Work around upstream bug

kdelee · kdelee · commit d8f187714ac5 · 2021-10-27T12:48:43.000-04:00
#26 skip if SG exists and has right number of rules Working around more problems w/ the ibmcloud ansible collection get rules from vpc.security_group var
diff --git a/create.yml b/create.yml
@@ -79,7 +79,7 @@
 
     - name: Print IBM Cloud Instance Floating IPs
       debug:
-        msg: 
+        msg:
           - "IC instance Floating IP: "
           - "{{ ibmcloud_vsi_node }}"
 
@@ -143,12 +143,12 @@
 
     - name: Add VM's to Isolated group
       include_role:
-        name: add_iso_hosts 
+        name: add_iso_hosts
       when: install_tower | default('True') | bool
 
     - name: Print IBM Cloud Instance Floating IPs
       debug:
-        msg: 
+        msg:
           - "IC instance Floating IP: "
           - "Isolated Nodes: {{ iso_node }}"
 
@@ -239,7 +239,7 @@
     - name: Fetch the tower vars file
       include_vars:
         file: tower_vars.yml
-        
+
     - name: Fetch the vaulted variables
       include_vars:
         file: config/credential.vault
diff --git a/create_vsi.yml b/create_vsi.yml
@@ -29,7 +29,7 @@
      target: "{{ vsi.primary_network_interface[0]['id'] }}"
   register: fip_create_output
 
-- name: Save Floating IPs 
+- name: Save Floating IPs
   set_fact:
      cacheable: True
      ibmcloud_vsi_node: "{{ ibmcloud_vsi_node|default([]) + [fip_create_output.resource.address] }}"
diff --git a/roles/configure_security_group/tasks/main.yml b/roles/configure_security_group/tasks/main.yml
@@ -1,5 +1,8 @@
 ---
-- name: "Configure Security Group Rule to open certain ports on the VSI"
+- debug:
+    var: vpc.security_group
+
+- name: "Configure Security Group Rule to open certain ports on the VSI when they don't exist"
   ibm.cloudcollection.ibm_is_security_group_rule:
     state: available
     group: "{{ vpc.default_security_group }}"
@@ -10,6 +13,7 @@
       - port_max: "{{ item }}"
         port_min: "{{ item }}"
   loop: "{{ list_of_ports }}"
+  when: vpc.security_group[0].rules|length < list_of_ports|length
 
 - name: "Configure Security Group Rule to open icmp on the VSI"
   ibm.cloudcollection.ibm_is_security_group_rule:
@@ -20,3 +24,4 @@
     remote: 0.0.0.0/0
     icmp:
       - type: 8
+  when: vpc.security_group[0].rules|length < list_of_ports|length
