Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Undefined
Fix Version/s: rhel-10.2
Affects Version/s: None
Component/s: rhel-system-roles
Labels:

Fixed in Build:
rhel-system-roles-1.120.1-0.1.el10
Regression:
None
Severity:
Low

AssignedTeam:
rhel-system-roles

Story Points:
0
ACKs Check:

Dev ack
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
Yes
Products:

Red Hat Enterprise Linux
Sprint:
None

Preliminary Testing:
Requested
Errata Link:
https://errata.engineering.redhat.com/advisory/155382
Test Coverage:
None

Release Note Type:
Enhancement
Release Note Text:

Hide
Feature, enhancement:
Reason:
Result:

Show
Feature, enhancement: Reason: Result:
Release Note Status:
Proposed
ProdDocsReview-CCS:
Unspecified
ProdDocsReview-Dev:
Unspecified
ProdDocsReview-QE:
Unspecified

Experience:

PX Impact Score:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Hi,

When im trying to use role in "Managed-host-to-unmanaged-host (e.g. remote is appliance)" mode Ansible throws error:

>
> [ERROR]: Task failed: object of type 'dict' has no attribute '1.1.1.1'
>
> Task failed.
> Origin: /Users/raf/.ansible/roles/linux-system-roles.vpn/tasks/main.yml:131:7
>
> 129 flatten | reject('match', '^' ~ inventory_hostname ~ '$') | unique | list }}"
> 130 block:
> 131 - name: Create ipsec.conf files
> ^ column 7
>
> <<< caused by >>>
>
> object of type 'dict' has no attribute '1.1.1.1'
> Origin: /Users/raf/.ansible/roles/linux-system-roles.vpn/templates/libreswan-host-to-host.conf.j2
>
> failed: [vrinfrchnexus01] (item=krk) =>

{"ansible_loop_var": "item", "changed": false, "item": "krk", "msg": "Task failed: object of type 'dict' has no attribute '1.1.1.1'"}

Host vrinfrchnexus01 is included in inventory and krk is not and variables are set as follow:
```
vpn_connections:

auth_method: psk
auto: ignore
shared_key_content: nnuxXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
type: tunnel
hosts:
vrinfrchnexus01:
hostname: 1.1.1.1
leftid: leftidhost
krk:
hostname: 2.2.2.2
rightid: rightidhost
subnets:
10.10.0.0/16
```
I asked AI to analyse main.yml and template and proposed solution worked rendering proper ipsec.conf

```
+#
+# Ansible managed
+#
+# system_role:vpn
+
+conn 1.1.1.1-to-2.2.2.2
+ left=1.1.1.1
+ leftid=leftidhost
+ right=2.2.2.2
+ rightid=rightidhost
+ rightsubnets=

{10.10.0.0/16}

+ ikev2=insist
+ auto=ignore
+ type=tunnel
+ authby=secret
```

Fixed template code:
```
conn {{ tunnel.name ~ '~~' if 'name' in tunnel and tunnel.name else '' }}{{ host }}-to~~{{ otherhost }}
left={{ host }}
leftid={{ host | vpn_ipaddr | ternary('','@') }}{{ leftid }}

{# --- FIX BELOW (use thishost instead host) --- #} {% if tunnel.hosts[thishost] is mapping and 'subnets' in tunnel.hosts[thishost] %}

leftsubnets=

{ {%- for subnet in tunnel.hosts[thishost].subnets -%}

{%- if not loop.last -%}

{%- endif -%} {%- endfor -%}

}

{% endif %} {# --- FIX END--- #} {% endif %} {% endfor %}

```
Could you verify fix and apply to main?

Regards
Rafał

links to

link to github issue

RHEA-2025:155382 rhel-system-roles bug fix and enhancement update

Assignee:: Richard Megginson

Reporter:: Richard Megginson

Developer:: Richard Megginson

QA Contact:: David Jez

Doc Contact:: Zuzana Fantini Zoubkova

Votes:: 0 Vote for this issue

Watchers:: 10 Start watching this issue

Created:: 2026/01/29 11:06 PM

Updated:: 2026/02/11 4:43 PM

Stale Date:: 2027/01/28

Next Planned Release Date:: 2026/05/12

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates