Open
Description
SUMMARY
In my ansible playbook I create a firewall and it's successful. Then I create a droplet and apply the firewall to it, but it fails without a message. In Digital Ocean the droplet exists and is correctly configured with the firewall applied.
ISSUE TYPE
- Bug Report
COMPONENT NAME
- digital_ocean_droplet module
- digital_ocean_firewall
ANSIBLE VERSION
ansible [core 2.14.2]
config file = None
configured module search path = ['/home/kfike/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/kfike/Projects/sage/.venv/lib/python3.10/site-packages/ansible
ansible collection location = /home/kfike/.ansible/collections:/usr/share/ansible/collections
executable location = /home/kfike/Projects/sage/.venv/bin/ansible
python version = 3.10.6 (main, Nov 14 2022, 16:10:14) [GCC 11.3.0] (/home/kfike/Projects/sage/.venv/bin/python3)
jinja version = 3.1.2
libyaml = True
COLLECTION VERSION
# /home/kfike/Projects/sage/.venv/lib/python3.10/site-packages/ansible_collections
Collection Version
---------------------- -------
community.digitalocean 1.23.0
CONFIGURATION
CONFIG_FILE() = None
OS / ENVIRONMENT
- Local machine is running Ubuntu 22.04
- The playbook is being run in a python venv
STEPS TO REPRODUCE
My ansible playbook:
- hosts: localhost
vars:
digital_ocean_token: '{{ lookup("env", "DO_API_TOKEN") }}'
droplet_size: s-1vcpu-1gb
droplet_region: nyc1
droplet_image: ubuntu-22-04-x64
tasks:
- name: Create firewall named "sage.test"
community.digitalocean.digital_ocean_firewall:
name: "sage.test"
inbound_rules:
- protocol: "tcp"
ports: "22"
sources:
addresses: ["0.0.0.0/0", "::/0"]
outbound_rules:
- protocol: "tcp"
ports: "587"
destinations:
addresses: ["0.0.0.0/0", "::/0"]
- name: Create a new Droplet
digital_ocean_droplet:
name: sage.prod
oauth_token: "{{ digital_ocean_token }}"
size: "{{ droplet_size }}"
region: "{{ droplet_region }}"
image: "{{ droplet_image }}"
firewall: ['sage.test']
wait_timeout: 600
unique_name: yes
state: present
with_inventory_hostnames:
- web
register: droplet_resultEXPECTED RESULTS
I expect that either:
a. If there is an "ok" response, then the droplet has been created with the firewall applied to it.
b. If there is a "failed" response, then the droplet has not been created and there is an error message.
ACTUAL RESULTS
Command:
exec ansible-playbook -i inventory_prod.yml create_droplet_prod.yml --ask-become-pass -vvvvResults:
ansible-playbook [core 2.14.2]
config file = None
configured module search path = ['/home/kfike/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/kfike/Projects/sage/.venv/lib/python3.10/site-packages/ansible
ansible collection location = /home/kfike/.ansible/collections:/usr/share/ansible/collections
executable location = /home/kfike/Projects/sage/.venv/bin/ansible-playbook
python version = 3.10.6 (main, Nov 14 2022, 16:10:14) [GCC 11.3.0] (/home/kfike/Projects/sage/.venv/bin/python3)
jinja version = 3.1.2
libyaml = True
No config file found; using defaults
BECOME password:
setting up inventory plugins
host_list declined parsing /home/kfike/Projects/sage/ansible/inventory_ephemoral.yml as it did not pass its verify_file() method
script declined parsing /home/kfike/Projects/sage/ansible/inventory_ephemoral.yml as it did not pass its verify_file() method
Parsed /home/kfike/Projects/sage/ansible/inventory_ephemoral.yml inventory source with yaml plugin
redirecting (type: modules) ansible.builtin.digital_ocean_sshkey to community.digitalocean.digital_ocean_sshkey
Loading collection community.digitalocean from /home/kfike/Projects/sage/.venv/lib/python3.10/site-packages/ansible_collections/community/digitalocean
redirecting (type: modules) ansible.builtin.digital_ocean_droplet to community.digitalocean.digital_ocean_droplet
