hetzner.hcloud icon indicating copy to clipboard operation
hetzner.hcloud copied to clipboard

Published 20 hours ago verified publisher icon ansible-collections

Firewall absent may throw an exception

Open BjoernAkAManf opened this issue 3 years ago • 0 comments

SUMMARY

Deleting a firewall might not be possible, if deletion of the previous server has not finished yet.

ISSUE TYPE
  • Bug Report
COMPONENT NAME

hetzner.hcloud.hcloud_firewall

ANSIBLE VERSION
ansible 2.10.8
  config file = /myfoo/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.9.7 (default, Aug 31 2021, 13:27:14) [GCC 11.2.0]
COLLECTION VERSION

# /usr/lib/python3/dist-packages/ansible_collections
Collection                Version
------------------------- -------
amazon.aws                1.4.0
ansible.netcommon         1.5.0
ansible.posix             1.1.1
ansible.windows           1.4.0
arista.eos                1.3.0
awx.awx                   14.1.0
azure.azcollection        1.4.0
check_point.mgmt          1.0.6
chocolatey.chocolatey     1.0.2
cisco.aci                 1.1.1
cisco.asa                 1.0.4
cisco.intersight          1.0.10
cisco.ios                 1.3.0
cisco.iosxr               1.2.1
cisco.meraki              2.2.0
cisco.mso                 1.1.0
cisco.nso                 1.0.3
cisco.nxos                1.4.0
cisco.ucs                 1.6.0
cloudscale_ch.cloud       1.3.1
community.aws             1.3.0
community.azure           1.0.0
community.crypto          1.4.0
community.digitalocean    1.0.0
community.docker          1.2.2
community.fortios         1.0.0
community.general         1.3.6
community.google          1.0.0
community.grafana         1.1.0
community.hashi_vault     1.1.0
community.hrobot          1.1.0
community.kubernetes      1.1.1
community.kubevirt        1.0.0
community.libvirt         1.0.0
community.mongodb         1.2.0
community.mysql           1.2.0
community.network         1.3.2
community.okd             1.0.0
community.postgresql      1.1.1
community.proxysql        1.0.0
community.rabbitmq        1.0.1
community.routeros        1.1.0
community.skydive         1.0.0
community.vmware          1.7.0
community.windows         1.3.0
community.zabbix          1.2.0
containers.podman         1.4.1
cyberark.conjur           1.1.0
cyberark.pas              1.0.5
dellemc.os10              1.0.2
dellemc.os6               1.0.6
dellemc.os9               1.0.3
f5networks.f5_modules     1.7.1
fortinet.fortimanager     1.0.5
fortinet.fortios          1.1.8
frr.frr                   1.0.3
gluster.gluster           1.0.1
google.cloud              1.0.2
hetzner.hcloud            1.2.1
ibm.qradar                1.0.3
infinidat.infinibox       1.2.4
junipernetworks.junos     1.3.0
mellanox.onyx             1.0.0
netapp.aws                20.9.0
netapp.elementsw          20.11.0
netapp.ontap              20.12.0
netapp_eseries.santricity 1.1.0
netbox.netbox             1.2.1
ngine_io.cloudstack       1.2.0
ngine_io.exoscale         1.0.0
ngine_io.vultr            1.1.0
openstack.cloud           1.2.1
openvswitch.openvswitch   1.1.0
ovirt.ovirt               1.3.0
purestorage.flasharray    1.6.2
purestorage.flashblade    1.4.0
servicenow.servicenow     1.0.4
splunk.es                 1.0.2
theforeman.foreman        1.5.1
vyos.vyos                 1.1.1
wti.remote                1.0.1

# /root/.ansible/collections/ansible_collections
Collection        Version
----------------- -------
ansible.netcommon 2.4.0
ansible.utils     2.4.0
hetzner.hcloud    1.6.0
CONFIGURATION
DEFAULT_HOST_LIST(/myfoo/ansible/ansible.cfg) = ['/myfoo/ansible/inv.hcloud.yml']
DEFAULT_PRIVATE_KEY_FILE(/myfoo/ansible/ansible.cfg) = /myfoo/infrastructure/dummy-ssh-keygen.pem
OS / ENVIRONMENT

