Feature: Ability to set private static IP for private networks

[varuzam]

SUMMARY

A while ago support for private network was added https://github.com/ansible-collections/hetzner.hcloud/commit/ad8958a2ad3ff060df01a275a594419ed100c27e But there is no way to set static private ip. It would be nice to have this ability.

ISSUE TYPE

• Feature Idea

COMPONENT NAME

hetzner.hcloud.server module

ADDITIONAL INFORMATION

- name: Create server
    hetzner.hcloud.hcloud_server:
      name: serv1
      private_networks::
        - name: net1
          ipv4_address: 10.1.0.1
        - name: net2
          ipv4_address: 10.2.0.1
      ...

[NavidSassan]

Hi, we have a similar problem. Our goal is to create a VM that only has a static IP in a private network and no public IP.

• we managed to assign a static IP to a server using the hcloud_server_network module after creating a server with a public IP
• what also works is to create a server without a public IP and with a private network, but not with a static IP
• creating a server with only a private network and a static IP fails:
  • since the private_networks key in hcloud_server does not support a static IP, we tried not using it. This leads to invalid input: server must be attached to at least one of: primary_ipv4, primary_ipv6, private_network
  • already attaching the server to the network using private_networks and then trying to change the IP to static using hcloud_server_network afterwards does not do anything (unchanged / OK in ansible)

You can find the detailed tasks in our role here.

Possible solutions:

• remove the restriction that a server needs to have either a public or a private IP. Then one can just use the hcloud_server_network module.
• implement setting the IP via private_network as mentioned above in the original post
• do something like openstack, and allow creating a "port" with a network / static IP, which then is attached to the server. However, this is a little more complicated to use (you can see the handling of that in our infomaniak_vm role)

[github-isomorph]

Hi, I also have a similar problem. I am using Ansible to create a server in the Hetzner cloud. My aim is to integrate the new server into a private network that I have previously created. The server should not be accessible via the internet, so I have disabled ipv4 and ipv6. Rather, I'd like to access the server by connecting via OpenVPN to the private network 'ipfire' and connect by use of ssh from there.

[janre]

Same for me. The only workaround for us currently is to create a server with public ip and manually add it to a network with a static IP, then disable the public ip again.

[github-actions[bot]]

This issue has been marked as stale because it has not had recent activity. The bot will close the issue if no further action occurs.

[varuzam]

Up

[jooola]

While I understand implementing this in the server module might make your lives easier, what do you folks think about this:

https://github.com/ansible-collections/hetzner.hcloud/blob/c8e6a84b0bcd96d7e5eb1a76ce532ed3adde68ad/examples/server-with-private-ip-only.yml#L28-L50

I am not sure If we want to continue packing new feature in the server module, which is already really big.

[laurikari]

Creating the server in stopped state works for my use case, thanks for the tip @jooola! The documentation could include this as an example; it's not easy to find out that this is possible.

[varuzam]

@jooola Your code is OK for one time run. But speaking about big production infra when a playbook is run several time it is not desirable to stop and start production servers each time

[apricote]

@jooola is on vacation this week, but will be back on Monday.

@varuzam maybe the [check_mode can help you there. You can run the hetzner.hcloud.server_network in check mode first, to see if any changes would be made and only shutdown the server if needed. Some pseudo code:

tasks:
- name: Check if private IP needs to be changed
  hetzner.hcloud.server_network: 
    network: my-network
    server: "{{ name }}"
    ip: "{{ private_ip }}"
    state: present
    check_mode: true
  register: ip_changes

- name: Update private IP
  when: ip_changes is changed # Or `ip_changes.changed == true`
  block:
    - name: Shutdown Server
      # ...
    - name: Update IP
      # ...
    - name: Start Server
      # ...

• https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_checkmode.html#using-check-mode
• https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#changed
• https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_conditionals.html#conditions-based-on-registered-variables
• https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_blocks.html

[jooola]

Your code is OK for one time run. But speaking about big production infra when a playbook is run several time it is not desirable to stop and start production servers each time.

Could you explain what your use case is ?

If your server is already running, it should already have some IP assigned. Then adding or updating a private IP should be done using the server_network module. Updating a private IP is not yet doable using the server_network but I'd be happy to implement it if this solves your problem (I'll check if this is actually doable). But maybe your use case will help me better understand the problem.

EDIT: I just checked, and we cannot update a private IP, as we cannot assign multiple IP on the same network, and therefor have to shut down the server before removing and adding a new IP. We might be able to implement this by shutting down the server in the server_network module, but only when a force flag is set to true.