redirecting (type: modules) ansible.builtin.digital_ocean_droplet to community.digitalocean.digital_ocean_droplet
Loading callback plugin default of type stdout, v2.0 from /home/kfike/Projects/sage/.venv/lib/python3.10/site-packages/ansible/plugins/callback/default.py
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
PLAYBOOK: create_droplet_prod.yml **********************************************************************************************************************************************************
Positional arguments: create_droplet_prod.yml
verbosity: 4
connection: smart
timeout: 10
become_method: sudo
become_ask_pass: True
tags: ('all',)
inventory: ('/home/kfike/Projects/sage/ansible/inventory_ephemoral.yml',)
forks: 5
1 plays in create_droplet_prod.yml
PLAY [localhost] ********************************************************************************************************************************************************************************
TASK [Gathering Facts] **************************************************************************************************************************************************************************
task path: /home/kfike/Projects/sage/ansible/create_droplet_prod.yml:1
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: kfike
<127.0.0.1> EXEC /bin/sh -c 'echo ~kfike && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/kfike/.ansible/tmp `"&& mkdir "` echo /home/kfike/.ansible/tmp/ansible-tmp-1676946664.4793735-843883-202959505704703 `" && echo ansible-tmp-1676946664.4793735-843883-202959505704703="` echo /home/kfike/.ansible/tmp/ansible-tmp-1676946664.4793735-843883-202959505704703 `" ) && sleep 0'
Using module file /home/kfike/Projects/sage/.venv/lib/python3.10/site-packages/ansible/modules/setup.py
<127.0.0.1> PUT /home/kfike/.ansible/tmp/ansible-local-843821fcyi2beg/tmpb2kwf43t TO /home/kfike/.ansible/tmp/ansible-tmp-1676946664.4793735-843883-202959505704703/AnsiballZ_setup.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /home/kfike/.ansible/tmp/ansible-tmp-1676946664.4793735-843883-202959505704703/ /home/kfike/.ansible/tmp/ansible-tmp-1676946664.4793735-843883-202959505704703/AnsiballZ_setup.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/home/kfike/Projects/sage/.venv/bin/python3 /home/kfike/.ansible/tmp/ansible-tmp-1676946664.4793735-843883-202959505704703/AnsiballZ_setup.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/kfike/.ansible/tmp/ansible-tmp-1676946664.4793735-843883-202959505704703/ > /dev/null 2>&1 && sleep 0'
ok: [localhost]
TASK [Create firewall named "sage.test"] ********************************************************************************************************************************************************
task path: /home/kfike/Projects/sage/ansible/create_droplet_prod.yml:19
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: kfike
<127.0.0.1> EXEC /bin/sh -c 'echo ~kfike && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/kfike/.ansible/tmp `"&& mkdir "` echo /home/kfike/.ansible/tmp/ansible-tmp-1676946667.2786705-844287-52719806372646 `" && echo ansible-tmp-1676946667.2786705-844287-52719806372646="` echo /home/kfike/.ansible/tmp/ansible-tmp-1676946667.2786705-844287-52719806372646 `" ) && sleep 0'
Using module file /home/kfike/Projects/sage/.venv/lib/python3.10/site-packages/ansible_collections/community/digitalocean/plugins/modules/digital_ocean_firewall.py
