KeyError: 'details when uploading a certificate with hetzner.hcloud.certificate

[shade-belisar]

SUMMARY

When running a task to create a certificate, I'm getting a rather cryptic error. Additionally, the same task with a different certificate runs fine.

ISSUE TYPE

• Bug Report

COMPONENT NAME

hetzner.hcloud.certificate

ANSIBLE VERSION

ansible [core 2.17.5]
  config file = /kbb-deploy/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /opt/venv/lib/python3.11/site-packages/ansible
  ansible collection location = /kbb-deploy/.collections
  executable location = /opt/venv/bin/ansible
  python version = 3.11.10 (main, Sep 11 2024, 09:58:40) [GCC 13.2.1 20231014] (/opt/venv/bin/python3)
  jinja version = 3.1.4
  libyaml = True

COLLECTION VERSION

# /kbb-deploy/.collections/ansible_collections
Collection     Version
-------------- -------
hetzner.hcloud 3.1.1 

CONFIGURATION

COLLECTIONS_PATHS(env: ANSIBLE_COLLECTIONS_PATHS) = ['/kbb-deploy/.collections'] format <namespace>.<collection>. 
CONFIG_FILE() = /kbb-deploy/ansible.cfg
DEFAULT_ROLES_PATH(env: ANSIBLE_ROLES_PATH) = ['/kbb-deploy/.roles']
INVENTORY_ENABLED(/kbb-deploy/ansible.cfg) = ['hcloud', 'host_list', 'script', 'auto', 'yaml', 'ini', 'toml']
~
~
~
~
~
~
~
~
~

OS / ENVIRONMENT

Control Node: docker:26.0.1 Target System: current Hetzner Cloud

STEPS TO REPRODUCE

Unfortunately I cannot provide exact steps to reproduce the error because it only happens with one out of several certificates and I obviously cannot share this. Nevertheless, this is the task that fails.

One thing I noticed though is that the private key of the non-working certificate is 1746 characters long, but the keys of the working certificates are only 186 characters long. However, the certificate that cannot be uploaded via Ansible can be uploaded successfully via the Hetzner Cloud Console.

- name: "Create a basic certificate for {{ cert_name }}"
  hetzner.hcloud.certificate:
    api_token: "{{ lookup('ansible.builtin.env', 'HCLOUD_TOKEN') }}"
    name: "{{ cert_name }}, Updated: {{ now(utc=true,fmt='%Y-%m-%d') }}"
    certificate: "{{ cert_text + chain_text }}"
    private_key: "{{ privkey_text }}"
    state: present
  register: cert_response

EXPECTED RESULTS

I expected the specified certificate to be created. I know that the certificate is valid because I can upload and assign it manually.

Alternatively, if there actually is something wrong with this certificate that the web portal just ignores, I would expect a more helpful error message.

ACTUAL RESULTS

The certificate upload fails with a very cryptic error message.

