[BUG] - Role fails with bbb_freeswitch_ipv6: false after the role was run with bbb_freeswitch_ipv6: true

[dimitrihof]

Describe the bug Second run of role fails at manage ipv6 sip_profiles

To Reproduce run role twice on the same machine with ipv6 disbled

Expected behavior Running twice doesnt result in an error

Screenshots If applicable, add screenshots to help explain your problem. DO NOT USE SCREENSHOTS TO SHOW CODE! This makes the information inaccessible to visually impaired users.

Desktop information if needed (please complete the following information):

• OS: ubuntu20.04
• ansible 2.9.6
• BBB 2.3.13

Your variables for this role - be sure to remove any sensitive information

failed: [xxx] (item=/opt/freeswitch/etc/freeswitch/sip_profiles/external-ipv6.xml.disabled) => {
    "ansible_loop_var": "sip_profile",
    "changed": false,
    "invocation": {
        "module_args": {
            "_raw_params": null,
            "_uses_shell": false,
            "argv": null,
            "chdir": null,
            "creates": null,
            "executable": null,
            "removes": null,
            "stdin": null,
            "stdin_add_newline": true,
            "strip_empty_ends": true,
            "warn": true
        }
    },
    "msg": "no command given",
    "rc": 256,
    "sip_profile": {
        "ansible_loop_var": "item",
        "changed": false,
        "failed": false,
        "invocation": {
            "module_args": {
                "checksum_algorithm": "sha1",
                "follow": false,
                "get_attributes": true,
                "get_checksum": true,
                "get_md5": false,
                "get_mime": true,
                "path": "/opt/freeswitch/etc/freeswitch/sip_profiles/external-ipv6.xml"
            }
        },
        "item": "/opt/freeswitch/etc/freeswitch/sip_profiles/external-ipv6.xml",
        "stat": {
            "atime": 1631295795.5290966,
            "attr_flags": "e",
            "attributes": [
                "extents"
            ],
            "block_size": 4096,
            "blocks": 16,
            "charset": "us-ascii",
            "checksum": "3d7db4d500f06c25769925bc7de547353dda7c45",
            "ctime": 1631286197.1041253,
            "dev": 2053,
            "device_type": 0,
            "executable": false,
            "exists": true,
            "gid": 1,
            "gr_name": "daemon",
            "inode": 5120716,
            "isblk": false,
            "ischr": false,
            "isdir": false,
            "isfifo": false,
            "isgid": false,
            "islnk": false,
            "isreg": true,
            "issock": false,
            "isuid": false,
            "mimetype": "text/plain",
            "mode": "0644",
            "mtime": 1622681453.0,
            "nlink": 1,
            "path": "/opt/freeswitch/etc/freeswitch/sip_profiles/external-ipv6.xml",
            "pw_name": "freeswitch",
            "readable": true,
            "rgrp": true,
            "roth": true,
            "rusr": true,
            "size": 5796,
            "uid": 999,
            "version": "1905633503",
            "wgrp": false,
            "woth": false,
            "writeable": true,
            "wusr": true,
            "xgrp": false,
            "xoth": false,
            "xusr": false
        }
    }
}

[BrutalBirdie]

I recently updates all my existing BBB nodes with the latest commit of this role. So I can't reproduce your problem.

Also you did not include your role variables

Your variables for this role - be sure to remove any sensitive information

[dimitrihof]