Ansible runs in a docker image build by

FROM ubuntu:21.10

RUN apt update && \
    DEBIAN_FRONTEND=noninteractive apt install -y ansible python3-pip && \
    apt-get clean && \
    apt-get autoremove --yes && \
    rm -rf /var/lib/{apt,dpkg,cache,log}/

RUN ansible -vv -m pip -a "name=hcloud" localhost
STEPS TO REPRODUCE

Creating a playbook with a firewall and a server that are both to be decommissioned does not work, because decomissioning the server does not allow the firewall to be deleted

Note: This example may not always provide you with a similar error message, but rather 'just work'.

    - name: Destroy Server
      'hetzner.hcloud.hcloud_server':
        name: my-dev-server
        state: absent

    - name: Destroy Firewall
      'hetzner.hcloud.hcloud_firewall':
        name: '{{ my_fw_main }}'
        state: absent
EXPECTED RESULTS

Deletion does not throw an error as reported below.

ACTUAL RESULTS
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: hcloud.hcloud.APIException: firewall with ID XXXXXX is still in use
fatal: [localhost]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n  File \"/root/.ansible/tmp/ansible-tmp-1631559355.4981043-141-228344007223682/AnsiballZ_hcloud_firewall.py\", line 102, in <module>\
n    _ansiballz_main()\n  File \"/root/.ansible/tmp/ansible-tmp-1631559355.4981043-141-228344007223682/AnsiballZ_hcloud_firewall.py\", line 94, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/roo
t/.ansible/tmp/ansible-tmp-1631559355.4981043-141-228344007223682/AnsiballZ_hcloud_firewall.py\", line 40, in invoke_module\n    runpy.run_module(mod_name='ansible_collections.hetzner.hcloud.plugins.modules.hcloud_firewall', init_globals
=None, run_name='__main__', alter_sys=True)\n  File \"/usr/lib/python3.9/runpy.py\", line 210, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/usr/lib/python3.9/runpy.py\", line 97, in _run_m
odule_code\n    _run_code(code, mod_globals, init_globals,\n  File \"/usr/lib/python3.9/runpy.py\", line 87, in _run_code\n    exec(code, run_globals)\n  File \"/tmp/ansible_hetzner.hcloud.hcloud_firewall_payload_7qjnq146/ansible_hetzner
.hcloud.hcloud_firewall_payload.zip/ansible_collections/hetzner/hcloud/plugins/modules/hcloud_firewall.py\", line 344, in <module>\n  File \"/tmp/ansible_hetzner.hcloud.hcloud_firewall_payload_7qjnq146/ansible_hetzner.hcloud.hcloud_firew
all_payload.zip/ansible_collections/hetzner/hcloud/plugins/modules/hcloud_firewall.py\", line 336, in main\n  File \"/tmp/ansible_hetzner.hcloud.hcloud_firewall_payload_7qjnq146/ansible_hetzner.hcloud.hcloud_firewall_payload.zip/ansible_
collections/hetzner/hcloud/plugins/modules/hcloud_firewall.py\", line 294, in delete_firewall\n  File \"/usr/local/lib/python3.9/dist-packages/hcloud/firewalls/client.py\", line 359, in delete\n    self._client.request(\n  File \"/usr/lo
cal/lib/python3.9/dist-packages/hcloud/hcloud.py\", line 237, in request\n    self._raise_exception_from_json_content(json_content)\n  File \"/usr/local/lib/python3.9/dist-packages/hcloud/hcloud.py\", line 201, in _raise_exception_from_j
son_content\n    raise APIException(\nhcloud.hcloud.APIException: firewall with ID XXXXXX is still in use\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

BjoernAkAManf avatar Sep 13 '21 19:09 BjoernAkAManf