TASK [Create a basic certificate for kbb_eu] ************************************************************************************************************************************************************
task path: /kbb-deploy/includes/upload_certificate.yml:34
<23.88.127.46> ESTABLISH SSH CONNECTION FOR USER: condat
<23.88.127.46> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="files/kbb_condat"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="condat"' -o ConnectTimeout=10 -o 'ControlPath="/root/.ansible/cp/28bba5c4fa"' 23.88.127.46 '/bin/sh -c '"'"'echo ~condat && sleep 0'"'"''
<23.88.127.46> (0, b'/home/condat\n', b"OpenSSH_9.6p1, OpenSSL 3.1.4 24 Oct 2023\r\ndebug1: Reading configuration data /root/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 22: include /etc/ssh/ssh_config.d/*.conf matched no files\r\ndebug2: resolve_canonicalize: hostname 23.88.127.46 is address\r\ndebug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/root/.ssh/known_hosts'\r\ndebug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/root/.ssh/known_hosts2'\r\ndebug1: auto-mux: Trying existing master at '/root/.ansible/cp/28bba5c4fa'\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 906\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet_timeout: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n")
<23.88.127.46> ESTABLISH SSH CONNECTION FOR USER: condat
<23.88.127.46> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="files/kbb_condat"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="condat"' -o ConnectTimeout=10 -o 'ControlPath="/root/.ansible/cp/28bba5c4fa"' 23.88.127.46 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/condat/.ansible/tmp `"&& mkdir "` echo /home/condat/.ansible/tmp/ansible-tmp-1728623986.3567693-1044-138643106704573 `" && echo ansible-tmp-1728623986.3567693-1044-138643106704573="` echo /home/condat/.ansible/tmp/ansible-tmp-1728623986.3567693-1044-138643106704573 `" ) && sleep 0'"'"''
<23.88.127.46> (0, b'ansible-tmp-1728623986.3567693-1044-138643106704573=/home/condat/.ansible/tmp/ansible-tmp-1728623986.3567693-1044-138643106704573\n', b"OpenSSH_9.6p1, OpenSSL 3.1.4 24 Oct 2023\r\ndebug1: Reading configuration data /root/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 22: include /etc/ssh/ssh_config.d/*.conf matched no files\r\ndebug2: resolve_canonicalize: hostname 23.88.127.46 is address\r\ndebug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/root/.ssh/known_hosts'\r\ndebug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/root/.ssh/known_hosts2'\r\ndebug1: auto-mux: Trying existing master at '/root/.ansible/cp/28bba5c4fa'\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 906\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet_timeout: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n")
Using module file /kbb-deploy/.collections/ansible_collections/hetzner/hcloud/plugins/modules/certificate.py
<23.88.127.46> PUT /root/.ansible/tmp/ansible-local-97785mh4siy/tmp4brj4le2 TO /home/condat/.ansible/tmp/ansible-tmp-1728623986.3567693-1044-138643106704573/AnsiballZ_certificate.py
<23.88.127.46> SSH: EXEC sftp -b - -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="files/kbb_condat"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="condat"' -o ConnectTimeout=10 -o 'ControlPath="/root/.ansible/cp/28bba5c4fa"' '[23.88.127.46]'
<23.88.127.46> (0, b'sftp> put /root/.ansible/tmp/ansible-local-97785mh4siy/tmp4brj4le2 /home/condat/.ansible/tmp/ansible-tmp-1728623986.3567693-1044-138643106704573/AnsiballZ_certificate.py\n', b'OpenSSH_9.6p1, OpenSSL 3.1.4 24 Oct 2023\r\ndebug1: Reading configuration data /root/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 22: include /etc/ssh/ssh_config.d/*.conf matched no files\r\ndebug2: resolve_canonicalize: hostname 23.88.127.46 is address\r\ndebug3: expanded UserKnownHostsFile \'~/.ssh/known_hosts\' -> \'/root/.ssh/known_hosts\'\r\ndebug3: expanded UserKnownHostsFile \'~/.ssh/known_hosts2\' -> \'/root/.ssh/known_hosts2\'\r\ndebug1: auto-mux: Trying existing master at \'/root/.ansible/cp/28bba5c4fa\'\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 906\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug2: Remote version: 3\r\ndebug2: Server supports extension "posix-rename@openssh.com" revision 1\r\ndebug2: Server supports extension "statvfs@openssh.com" revision 2\r\ndebug2: Server supports extension "fstatvfs@openssh.com" revision 2\r\ndebug2: Server supports extension "hardlink@openssh.com" revision 1\r\ndebug2: Server supports extension "fsync@openssh.com" revision 1\r\ndebug2: Server supports extension "lsetstat@openssh.com" revision 1\r\ndebug2: Sending SSH2_FXP_REALPATH "."