTW, there’s even packages python312* … :thinking: :