Cannot forward port in VPC tier to VM secondaray NIC

[rvalle]

I am not sure what is going wrong, I try to make this port forward in the UI and works.

As far as I understand when forwarding ports to secondary NIC the secondary IP of the VM needs to be specified, like so:

          cs_portforward:
            ip_address: "10.9.65.6"
            vm_guest_ip: "10.131.1.127"
            vm: "ft1c"
            public_port: "9000"
            private_port: "9000"
            network: "frontend3"
            vpc: "vpc3"
            zone: "z2"

vm_guest_ip belongs to network frontend3 but that is on secondary NIC for ft1c vm. In the UI I set similar parameters and works.

I get the following error:

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: KeyError: 'secondaryip'
fatal: [localhost]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):
File \"/home/ansible/.ansible/tmp/ansible-tmp-1657746542.2604373-64-246661389431216/AnsiballZ_cs_portforward.py\", line 102, in <module>
    _ansiballz_main()
  File \"/home/ansible/.ansible/tmp/ansible-tmp-1657746542.2604373-64-246661389431216/AnsiballZ_cs_portforward.py\", line 94, in _ansiballz_main
    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
  File \"/home/ansible/.ansible/tmp/ansible-tmp-1657746542.2604373-64-246661389431216/AnsiballZ_cs_portforward.py\", line 40, in invoke_module
    runpy.run_module(mod_name='ansible_collections.ngine_io.cloudstack.plugins.modules.cs_portforward', init_globals=None, run_name='__main__', alter_sys=True)\n  File \"/usr/local/lib/python3.6/runpy.py\", line 205, in run_module
    return _run_module_code(code, init_globals, run_name, mod_spec)
  File \"/usr/local/lib/python3.6/runpy.py\", line 96, in _run_module_code
    mod_name, mod_spec, pkg_name, script_name)
  File \"/usr/local/lib/python3.6/runpy.py\", line 85, in _run_code
    exec(code, run_globals)
  File \"/tmp/ansible_cs_portforward_payload_fcii10oq/ansible_cs_portforward_payload.zip/ansible_collections/ngine_io/cloudstack/plugins/modules/cs_portforward.py\", line 403, in <module>
  File \"/tmp/ansible_cs_portforward_payload_fcii10oq/ansible_cs_portforward_payload.zip/ansible_collections/ngine_io/cloudstack/plugins/modules/cs_portforward.py\", line 396, in main
  File \"/tmp/ansible_cs_portforward_payload_fcii10oq/ansible_cs_portforward_payload.zip/ansible_collections/ngine_io/cloudstack/plugins/modules/cs_portforward.py\", line 278, in present_portforwarding_rule
  File \"/tmp/ansible_cs_portforward_payload_fcii10oq/ansible_cs_portforward_payload.zip/ansible_collections/ngine_io/cloudstack/plugins/modules/cs_portforward.py\", line 320, in update_portforwarding_rule
  File \"/tmp/ansible_cs_portforward_payload_fcii10oq/ansible_cs_portforward_payload.zip/ansible_collections/ngine_io/cloudstack/plugins/module_utils/cloudstack.py\", line 404, in get_vm_guest_ip
KeyError: 'secondaryip'", "module_stdout": "", "msg": "MODULE FAILURE
See stdout/stderr for the exact error", "rc": 1}

[resmo]

related code: https://github.com/ngine-io/ansible-collection-cloudstack/blob/6da2b067658fafb6702153195c1def4dd4fe4bc5/plugins/module_utils/cloudstack.py#L408

[rvalle]

I think it is looking for a secondary IP on the default NIC, however the use case is the ip of a non default NIC. I am not sure of what is the casuistic that should be supported. perhaps ANY ip primary or secondary of any interface should be allowed?

[Pearl1594]

I believe it is not possible to add a port forward rule to the secondary NIC. Trying it directly via Cloudstack i.e, on trying to add a port-forward rule for the primary IP on the secondary nic fails with the following error:

(ansibletest) 🐱 > create portforwardingrule ipaddressid=75421aee-cc8b-47bd-b4ba-8bb926b330ab privateport=3000 privateendport=3000 publicport=3000 publicendport=3000 networkid=32621cf2-ca8a-4821-9f3a-1dadfdddf4fd vmguestip=10.1.1.184 protocol=tcp virtualmachineid=f57183a3-a7dd-4302-8414-2ed3e6fd310b 
🙈 Error: (HTTP 431, error code 4350) IP Address is not in the VM nic's network 

However, there does exist an issue with creating a PF rule on the primary IP of the default NIC as well.