\r\ndebug3: Sent message fd 3 T:16 I:1\r\ndebug3: SSH2_FXP_REALPATH . -> /home/condat\r\ndebug3: Looking up /root/.ansible/tmp/ansible-local-97785mh4siy/tmp4brj4le2\r\ndebug2: Sending SSH2_FXP_STAT "/home/condat/.ansible/tmp/ansible-tmp-1728623986.3567693-1044-138643106704573/AnsiballZ_certificate.py"\r\ndebug3: Sent message fd 3 T:17 I:2\r\ndebug1: stat remote: No such file or directory\r\ndebug2: sftp_upload: upload local "/root/.ansible/tmp/ansible-local-97785mh4siy/tmp4brj4le2" to remote "/home/condat/.ansible/tmp/ansible-tmp-1728623986.3567693-1044-138643106704573/AnsiballZ_certificate.py"\r\ndebug2: Sending SSH2_FXP_OPEN "/home/condat/.ansible/tmp/ansible-tmp-1728623986.3567693-1044-138643106704573/AnsiballZ_certificate.py"\r\ndebug3: Sent dest message SSH2_FXP_OPEN I:3 P:/home/condat/.ansible/tmp/ansible-tmp-1728623986.3567693-1044-138643106704573/AnsiballZ_certificate.py M:0x001a\r\ndebug3: Sent message SSH2_FXP_WRITE I:5 O:0 S:32768\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 5 32768 bytes at 0\r\ndebug3: Sent message SSH2_FXP_WRITE I:6 O:32768 S:32768\r\ndebug3: Sent message SSH2_FXP_WRITE I:7 O:65536 S:32768\r\ndebug3: Sent message SSH2_FXP_WRITE I:8 O:98304 S:32768\r\ndebug3: Sent message SSH2_FXP_WRITE I:9 O:131072 S:32768\r\ndebug3: Sent message SSH2_FXP_WRITE I:10 O:163840 S:32768\r\ndebug3: Sent message SSH2_FXP_WRITE I:11 O:196608 S:32768\r\ndebug3: Sent message SSH2_FXP_WRITE I:12 O:229376 S:13927\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 6 32768 bytes at 32768\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 7 32768 bytes at 65536\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 8 32768 bytes at 98304\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 9 32768 bytes at 131072\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 10 32768 bytes at 163840\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 11 32768 bytes at 196608\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 12 13927 bytes at 229376\r\ndebug3: Sent message SSH2_FXP_CLOSE I:4\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: mux_client_read_packet_timeout: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<23.88.127.46> ESTABLISH SSH CONNECTION FOR USER: condat
<23.88.127.46> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="files/kbb_condat"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="condat"' -o ConnectTimeout=10 -o 'ControlPath="/root/.ansible/cp/28bba5c4fa"' 23.88.127.46 '/bin/sh -c '"'"'chmod u+x /home/condat/.ansible/tmp/ansible-tmp-1728623986.3567693-1044-138643106704573/ /home/condat/.ansible/tmp/ansible-tmp-1728623986.3567693-1044-138643106704573/AnsiballZ_certificate.py && sleep 0'"'"''
<23.88.127.46> (0, b'', b"OpenSSH_9.6p1, OpenSSL 3.1.4 24 Oct 2023\r\ndebug1: Reading configuration data /root/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 22: include /etc/ssh/ssh_config.d/*.conf matched no files\r\ndebug2: resolve_canonicalize: hostname 23.88.127.46 is address\r\ndebug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/root/.ssh/known_hosts'\r\ndebug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/root/.ssh/known_hosts2'\r\ndebug1: auto-mux: Trying existing master at '/root/.ansible/cp/28bba5c4fa'\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 906\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet_timeout: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n")
<23.88.127.46> ESTABLISH SSH CONNECTION FOR USER: condat
