Error starting project Network whitelists_proxy declared as external, but could not be found

Question

Error starting project Network whitelists_proxy declared as external, but could not be found

nqb opened this issue 3 years ago · 4 comments

Hello,

I defined only one production instance in my inventory without extra_url and run that role.

All tasks succeeded until "start odoo docker prod" handler is called. I got following error:

RUNNING HANDLER [docker_odoo : start odoo docker prod] ************************************************************************************************************************************************************
fatal: [www]: FAILED! => changed=false 
  errors: []
  module_stderr: ''
  module_stdout: ''
  msg: Error starting project Network whitelists_proxy declared as external, but could not be found. Please create the network manually using `docker network create whitelists_proxy` and try again.

Template generated by previous task was https://gist.github.com/nqb/2d030e8d09c5374a0d88c53b65e74d5e

I suppose issue is caused by the fact that whitelists_proxy network is attached to odoo container but not defined previously.
If I compared with inverseproxy_shared, this one is defined previously in /home/docker/inverseproxy/traefik.toml

Answer 1 · 2021-03-04T20:27:13.000Z

A possible patch could be:

diff --git a/templates/prod.yaml.j2 b/templates/prod.yaml.j2
index 0db431f..1e6a2fc 100644
--- a/templates/prod.yaml.j2
+++ b/templates/prod.yaml.j2
@@ -24,7 +24,9 @@ services:
         networks:
             default:
             inverseproxy_shared:
+{% if odoo_prod.extra_urls is defined %}
             whitelists_proxy:
+{% endif %}
 {% if mailname is defined %}
             email_proxy:
 {% endif %}
@@ -139,9 +141,9 @@ networks:
             encrypted: 1
     inverseproxy_shared:
         external: true
+{% if odoo_prod.extra_urls is defined %}
     whitelists_proxy:
         external: true
-{% if odoo_prod.extra_urls is defined %}
     whitelists_public:
         external: true
 {% endif %}
diff --git a/templates/test.yaml.j2 b/templates/test.yaml.j2
index 0228dcb..a5ec484 100644
--- a/templates/test.yaml.j2
+++ b/templates/test.yaml.j2
@@ -19,7 +19,9 @@ services:
         networks:
             default:
             inverseproxy_shared:
+{% if item.extra_urls is defined %}
             whitelists_proxy:
+{% endif %}
         restart: unless-stopped
         labels:
             co.elastic.logs/multiline.pattern: '^[0-9]{2}'
@@ -103,9 +105,9 @@ networks:
         external: true
     inverseproxy_smtp:
         external: true
+{% if item.extra_urls is defined %}
     whitelists_proxy:
         external: true
-{% if sso_url is defined %}
     whitelists_public:
         external: true
 {% endif %}

EDIT: it doesn't really solve issue, only remove whitelists networks if extra_url are not defined.

Answer 2 · 2021-03-05T06:26:11.000Z

Reading of Compose specification confirm my feeling: a network marked as external is not managed by Compose file.

I look at Tecnativa Docker whitelist example and I see they defined "default" network at "internal".

So I see several solutions:

Current template is wrong and networks should be defined differently
Whitelists networks are really external and they should be managed by: Traefik or Docker directly.

Answer 3 · 2021-03-05T14:39:28.000Z

Hi @nqb whitelists networks are normally created by whitelists.yaml which is another docker-compose (allowing these whitelists to be used by both prod and nonprod odoo docker instances) deployed by Ansible with the first task of this role.
I am surprised that this was not the case on your server, maybe because role failed and handler starting whitelists was not run ?

Answer 4 · 2021-03-05T20:59:39.000Z

You're right, playbook failed and handler was never called. Now it works!