    - role: ansible-role-bigbluebutton
      bbb_hostname: "{{ fqdn }}"
#      bbb_state:
#      bbb_apt_mirror:
      bbb_letsencrypt_enable: "true"
      bbb_letsencrypt_email: "xxxx"
#      bbb_letsencrypt_api:
#      bbb_nginx_privacy:
#      bbb_nginx_listen_https:
#      bbb_nginx_root:
#      bbb_ssl_cert:
#      bbb_ssl_key:
#      bbb_own_cert:
#      bbb_own_key:
#      bbb_default_welcome_message: ""
      bbb_default_welcome_message_footer: ""
#      bbb_default_presentation:
#      bbb_custom_presentation:
#      bbb_custom_presentation_name:
#      bbb_web_logouturl: ""
#      bbb_allow_request_without_session:
      bbb_coturn_enable: false
      bbb_coturn_server: false
#      bbb_coturn_port:
#      bbb_coturn_port_tls:
      bbb_coturn_secret: "{{ vault_turn_secret }}"
#      bbb_coturn_min_port:
#      bbb_coturn_max_port:
      bbb_turn_enable: true
      bbb_stun_servers:
       - server: "{{ vault_turnserver }}"
       - server: "{{ vault_turnserver }}:443"
       - server: "{{ vault_fairkom_turnserver }}"
       - server: "{{ vault_fairkom_turnserver }}:443"
#      bbb_ice_servers:
      bbb_turn_servers:
        - server: "{{ vault_turnserver }}"
          port: 3478?transport=udp
          secret: "{{ vault_turn_secret }}"
          tls: false
        - server: "{{ vault_turnserver }}"
          port: 443?transport=tcp
          secret: "{{ vault_turn_secret }}"
          tls: false
        - server: "{{ vault_turnserver }}"
          port: 5349?transport=tcp
          secret: "{{ vault_turn_secret }}"
          tls: true
        - server: "{{ vault_fairkom_turnserver }}"
          port: 3478?transport=udp
          secret: "{{ vault_fairkom_turn_secret }}"
          tls: false
        - server: "{{ vault_fairkom_turnserver }}"
          port: 443?transport=tcp
          secret: "{{ vault_fairkom_turn_secret }}"
          tls: false
        - server: "{{ vault_fairkom_turnserver }}"
          port: 5349?transport=tcp
          secret: "{{ vault_fairkom_turn_secret }}"
          tls: true
#      bbb_greenlight_enable:
#      bbb_greenlight_hosts:
#      bbb_greenlight_image:
      bbb_greenlight_secret: "{{ vault_greenlight_secret }}"
      bbb_greenlight_db_password: "{{ vault_greenlight_db_password }}"
      bbb_greenlight_default_registration: "invite"
      bbb_greenlight_users:
       - "{{ vault_greenlight_user }}"
      bbb_allow_mail_notifications: "false"
#      bbb_disable_recordings:
#      bbb_api_demos_enable:
#      bbb_client_log_enable:
#      bbb_mute_on_start:
#      bbb_app_log_level:
#      bbb_meteor:
#      bbb_nodejs_version:
#      bbb_system_locale:
      bbb_secret: "{{ vault_api_secret }}"
      bbb_freeswitch_ipv6: false
#      bbb_freeswitch_ip_address:
#      bbb_freeswitch_external_ip:
#      bbb_dialplan_quality:
#      bbb_dialplan_energy_level: "100"
#      bbb_dialplan_comfort_noise:
      bbb_webhooks_enable: true
#      bbb_check_for_running_meetings:
#      bbb_monitoring_all_in_one_enable:
#      bbb_monitoring_all_in_one_version:
#      bbb_monitoring_all_in_one_port:
#      bbb_monitoring_all_in_one_grafana:
#      bbb_monitoring_all_in_one_prometheus:
#      bbb_monitoring_recordings_from_disk:
#      bbb_monitoring_external:
#      bbb_monitoring_htpasswd_user:
#      bbb_monitoring_htpasswd:
#      bbb_monitoring_exporter_version:
#      bbb_monitoring_systemd_enable:
#      bbb_monitoring_systemd_directory:
#      bbb_monitoring_systemd_port:
#      bbb_monitoring_systemd_bind_ip:
#      bbb_dialin_enabled:
#      bbb_dialin_provider_proxy:
#      bbb_dialin_provider_username:
#      bbb_dialin_provider_password:
#      bbb_dialin_provider_extension:
#      bbb_dialin_default_number:
#      bbb_dialin_mask_caller:
#      bbb_dialin_default_play_and_get_digitsbbb_dialin_overwrite_footer:
#      bbb_dialin_footer:
#      bbb_guestpolicy:
#      bbb_ntp_cron:
#      bbb_ntp_cron_day:
#      bbb_ntp_cron_hour:
#      bbb_ntp_cron_minute:
#      bbb_cron_history:
#      bbb_cron_unrecorded_days:
#      bbb_cron_published_days:
#      bbb_cron_log_history:
#      bbb_html5_node_options:
      bbb_freeswitch_socket_password: "{{ vault_freeswitch_password }}"
      bbb_html5_backend_processes: 3
      bbb_html5_frontend_processes: 3
#      bbb_container_compat:
#      bbb_firewall_ufw:
#      bbb_ufw_allow_networks_custom:
#      bbb_ufw_reject_networks_custom:
      bbb_ssh_port: xxxx
#      bbb_max_file_size_upload:
#      bbb_default_max_users:
#      bbb_default_meeting_duration:
#      bbb_max_num_pages:
#      bbb_max_conversion_time:
#      bbb_num_conversion_threads:
#      bbb_num_file_processor_threads:
#      bbb_freeswitch_muted_sound:
#     bbb_freeswitch_unmuted_sound:
#     bbb_breakout_rooms_enabled:
#     bbb_breakout_rooms_record:
#     bbb_breakout_rooms_privatechat_enabled:
#     bbb_docker_compose_version:
#     bbb_docker_passwd:
#     bbb_docker_user:

[dimitrihof]

The error must be somewhere here:

- name: configure IPv6-Support in freeswitch
  block:
    - name: configure listen-ip in event_socket.conf.xml
      become: true
      ansible.builtin.xml:
        path: /opt/freeswitch/etc/freeswitch/autoload_configs/event_socket.conf.xml
        xpath: '/configuration/settings/param[@name="listen-ip"]'
        attribute: 'value'
        value: "{{ '::' if bbb_freeswitch_ipv6 | bool else '127.0.0.1' }}"
      notify: restart freeswitch