<23.88.127.46> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="files/kbb_condat"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="condat"' -o ConnectTimeout=10 -o 'ControlPath="/root/.ansible/cp/28bba5c4fa"' -tt 23.88.127.46 '/bin/sh -c '"'"'sudo -H -S -n  -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-njwabaszfsnyboynduraypsfqxkpjuer ; /usr/bin/python3 /home/condat/.ansible/tmp/ansible-tmp-1728623986.3567693-1044-138643106704573/AnsiballZ_certificate.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
Escalation succeeded
<23.88.127.46> (1, b'Traceback (most recent call last):\r\n  File "/home/condat/.ansible/tmp/ansible-tmp-1728623986.3567693-1044-138643106704573/AnsiballZ_certificate.py", line 107, in <module>\r\n    _ansiballz_main()\r\n  File "/home/condat/.ansible/tmp/ansible-tmp-1728623986.3567693-1044-138643106704573/AnsiballZ_certificate.py", line 99, in _ansiballz_main\r\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\r\n  File "/home/condat/.ansible/tmp/ansible-tmp-1728623986.3567693-1044-138643106704573/AnsiballZ_certificate.py", line 47, in invoke_module\r\n    runpy.run_module(mod_name=\'ansible_collections.hetzner.hcloud.plugins.modules.certificate\', init_globals=dict(_module_fqn=\'ansible_collections.hetzner.hcloud.plugins.modules.certificate\', _modlib_path=modlib_path),\r\n  File "/usr/lib/python3.8/runpy.py", line 207, in run_module\r\n    return _run_module_code(code, init_globals, run_name, mod_spec)\r\n  File "/usr/lib/python3.8/runpy.py", line 97, in _run_module_code\r\n    _run_code(code, mod_globals, init_globals,\r\n  File "/usr/lib/python3.8/runpy.py", line 87, in _run_code\r\n    exec(code, run_globals)\r\n  File "/tmp/ansible_hetzner.hcloud.certificate_payload_y3_767tm/ansible_hetzner.hcloud.certificate_payload.zip/ansible_collections/hetzner/hcloud/plugins/modules/certificate.py", line 290, in <module>\r\n  File "/tmp/ansible_hetzner.hcloud.certificate_payload_y3_767tm/ansible_hetzner.hcloud.certificate_payload.zip/ansible_collections/hetzner/hcloud/plugins/modules/certificate.py", line 284, in main\r\n  File "/tmp/ansible_hetzner.hcloud.certificate_payload_y3_767tm/ansible_hetzner.hcloud.certificate_payload.zip/ansible_collections/hetzner/hcloud/plugins/modules/certificate.py", line 235, in present_certificate\r\n  File "/tmp/ansible_hetzner.hcloud.certificate_payload_y3_767tm/ansible_hetzner.hcloud.certificate_payload.zip/ansible_collections/hetzner/hcloud/plugins/modules/certificate.py", line 196, in _create_certificate\r\n  File "/tmp/ansible_hetzner.hcloud.certificate_payload_y3_767tm/ansible_hetzner.hcloud.certificate_payload.zip/ansible_collections/hetzner/hcloud/plugins/module_utils/vendor/hcloud/certificates/client.py", line 222, in create\r\n  File "/tmp/ansible_hetzner.hcloud.certificate_payload_y3_767tm/ansible_hetzner.hcloud.certificate_payload.zip/ansible_collections/hetzner/hcloud/plugins/module_utils/vendor/hcloud/_client.py", line 231, in request\r\n  File "/tmp/ansible_hetzner.hcloud.certificate_payload_y3_767tm/ansible_hetzner.hcloud.certificate_payload.zip/ansible_collections/hetzner/hcloud/plugins/module_utils/vendor/hcloud/_client.py", line 188, in _raise_exception_from_content\r\nKeyError: \'details\'\r\n', b"OpenSSH_9.6p1, OpenSSL 3.1.4 24 Oct 2023\r\ndebug1: Reading configuration data /root/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 22: include /etc/ssh/ssh_config.d/*.conf matched no files\r\ndebug2: resolve_canonicalize: hostname 23.88.127.46 is address\r\ndebug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/root/.ssh/known_hosts'\r\ndebug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/root/.ssh/known_hosts2'\r\ndebug1: auto-mux: Trying existing master at '/root/.ansible/cp/28bba5c4fa'\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 906\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet_timeout: read header failed: Broken pipe\r\ndebug2: Received exit status from master 1\r\nShared connection to 23.88.127.46 closed.\r\n")
<23.88.127.46> Failed to connect to the host via ssh: OpenSSH_9.6p1, OpenSSL 3.1.4 24 Oct 2023
debug1: Reading configuration data /root/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 22: include /etc/ssh/ssh_config.d/*.conf matched no files