<127.0.0.1> PUT /home/kfike/.ansible/tmp/ansible-local-843821fcyi2beg/tmp8kx2yoq5 TO /home/kfike/.ansible/tmp/ansible-tmp-1676946667.2786705-844287-52719806372646/AnsiballZ_digital_ocean_firewall.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /home/kfike/.ansible/tmp/ansible-tmp-1676946667.2786705-844287-52719806372646/ /home/kfike/.ansible/tmp/ansible-tmp-1676946667.2786705-844287-52719806372646/AnsiballZ_digital_ocean_firewall.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/home/kfike/Projects/sage/.venv/bin/python3 /home/kfike/.ansible/tmp/ansible-tmp-1676946667.2786705-844287-52719806372646/AnsiballZ_digital_ocean_firewall.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/kfike/.ansible/tmp/ansible-tmp-1676946667.2786705-844287-52719806372646/ > /dev/null 2>&1 && sleep 0'
ok: [localhost] => {
"changed": false,
"data": {
"created_at": "2023-02-19T16:55:21Z",
"droplet_ids": [],
"id": "12e94f3a-40ec-4431-a460-af2cd0866417",
"inbound_rules": [
{
"ports": "22",
"protocol": "tcp",
"sources": {
"addresses": [
"40.142.183.33"
],
"droplet_ids": [],
"load_balancer_uids": [],
"tags": []
}
}
],
"name": "sage.test",
"outbound_rules": [
{
"destinations": {
"addresses": [
"0.0.0.0/0",
"::/0"
],
"droplet_ids": [],
"load_balancer_uids": [],
"tags": []
},
"ports": "587",
"protocol": "tcp"
}
],
"pending_changes": [],
"status": "succeeded",
"tags": []
},
"invocation": {
"module_args": {
"baseurl": "https://api.digitalocean.com/v2",
"droplet_ids": null,
"inbound_rules": [
{
"ports": "22",
"protocol": "tcp",
"sources": {
"addresses": [
"40.142.183.33"
],
"droplet_ids": [],
"load_balancer_uids": [],
"tags": []
}
}
],
"name": "sage.test",
"oauth_token": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"outbound_rules": [
{
"destinations": {
"addresses": [
"0.0.0.0/0",
"::/0"
],
"droplet_ids": [],
"load_balancer_uids": [],
"tags": []
},
"ports": "587",
"protocol": "tcp"
}
],
"state": "present",
"tags": null,
"timeout": 30,
"validate_certs": true
}
}
}
TASK [Create a new Droplet] *********************************************************************************************************************************************************************
task path: /home/kfike/Projects/sage/ansible/create_droplet_prod.yml:41
redirecting (type: modules) ansible.builtin.digital_ocean_droplet to community.digitalocean.digital_ocean_droplet
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: kfike
<127.0.0.1> EXEC /bin/sh -c 'echo ~kfike && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/kfike/.ansible/tmp `"&& mkdir "` echo /home/kfike/.ansible/tmp/ansible-tmp-1676946668.6465716-844315-72107661445743 `" && echo ansible-tmp-1676946668.6465716-844315-72107661445743="` echo /home/kfike/.ansible/tmp/ansible-tmp-1676946668.6465716-844315-72107661445743 `" ) && sleep 0'
redirecting (type: modules) ansible.builtin.digital_ocean_droplet to community.digitalocean.digital_ocean_droplet
Using module file /home/kfike/Projects/sage/.venv/lib/python3.10/site-packages/ansible_collections/community/digitalocean/plugins/modules/digital_ocean_droplet.py
<127.0.0.1> PUT /home/kfike/.ansible/tmp/ansible-local-843821fcyi2beg/tmp19yjfhb5 TO /home/kfike/.ansible/tmp/ansible-tmp-1676946668.6465716-844315-72107661445743/AnsiballZ_digital_ocean_droplet.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /home/kfike/.ansible/tmp/ansible-tmp-1676946668.6465716-844315-72107661445743/ /home/kfike/.ansible/tmp/ansible-tmp-1676946668.6465716-844315-72107661445743/AnsiballZ_digital_ocean_droplet.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/home/kfike/Projects/sage/.venv/bin/python3 /home/kfike/.ansible/tmp/ansible-tmp-1676946668.6465716-844315-72107661445743/AnsiballZ_digital_ocean_droplet.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/kfike/.ansible/tmp/ansible-tmp-1676946668.6465716-844315-72107661445743/ > /dev/null 2>&1 && sleep 0'
failed: [localhost] (item=sage.epehemeral) => {
"ansible_loop_var": "item",
"changed": false,
"data": {
"droplet": {
"backup_ids": [],