    - name: stat ipv6 sip_profiles
      ansible.builtin.stat:
        path: "{{ item + '.disabled' if bbb_freeswitch_ipv6 | bool else item }}"
      register: ipv6_sip_profiles
      loop:
        - /opt/freeswitch/etc/freeswitch/sip_profiles/external-ipv6.xml
        - /opt/freeswitch/etc/freeswitch/sip_profiles/internal-ipv6.xml
      loop_control:
        label: "{{ item if bbb_freeswitch_ipv6 | bool else item + '.disabled' }}"

    - name: manage ipv6 sip_profiles
      become: true
      ansible.builtin.command: |
        mv
          "{{ sip_profile.item + '.disabled' if bbb_freeswitch_ipv6 | bool else sip_profile.item }}"
          "{{ sip_profile.item if bbb_freeswitch_ipv6 | bool else sip_profile.item + '.disabled' }}"
      when: sip_profile.stat.exists
      loop: "{{ ipv6_sip_profiles.results }}"
      loop_control:
        loop_var: sip_profile
        label: "{{ sip_profile.item if bbb_freeswitch_ipv6 | bool else sip_profile.item + '.disabled' }}"
      notify: restart freeswitch

shouldnt be sip.profile.stat.exist be ipv6_sip.profiles.stat.exist?

[dimitrihof]

For some reason the *.disabled files are not created. I have to create them by hand and the scripts runs perfectly. So i guess the ipv6 profiles are not moved correctly and thus the check in the end fails.

[BrutalBirdie]

huh I just checked my servers and I also don't have any .disabled files in /opt/freeswitch/etc/freeswitch/sip_profiles/. This is odd indeed. I have external-ipv6.xml_ and internal-ipv6.xml_ as files.

Hmmm. The failing part is this - with message no command given:

    - name: manage ipv6 sip_profiles
      become: true
      ansible.builtin.command: |
        mv
          "{{ sip_profile.item + '.disabled' if bbb_freeswitch_ipv6 | bool else sip_profile.item }}"
          "{{ sip_profile.item if bbb_freeswitch_ipv6 | bool else sip_profile.item + '.disabled' }}"
      when: sip_profile.stat.exists
      loop: "{{ ipv6_sip_profiles.results }}"
      loop_control:
        loop_var: sip_profile
        label: "{{ sip_profile.item if bbb_freeswitch_ipv6 | bool else sip_profile.item + '.disabled' }}"
      notify: restart freeswitch

Adding to that @d3hof you are correct, nothing does register: sip_profile so this step is questionable at best. I will have to wrap my head around this.

[BrutalBirdie]

Question did you have IPv6 enabled first and then disabled it with the second run? So was bbb_freeswitch_ipv6: true prior to this run?

[dimitrihof]

I think I did both. First on a server with ivp6 enabeld and then running the role on a new server.

[BrutalBirdie]

But even with this soft failing it never failed the ansible-playbook run for me. @Davka is using IPv6 and SIP and told me everything works out of the box. Still digging.

[dimitrihof]

The point is it fails when you don't use ipv6.

[BrutalBirdie]

@d3hof But it does not fail for me, and I do not use IPv6.

PLAY RECAP ***************************************************************************************************************************************************************************
meet.bbb.ansibletest.safeserver-support.de : ok=288  changed=177  unreachable=0    failed=0    skipped=431  rescued=0    ignored=0

ps: yes there are more steps then just the BBB role since I run other roles alongside for monitoring, security and more stuff.

And after another deploy the second run also no problem.

[dimitrihof]

Hm that is actually weird.

[dimitrihof]

So i checked again. And this error only happens if there was a run with ipv6: true before.

[BrutalBirdie]

Ok that is something I can test again.

[BrutalBirdie]

This week and my next week is filled by other projects. If someone else wants to verify this issue this would be great.

Otherwise I will do this as soon as I find the time.

@Davka @crosscodr

[crosscodr]

Hi all, I can do some tests about this today. One thing I noticed in your comments (@BrutalBirdie, @d3hof ):

    - name: manage ipv6 sip_profiles
      become: true
      ansible.builtin.command: |
        mv
          "{{ sip_profile.item + '.disabled' if bbb_freeswitch_ipv6 | bool else sip_profile.item }}"
          "{{ sip_profile.item if bbb_freeswitch_ipv6 | bool else sip_profile.item + '.disabled' }}"
      when: sip_profile.stat.exists
      loop: "{{ ipv6_sip_profiles.results }}"
      loop_control:
        loop_var: sip_profile
        label: "{{ sip_profile.item if bbb_freeswitch_ipv6 | bool else sip_profile.item + '.disabled' }}"
      notify: restart freeswitch

The use of sip_profile in when clause is correct here, because this var is established with the loop_control: loop_var statements. I made this to make the whole task clearer, esp. to make the command more readable. By default, the loop var is named "item", so the command would say something like "mv {{ item.item ...", which is not meaningful at this position. Hence, I renamed the loop variable. This has nothing to do with the problem, though.