debug2: resolve_canonicalize: hostname 23.88.127.46 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/root/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/root/.ssh/known_hosts2'
debug1: auto-mux: Trying existing master at '/root/.ansible/cp/28bba5c4fa'
debug2: fd 3 setting O_NONBLOCK
debug2: mux_client_hello_exchange: master version 4
debug3: mux_client_forwards: request forwardings: 0 local, 0 remote
debug3: mux_client_request_session: entering
debug3: mux_client_request_alive: entering
debug3: mux_client_request_alive: done pid = 906
debug3: mux_client_request_session: session request sent
debug1: mux_client_request_session: master session id: 2
debug3: mux_client_read_packet_timeout: read header failed: Broken pipe
debug2: Received exit status from master 1
Shared connection to 23.88.127.46 closed.
<23.88.127.46> ESTABLISH SSH CONNECTION FOR USER: condat
<23.88.127.46> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="files/kbb_condat"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="condat"' -o ConnectTimeout=10 -o 'ControlPath="/root/.ansible/cp/28bba5c4fa"' 23.88.127.46 '/bin/sh -c '"'"'rm -f -r /home/condat/.ansible/tmp/ansible-tmp-1728623986.3567693-1044-138643106704573/ > /dev/null 2>&1 && sleep 0'"'"''
<23.88.127.46> (0, b'', b"OpenSSH_9.6p1, OpenSSL 3.1.4 24 Oct 2023\r\ndebug1: Reading configuration data /root/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 22: include /etc/ssh/ssh_config.d/*.conf matched no files\r\ndebug2: resolve_canonicalize: hostname 23.88.127.46 is address\r\ndebug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/root/.ssh/known_hosts'\r\ndebug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/root/.ssh/known_hosts2'\r\ndebug1: auto-mux: Trying existing master at '/root/.ansible/cp/28bba5c4fa'\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 906\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet_timeout: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n")
The full traceback is:
Traceback (most recent call last):
  File "/home/condat/.ansible/tmp/ansible-tmp-1728623986.3567693-1044-138643106704573/AnsiballZ_certificate.py", line 107, in <module>
    _ansiballz_main()
  File "/home/condat/.ansible/tmp/ansible-tmp-1728623986.3567693-1044-138643106704573/AnsiballZ_certificate.py", line 99, in _ansiballz_main
    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
  File "/home/condat/.ansible/tmp/ansible-tmp-1728623986.3567693-1044-138643106704573/AnsiballZ_certificate.py", line 47, in invoke_module
    runpy.run_module(mod_name='ansible_collections.hetzner.hcloud.plugins.modules.certificate', init_globals=dict(_module_fqn='ansible_collections.hetzner.hcloud.plugins.modules.certificate', _modlib_path=modlib_path),
  File "/usr/lib/python3.8/runpy.py", line 207, in run_module
    return _run_module_code(code, init_globals, run_name, mod_spec)
  File "/usr/lib/python3.8/runpy.py", line 97, in _run_module_code
    _run_code(code, mod_globals, init_globals,
  File "/usr/lib/python3.8/runpy.py", line 87, in _run_code
    exec(code, run_globals)
  File "/tmp/ansible_hetzner.hcloud.certificate_payload_y3_767tm/ansible_hetzner.hcloud.certificate_payload.zip/ansible_collections/hetzner/hcloud/plugins/modules/certificate.py", line 290, in <module>
  File "/tmp/ansible_hetzner.hcloud.certificate_payload_y3_767tm/ansible_hetzner.hcloud.certificate_payload.zip/ansible_collections/hetzner/hcloud/plugins/modules/certificate.py", line 284, in main
  File "/tmp/ansible_hetzner.hcloud.certificate_payload_y3_767tm/ansible_hetzner.hcloud.certificate_payload.zip/ansible_collections/hetzner/hcloud/plugins/modules/certificate.py", line 235, in present_certificate
  File "/tmp/ansible_hetzner.hcloud.certificate_payload_y3_767tm/ansible_hetzner.hcloud.certificate_payload.zip/ansible_collections/hetzner/hcloud/plugins/modules/certificate.py", line 196, in _create_certificate
  File "/tmp/ansible_hetzner.hcloud.certificate_payload_y3_767tm/ansible_hetzner.hcloud.certificate_payload.zip/ansible_collections/hetzner/hcloud/plugins/module_utils/vendor/hcloud/certificates/client.py", line 222, in create