"created_at": "2023-02-21T02:31:10Z",
"disk": 25,
"features": [
"droplet_agent",
"private_networking"
],
"id": 341870383,
"image": {
"created_at": "2022-10-14T20:34:31Z",
"description": "Ubuntu 22.04 (LTS) x64",
"distribution": "Ubuntu",
"id": 118857366,
"min_disk_size": 7,
"name": "22.04 (LTS) x64",
"public": true,
"regions": [
"nyc3",
"nyc1",
"sfo1",
"nyc2",
"ams2",
"sgp1",
"lon1",
"ams3",
"fra1",
"tor1",
"sfo2",
"blr1",
"sfo3",
"syd1"
],
"size_gigabytes": 0.69,
"slug": "ubuntu-22-04-x64",
"status": "available",
"tags": [],
"type": "base"
},
"kernel": null,
"locked": false,
"memory": 1024,
"name": "sage.prod",
"networks": {
"v4": [
{
"gateway": "68.183.112.1",
"ip_address": "68.183.115.205",
"netmask": "255.255.240.0",
"type": "public"
},
{
"gateway": "10.116.0.1",
"ip_address": "10.116.0.2",
"netmask": "255.255.240.0",
"type": "private"
}
],
"v6": []
},
"next_backup_window": null,
"region": {
"available": true,
"features": [
"backups",
"ipv6",
"metadata",
"install_agent",
"storage",
"image_transfer"
],
"name": "New York 1",
"sizes": [
"s-1vcpu-512mb-10gb",
"s-1vcpu-1gb",
"s-1vcpu-1gb-amd",
"s-1vcpu-1gb-intel",
"s-1vcpu-2gb",
"s-1vcpu-2gb-amd",
"s-1vcpu-2gb-intel",
"s-2vcpu-2gb",
"s-2vcpu-2gb-amd",
"s-2vcpu-2gb-intel",
"s-2vcpu-4gb",
"s-2vcpu-4gb-amd",
"s-2vcpu-4gb-intel",
"c-2",
"c2-2vcpu-4gb",
"s-4vcpu-8gb",
"s-4vcpu-8gb-amd",
"s-4vcpu-8gb-intel",
"g-2vcpu-8gb",
"gd-2vcpu-8gb",
"m-2vcpu-16gb",
"c-4",
"c2-4vcpu-8gb",
"s-8vcpu-16gb",
"m3-2vcpu-16gb",
"s-8vcpu-16gb-amd",
"s-8vcpu-16gb-intel",
"g-4vcpu-16gb",
"so-2vcpu-16gb",
"m6-2vcpu-16gb",
"gd-4vcpu-16gb",
"so1_5-2vcpu-16gb",
"m-4vcpu-32gb",
"c-8",
"c2-8vcpu-16gb",
"m3-4vcpu-32gb",
"g-8vcpu-32gb",
"so-4vcpu-32gb",
"m6-4vcpu-32gb",
"gd-8vcpu-32gb",
"so1_5-4vcpu-32gb",
"m-8vcpu-64gb",
"c-16",
"c2-16vcpu-32gb",
"m3-8vcpu-64gb",
"g-16vcpu-64gb",
"so-8vcpu-64gb",
"m6-8vcpu-64gb",
"gd-16vcpu-64gb",
"so1_5-8vcpu-64gb",
"m-16vcpu-128gb",
"c-32",
"c2-32vcpu-64gb",
"m3-16vcpu-128gb",
"c-48",
"m-24vcpu-192gb",
"g-32vcpu-128gb",
"so-16vcpu-128gb",
"m6-16vcpu-128gb",
"gd-32vcpu-128gb",
"c2-48vcpu-96gb",
"m3-24vcpu-192gb",
"g-40vcpu-160gb",
"so1_5-16vcpu-128gb",
"m-32vcpu-256gb",
"gd-40vcpu-160gb",
"so-24vcpu-192gb",
"m6-24vcpu-192gb",
"m3-32vcpu-256gb",
"so1_5-24vcpu-192gb",
"so-32vcpu-256gb",
"m6-32vcpu-256gb",
"so1_5-32vcpu-256gb"
],
"slug": "nyc1"
},
"size": {
"available": true,
"description": "Basic",
"disk": 25,
"memory": 1024,
"price_hourly": 0.00893,
"price_monthly": 6.0,
"regions": [
"ams3",
"blr1",
"fra1",
"lon1",
"nyc1",
"nyc3",
"sfo3",
"sgp1",
"syd1",
"tor1"
],
"slug": "s-1vcpu-1gb",
"transfer": 1.0,
"vcpus": 1
},
"size_slug": "s-1vcpu-1gb",
"snapshot_ids": [],
"status": "active",
"tags": [],
"vcpus": 1,
"volume_ids": [],
"vpc_uuid": "3ac1f985-22b9-46cc-b43b-f9265c9c0f31"
},
"firewall": [
null,
true
]
},
"invocation": {
"module_args": {
"backups": false,
"baseurl": "https://api.digitalocean.com/v2",
"firewall": [
"sage.test"
],
"id": null,
"image": "ubuntu-22-04-x64",
"ipv6": false,
"monitoring": false,
"name": "sage.prod",
"private_networking": false,
"project_name": "",
"region": "nyc1",
"resize_disk": false,
"size": "s-1vcpu-1gb",
"ssh_keys": [
"34685848"
],
"tags": null,
"timeout": 30,
"user_data": null,
"validate_certs": true,
"volumes": null,
"vpc_uuid": null
}
},
"item": "sage.prod",
"msg": [
null,
true
]
}
PLAY RECAP **************************************************************************************************************************************************************************************
localhost : ok=3 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
In Digital Ocean in the droplet's "Networking" page I can see that this firewall was applied.
Metadata
Metadata
Assignees
Labels
No labels