search

cisagov / ansible-role-openvpn

Ansible role to install an OpenVPN server and configure it to authenticate users certificates against FreeIPA.
Creative Commons Zero v1.0 Universal
8 stars 2 forks source link

Molecule tests randomly fail sometimes #30

Open jsf9k opened 3 years ago

jsf9k commented 3 years ago

🐛 Bug Report

The molecule testing for this role sometimes fails with output like this:

    TASK [ufw : Configure UFW logging and state] ***********************************
fatal: [ubuntu1804_systemd]: FAILED! => {"changed": false, "commands": ["/usr/sbin/ufw status verbose", "/bin/grep -h '^### tuple' /lib/ufw/user.rules /lib/ufw/user6.rules /etc/ufw/user.rules /etc/ufw/user6.rules /var/lib/ufw/user.rules /var/lib/ufw/user6.rules", "/usr/sbin/ufw -f enable"], "msg": "ERROR: initcaps\n[Errno 2] ip6tables v1.6.1: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)\nPerhaps ip6tables or your kernel needs to be upgraded.\n\n"}
fatal: [ubuntu1604_systemd]: FAILED! => {"changed": false, "commands": ["/usr/sbin/ufw status verbose", "/bin/grep -h '^### tuple' /lib/ufw/user.rules /lib/ufw/user6.rules /etc/ufw/user.rules /etc/ufw/user6.rules /var/lib/ufw/user.rules /var/lib/ufw/user6.rules", "/usr/sbin/ufw -f enable"], "msg": "ERROR: initcaps\n[Errno 2] ip6tables v1.6.0: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)\nPerhaps ip6tables or your kernel needs to be upgraded.\n\n"}

It's a sporadic failure, and it's not always the same Linux distributions that fail.

To Reproduce

Run the molecule tests enough times, either locally or on GitHub Actions, and you will see output similar to what is shown in the previous section.

Expected behavior

The molecule test runs should execute cleanly each and every time.

dav3r commented 3 years ago

Current workaround is to re-run the job until it passes. Not great, but it's what we've got until we get a chance to fix this.

jsf9k commented 3 years ago

Re-running the job is no longer sufficient. In addition to the sporadic error above, I'm now seeing this persistent error with Ubuntu 18.04:

  fatal: [ubuntu_18_systemd]: FAILED! => {"changed": false, "commands": ["/usr/sbin/ufw status verbose", "/bin/grep -h '^### tuple' /lib/ufw/user.rules /lib/ufw/user6.rules /etc/ufw/user.rules /etc/ufw/user6.rules /var/lib/ufw/user.rules /var/lib/ufw/user6.rules", "/usr/sbin/ufw -f enable"], "msg": "ERROR: Could not load logging rules\n"}

Interestingly, I do not see the error in the issue description when running molecule test locally.

michaelsaki commented 1 year ago

Not sure if this is related since it only occurs when I run molecule converge not molecule test but figured I would mention it anyway. Also it isn't on the ubuntu servers. When I do run molecule test the subsequent execution of molecule converge gets it running just fine. image