I am trying to create a firewall and then create a DO Droplet with that firewall added to it. Here's my playbook:
- hosts: localhost
vars:
digital_ocean_token: '{{ lookup("env", "DO_API_TOKEN") }}'
ephemeral_ssh_key_pub: '{{ lookup("env", "EPHEMERAL_SSH_KEY_PUB") }}'
ephemeral_ssh_private_key_file: '{{ lookup("env", "EPHEMERAL_SSH_PRIVATE_KEY_FILE")
public_ip: '{{ lookup("env", "PUBLIC_IP")
}}'
droplet_size: s-1vcpu-1gb
droplet_region: nyc1
droplet_image: ubuntu-22-04-x64
tasks:
- name: Add public ssh key to Digital Ocean account
digital_ocean_sshkey:
name: "Personal Projects - Local"
oauth_token: "{{ digital_ocean_token }}"
ssh_pub_key: "{{ ephemeral_ssh_key_pub }}"
state: present
register: sshkey_result
- name: Create firewall named "sage.test"
community.digitalocean.digital_ocean_firewall:
name: "sage.test"
inbound_rules:
- protocol: "tcp"
ports: "22"
sources:
addresses: "{{ public_ip }}"
outbound_rules:
- protocol: "tcp"
ports: "587"
destinations:
addresses: ["0.0.0.0/0", "::/0"]
- name: Create a new Droplet
digital_ocean_droplet:
name: sage.ephemeral
oauth_token: "{{ digital_ocean_token }}"
size: "{{ droplet_size }}"
region: "{{ droplet_region }}"
image: "{{ droplet_image }}"
firewall: ["sage.test"]
wait_timeout: 600
unique_name: yes
ssh_keys: ["{{ sshkey_result.data.ssh_key.id }}"]
state: present
with_inventory_hostnames:
- web
register: droplet_result
When I run the playbook the task to create a new droplet fails:
BECOME password:
PLAY [localhost] **************************************************************************************************
TASK [Gathering Facts] ********************************************************************************************
ok: [localhost]
TASK [Add public ssh key to Digital Ocean account] ****************************************************************
ok: [localhost]
TASK [Create firewall named "sage.test"] ************************************************************************************
changed: [localhost]
TASK [Create a new Droplet] ***************************************************************************************
failed: [localhost] (item=sage.epehemeral) => {"ansible_loop_var": "item", "changed": false, "data": {"droplet": {"backup_ids": [], "created_at": "2023-02-19T16:55:26Z", "disk": 25, "features": ["droplet_agent", "private_networking"], "id": 341643728, "image": {"created_at": "2022-10-14T20:34:31Z", "description": "Ubuntu 22.04 (LTS) x64", "distribution": "Ubuntu", "id": 118857366, "min_disk_size": 7, "name": "22.04 (LTS) x64", "public": true, "regions": ["nyc3", "nyc1", "sfo1", "nyc2", "ams2", "sgp1", "lon1", "ams3", "fra1", "tor1", "sfo2", "blr1", "sfo3", "syd1"], "size_gigabytes": 0.69, "slug": "ubuntu-22-04-x64", "status": "available", "tags": [], "type": "base"}, "kernel": null, "locked": false, "memory": 1024, "name": "sage.ephemeral", "networks": {"v4": [{"gateway": "137.184.16.1", "ip_address": "137.184.26.79", "netmask": "255.255.240.0", "type": "public"}, {"gateway": "10.116.0.1", "ip_address": "10.116.0.2", "netmask": "255.255.240.0", "type": "private"}], "v6": []}, "next_backup_window": null, "region": {"available": true, "features": ["backups", "ipv6", "metadata", "install_agent", "storage", "image_transfer"], "name": "New York 1", "sizes": ["s-1vcpu-512mb-10gb", "s-1vcpu-1gb", "s-1vcpu-1gb-amd", "s-1vcpu-1gb-intel", "s-1vcpu-2gb", "s-1vcpu-2gb-amd", "s-1vcpu-2gb-intel", "s-2vcpu-2gb", "s-2vcpu-2gb-amd", "s-2vcpu-2gb-intel", "s-2vcpu-4gb", "s-2vcpu-4gb-amd", "s-2vcpu-4gb-intel", "c-2", "c2-2vcpu-4gb", "s-4vcpu-8gb", "s-4vcpu-8gb-amd", "s-4vcpu-8gb-intel", "g-2vcpu-8gb", "gd-2vcpu-8gb", "m-2vcpu-16gb", "c-4", "c2-4vcpu-8gb", "s-8vcpu-16gb", "m3-2vcpu-16gb", "s-8vcpu-16gb-amd", "s-8vcpu-16gb-intel", "g-4vcpu-16gb", "so-2vcpu-16gb", "m6-2vcpu-16gb", "gd-4vcpu-16gb", "so1_5-2vcpu-16gb", "m-4vcpu-32gb", "c-8", "c2-8vcpu-16gb", "m3-4vcpu-32gb", "g-8vcpu-32gb", "so-4vcpu-32gb", "m6-4vcpu-32gb", "gd-8vcpu-32gb", "so1_5-4vcpu-32gb", "m-8vcpu-64gb", "c-16", "c2-16vcpu-32gb", "m3-8vcpu-64gb", "g-16vcpu-64gb", "so-8vcpu-64gb", "m6-8vcpu-64gb", "gd-16vcpu-64gb", "so1_5-8vcpu-64gb", "m-16vcpu-128gb", "c-32", "c2-32vcpu-64gb", "m3-16vcpu-128gb", "c-48", "m-24vcpu-192gb", "g-32vcpu-128gb", "so-16vcpu-128gb", "m6-16vcpu-128gb", "gd-32vcpu-128gb", "c2-48vcpu-96gb", "m3-24vcpu-192gb", "g-40vcpu-160gb", "so1_5-16vcpu-128gb", "m-32vcpu-256gb", "gd-40vcpu-160gb", "so-24vcpu-192gb", "m6-24vcpu-192gb", "m3-32vcpu-256gb", "so1_5-24vcpu-192gb", "so-32vcpu-256gb", "m6-32vcpu-256gb", "so1_5-32vcpu-256gb"], "slug": "nyc1"}, "size": {"available": true, "description": "Basic", "disk": 25, "memory": 1024, "price_hourly": 0.00893, "price_monthly": 6.0, "regions": ["ams3", "blr1", "fra1", "lon1", "nyc1", "nyc3", "sfo3", "sgp1", "syd1", "tor1"], "slug": "s-1vcpu-1gb", "transfer": 1.0, "vcpus": 1}, "size_slug": "s-1vcpu-1gb", "snapshot_ids": [], "status": "active", "tags": [], "vcpus": 1, "volume_ids": [], "vpc_uuid": "3ac1f985-22b9-46cc-b43b-f9265c9c0f31"}, "firewall": [null, true]}, "item": "sage.epehemeral", "msg": [null, true]}
PLAY RECAP ********************************************************************************************************
localhost : ok=3 changed=1 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Looking at "firewall": [null, true]} in the play recap, I thought the droplet failed to be created and apply the firewall, but in DO I see it added the droplet successfully.
Why am I getting this failure? Thanks in advance for any advice!