  File "/tmp/ansible_hetzner.hcloud.certificate_payload_y3_767tm/ansible_hetzner.hcloud.certificate_payload.zip/ansible_collections/hetzner/hcloud/plugins/module_utils/vendor/hcloud/_client.py", line 231, in request
  File "/tmp/ansible_hetzner.hcloud.certificate_payload_y3_767tm/ansible_hetzner.hcloud.certificate_payload.zip/ansible_collections/hetzner/hcloud/plugins/module_utils/vendor/hcloud/_client.py", line 188, in _raise_exception_from_content
KeyError: 'details'
fatal: [apiservice1-test]: FAILED! => {
    "changed": false,
    "module_stderr": "OpenSSH_9.6p1, OpenSSL 3.1.4 24 Oct 2023\r\ndebug1: Reading configuration data /root/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 22: include /etc/ssh/ssh_config.d/*.conf matched no files\r\ndebug2: resolve_canonicalize: hostname 23.88.127.46 is address\r\ndebug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/root/.ssh/known_hosts'\r\ndebug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/root/.ssh/known_hosts2'\r\ndebug1: auto-mux: Trying existing master at '/root/.ansible/cp/28bba5c4fa'\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 906\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet_timeout: read header failed: Broken pipe\r\ndebug2: Received exit status from master 1\r\nShared connection to 23.88.127.46 closed.\r\n",
    "module_stdout": "Traceback (most recent call last):\r\n  File \"/home/condat/.ansible/tmp/ansible-tmp-1728623986.3567693-1044-138643106704573/AnsiballZ_certificate.py\", line 107, in <module>\r\n    _ansiballz_main()\r\n  File \"/home/condat/.ansible/tmp/ansible-tmp-1728623986.3567693-1044-138643106704573/AnsiballZ_certificate.py\", line 99, in _ansiballz_main\r\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\r\n  File \"/home/condat/.ansible/tmp/ansible-tmp-1728623986.3567693-1044-138643106704573/AnsiballZ_certificate.py\", line 47, in invoke_module\r\n    runpy.run_module(mod_name='ansible_collections.hetzner.hcloud.plugins.modules.certificate', init_globals=dict(_module_fqn='ansible_collections.hetzner.hcloud.plugins.modules.certificate', _modlib_path=modlib_path),\r\n  File \"/usr/lib/python3.8/runpy.py\", line 207, in run_module\r\n    return _run_module_code(code, init_globals, run_name, mod_spec)\r\n  File \"/usr/lib/python3.8/runpy.py\", line 97, in _run_module_code\r\n    _run_code(code, mod_globals, init_globals,\r\n  File \"/usr/lib/python3.8/runpy.py\", line 87, in _run_code\r\n    exec(code, run_globals)\r\n  File \"/tmp/ansible_hetzner.hcloud.certificate_payload_y3_767tm/ansible_hetzner.hcloud.certificate_payload.zip/ansible_collections/hetzner/hcloud/plugins/modules/certificate.py\", line 290, in <module>\r\n  File \"/tmp/ansible_hetzner.hcloud.certificate_payload_y3_767tm/ansible_hetzner.hcloud.certificate_payload.zip/ansible_collections/hetzner/hcloud/plugins/modules/certificate.py\", line 284, in main\r\n  File \"/tmp/ansible_hetzner.hcloud.certificate_payload_y3_767tm/ansible_hetzner.hcloud.certificate_payload.zip/ansible_collections/hetzner/hcloud/plugins/modules/certificate.py\", line 235, in present_certificate\r\n  File \"/tmp/ansible_hetzner.hcloud.certificate_payload_y3_767tm/ansible_hetzner.hcloud.certificate_payload.zip/ansible_collections/hetzner/hcloud/plugins/modules/certificate.py\", line 196, in _create_certificate\r\n  File \"/tmp/ansible_hetzner.hcloud.certificate_payload_y3_767tm/ansible_hetzner.hcloud.certificate_payload.zip/ansible_collections/hetzner/hcloud/plugins/module_utils/vendor/hcloud/certificates/client.py\", line 222, in create\r\n  File \"/tmp/ansible_hetzner.hcloud.certificate_payload_y3_767tm/ansible_hetzner.hcloud.certificate_payload.zip/ansible_collections/hetzner/hcloud/plugins/module_utils/vendor/hcloud/_client.py\", line 231, in request\r\n  File \"/tmp/ansible_hetzner.hcloud.certificate_payload_y3_767tm/ansible_hetzner.hcloud.certificate_payload.zip/ansible_collections/hetzner/hcloud/plugins/module_utils/vendor/hcloud/_client.py\", line 188, in _raise_exception_from_content\r\nKeyError: 'details'\r\n",
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
    "rc": 1
}

