If you don't want to do these steps then I recommend using v0.7.2 if you still want the ansible functionality, otherwise just use v0.8.0.

The generated inventory will lock you out of your server because it never writes the rule to allow ssh connections from your IP (don't worry this is dynamically obtained at the start of every ansible run).

To get around this for now you need to do:

• cd into your inventory directory
• touch group_vars/app.yml
• cd into your playbook directory
• edit site.yml

In site.yml at line 25:

      ferm_input_list:
        - type: "dport_accept"
          dport: ["http", "https"]

• Change ferm_input_list to ferm_input_group_list
• Copy those 3 lines.
• Delete lines 23-27 (there should be no trace of ferm in your app play)
• Go back to your inventory directory
• Edit group_vars/app.yml and paste in those 3 lines

Your app.yml should now look like this:

---
ferm_input_group_list:
  - type: "dport_accept"
    dport: ["http", "https"]

• Login to your provider's control panel and gain access to your server
• On your server... sudo nano /etc/ferm/filter-input.d/10_ansible_controller.conf

Edit 10_ansible_controller.conf to look like this:

# replace X.X.X.X with your work station's IP address.
protocol tcp dport ssh saddr X.X.X.X ACCEPT;

• Save that file and sudo service ferm reload

You should now be able to perform an ansible playbook run, do a run with --tags common and you will be good to go.