Failing with "AnsibleUndefinedVariable: 'ansible_enp0s6' is undefined"

[wizonesolutions]

I'm having some weird behavior with the firewall.bash template getting generated, and I'm not sure why. The guest is bento/ubuntu-16.04, latest version at the time of writing.

TASK [geerlingguy.firewall : Ensure iptables is present.] ****************************************************************************************************
task path: /media/ubuntu/home/kevin/code/DevOps/ansible/nl3.fillpdf.io/roles/geerlingguy.firewall/tasks/main.yml:2
ok: [default] => {"cache_update_time": 1572894200, "cache_updated": false, "changed": false}

TASK [geerlingguy.firewall : Flush iptables the first time playbook runs.] ***********************************************************************************
task path: /media/ubuntu/home/kevin/code/DevOps/ansible/nl3.fillpdf.io/roles/geerlingguy.firewall/tasks/main.yml:5
changed: [default] => {"changed": true, "cmd": ["iptables", "-F"], "delta": "0:00:00.001695", "end": "2019-11-04 19:14:43.912068", "rc": 0, "start": "2019-11-04 19:14:43.910373", "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}

TASK [geerlingguy.firewall : Copy firewall script into place.] ***********************************************************************************************
task path: /media/ubuntu/home/kevin/code/DevOps/ansible/nl3.fillpdf.io/roles/geerlingguy.firewall/tasks/main.yml:10
fatal: [default]: FAILED! => {"changed": false, "msg": "AnsibleUndefinedVariable: 'ansible_enp0s6' is undefined"}

I looked at the template, but I have no clue where in the template that variable is coming from. It happens even if I comment out all of my firewall_* settings.

[wizonesolutions]

Oh, now this is fascinating...this happens even if I comment out the entire templates/firewall.bash.j2. So perhaps it is some weird Ansible issue.

[geerlingguy]

Are you running the latest version of the role? Also, are you running Ansible 2.9.0? There are some changes to vars templating in 2.9 that have tripped me up here and there.

However, one thing that would be interesting to see if:

firewall_enable_ipv6: false

would fix your issue. I have encountered strange issues with IPv6 on certain Ubuntu installations recently, maybe some IPv6-related package changes upstream...

[wizonesolutions]

@geerlingguy Thanks for the quick reply! I am running Ansible 2.8.6:

 ansible --version                                                                                9.8s  20:33:26
ansible 2.8.6
  config file = (snip)/ansible.cfg
  configured module search path = ['/home/kevin/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.7.4 (default, Oct  4 2019, 06:57:26) [GCC 9.2.0]

Setting that variable didn't seem to help. Here is my full config for the role:

# geerlingguy.firewall
firewall_allowed_tcp_ports:
  # SSH-related.
  - "22"
  - "2222"
  # Mail sending
  - "25"
  - "465"
  - "587"
  # The interwebs.
  - "80"
  - "443"
  # The...the Xdebugs?
  - "9000"
  # MySQL.
  - "3306"
firewall_ip6_additional_rules:
  - 'ip6tables -A INPUT -p icmpv6 -j ACCEPT'
firewall_enable_ipv6: false

[geerlingguy]

Strangely... I don't even see a match for the string ansible_enp0s6 in all of Google, which makes me wonder if it might be something specific to your setup? Is this VirtualBox? A VM somewhere? Bare metal server?

[geerlingguy]

Ah, looks like you're using VirtualBox with a bento box... have you tried the geerlingguy/ubuntu1604 base box? There is a ton of networking junk that goes sideways all the time, and I typically try to paper over that stuff. I am in fact building a new base box as we speak (completely unrelated timing).

[wizonesolutions]

I'll try switching the box now.

[wizonesolutions]

@geerlingguy Did that:

Bringing machine 'default' up with 'virtualbox' provider...
==> default: Box 'geerlingguy/ubuntu1604' could not be found. Attempting to find and install...
    default: Box Provider: virtualbox
    default: Box Version: >= 0
==> default: Loading metadata for box 'geerlingguy/ubuntu1604'
    default: URL: https://vagrantcloud.com/geerlingguy/ubuntu1604
==> default: Adding box 'geerlingguy/ubuntu1604' (v1.3.0) for provider: virtualbox
    default: Downloading: https://vagrantcloud.com/geerlingguy/boxes/ubuntu1604/versions/1.3.0/providers/virtualbox.box
    default: Download redirected to host: vagrantcloud-files-production.s3.amazonaws.com
==> default: Successfully added box 'geerlingguy/ubuntu1604' (v1.3.0) for 'virtualbox'!

But still got the same thing later on. I also tried searching the web for that interface and found nothing. I don't get where it's coming from. That's why I suspect it's actually an Ansible-level issue with template replacement or something. I'm just not quite sure how. I guess I could try diagnosing by commenting out the task that causes this...let's see...

OK, that did fix the error. Obviously starting the firewall failed later on. It's weird, though, because I have the entire template commented out. It shouldn't even be trying to look up any variables...

[wizonesolutions]

I suppose I could set_fact before running the role and just put some garbage into that variable and see if things moved along ¯_(ツ)_/¯

[wizonesolutions]

OK, your new box does have some of those interfaces, although not enp0s6. I just did:

    - name: Work around BS AnsibleUndefinedVariable error
      set_fact:
        ansible_enp0s6: '{{ ansible_enp0s8 }}'

which points to the private network interface. It is ridiculous, but it works around the issue for now. I don't know why ansible_enp0s6 doesn't exist or which interface it's supposed to be. Maybe a public network? I don't have one on my VM, but I guess something like a Digital Ocean VM would have one. This role used to work, but I admit it's been a while since I've run it in full.

[stale[bot]]

This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark issues as stale.

[stale[bot]]

This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.