[shade-belisar]

I manged to find a way to make this issue reproducible:

1. Follow these steps to generate (among others) the files db.crt, cadb.pem, db.key https://opensource.docs.scylladb.com/stable/operating-scylla/security/generate-certificate.html
2. Set your Hetzner Cloud token to HCLOUD_TOKEN.
3. Run the following tasks:

   
   - set_fact:
   cert_name: "certificate-name"
   cert_text: "{{ lookup('file', 'path/to/db.crt') }}"
   chain_text: "{{ lookup('file', 'path/to/cadb.pem') }}"
   privkey_text: "{{ lookup('file', 'path/to/db.key') }}"

• name: "Create a basic certificate for {{ cert_name }}" hetzner.hcloud.certificate: api_token: "{{ lookup('ansible.builtin.env', 'HCLOUD_TOKEN') }}" name: "{{ cert_name }}, Updated: {{ now(utc=true,fmt='%Y-%m-%d') }}" certificate: '{{ cert_text + chain_text }}' private_key: '{{ privkey_text }}' state: present register: cert_response

[jooola]

This was fixed in version 4.1.0 of the collection, could you please update your collection?

• https://github.com/ansible-collections/hetzner.hcloud/commit/42a1438d43c0585cdb3421cf0af936d4d4c67583
• https://github.com/hetznercloud/hcloud-python/commit/f1c6594dee7088872f2375359ee259e4e93b31d2

[shade-belisar]

Ah, my bad. I was under the (mistaken) assumption that 3.1.1 was the latest version, because it is the version listed in the Ansible Docs.

Do I understand the readme correctly and there is no up-to-date online documentation? It only mentions ansible-doc, but the terminal is in my opinion not nearly as legible and easy to handle as a web page.

[jooola]

You should be able to change the version of the docs to see the latest collection docs.

If you installed the collection that is bundled into the "ansible" package, then it is possible that you have an older version of the collection. In this case, the documentation version "stable" is probably correct.

If you installed the collection from ansible galaxy, then you should probably use the documentation from the "devel" version.