setting wg0.conf in only 1 host from group
emper0r opened this issue · 2 comments
emper0r commented
Hi again , i need set the configuration in only 1 host from a group
i have
[aws_fws]
fw1.aws.local
fw2.aws.local
the variables are in the file
inventory/host_var/fw1/wireguard.yml
if I do
ansible-playbook wireguard.yml --limit="fw1.aws.local"
everything is OK in 1 host... BUT
if i do in my playbook the same thing
- name: Configure Wireguard
hosts: aws_fws
gather_facts: yes
vars:
vars_files:
roles:
- role: wireguard
when: inventory_hostname == 'fw1.aws.local'
i receive this error...
The full traceback is:
Traceback (most recent call last):
File "/usr/local/bin/python_virtualenvs/ansible-4.3.0-devops_env9/lib/python3.8/site-packages/ansible/template/__init__.py", line 1100, in do_template
res = j2_concat(rf)
File "<template>", line 119, in root
File "/usr/local/bin/python_virtualenvs/ansible-4.3.0-devops_env9/lib/python3.8/site-packages/jinja2/runtime.py", line 903, in _fail_with_undefined_error
raise self._undefined_exception(self._undefined_message)
jinja2.exceptions.UndefinedError: 'ansible.vars.hostvars.HostVarsVars object' has no attribute 'wireguard__fact_public_key'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/bin/python_virtualenvs/ansible-4.3.0-devops_env9/lib/python3.8/site-packages/ansible/plugins/action/template.py", line 146, in run
resultant = templar.do_template(template_data, preserve_trailing_newlines=True, escape_backslashes=False)
File "/usr/local/bin/python_virtualenvs/ansible-4.3.0-devops_env9/lib/python3.8/site-packages/ansible/template/__init__.py", line 1137, in do_template
raise AnsibleUndefinedVariable(e)
ansible.errors.AnsibleUndefinedVariable: 'ansible.vars.hostvars.HostVarsVars object' has no attribute 'wireguard__fact_public_key'
fatal: [fw1.aws.local]: FAILED! => changed=false
msg: 'AnsibleUndefinedVariable: ''ansible.vars.hostvars.HostVarsVars object'' has no attribute ''wireguard__fact_public_key'''
fw1.yml
---
wireguard_interface: wg0
wireguard_address: 192.168.20.1/32
wireguard_endpoint: "{{ ansible_hostname }}.aws.local"
wireguard_dns: "aws.local"
wireguard_port: 51820
wireguard_unmanaged_peers:
laptop:
public_key: .......public_key......
allowed_ips: 192.168.20.2/32"
wireguard_postup:
- iptables -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE
- iptables -A FORWARD -i {{ wireguard_interface }} -j ACCEPT
- iptables -A FORWARD -o {{ wireguard_interface }} -j ACCEPT
- iptables -A INPUT -i {{ wireguard_interface }} -j ACCEPT
- iptables -A OUTPUT -o {{ wireguard_interface }} -j ACCEPT
wireguard_postdown:
- iptables -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE
- iptables -D FORWARD -i {{ wireguard_interface }} -j ACCEPT
- iptables -D FORWARD -o {{ wireguard_interface }} -j ACCEPT
- iptables -D INPUT -i {{ wireguard_interface }} -j ACCEPT
- iptables -D OUTPUT -o {{ wireguard_interface }} -j ACCEPT
j8r commented
You can create a group for this specific host. You can nconfigure your inventory to create one per Name tag for example, then create an according inventory file for this specific host.