diff --git a/roles/cloud-resources/tasks/hetzner.yml b/roles/cloud-resources/tasks/hetzner.yml index dda4ebb7d..fe457956b 100644 --- a/roles/cloud-resources/tasks/hetzner.yml +++ b/roles/cloud-resources/tasks/hetzner.yml @@ -324,24 +324,6 @@ source_ips: ["{{ server_network_ip_range }}"] when: firewall | bool - - name: "Hetzner Cloud: Gather information about firewalls" - ansible.builtin.uri: - url: "https://api.hetzner.cloud/v1/firewalls" - method: GET - headers: - Authorization: "Bearer {{ lookup('ansible.builtin.env', 'HCLOUD_API_TOKEN') }}" - return_content: true - register: hetzner_firewalls_response - failed_when: hetzner_firewalls_response.status != 200 - - - name: "Hetzner Cloud: Extract firewall names for '{{ patroni_cluster_name }}'" - ansible.builtin.set_fact: - firewall_names: >- - {{ hetzner_firewalls_response.json.firewalls - | selectattr('name', 'search', patroni_cluster_name) - | map(attribute='name') - | list }} - # Server and volume - name: "Hetzner Cloud: Create or modify server" hetzner.hcloud.hcloud_server: @@ -356,12 +338,19 @@ enable_ipv6: false private_networks: - "{{ server_network }}" - firewalls: "{{ firewall_names }}" + firewalls: "{{ firewalls_list }}" loop: "{{ range(0, servers_count | int) | list }}" loop_control: index_var: idx label: "{{ server_name | lower }}{{ '%02d' % (idx + 1) }}" register: server_result + vars: + firewalls_list: >- + {{ + ([] if not ssh_public_access | bool else [patroni_cluster_name + '-public-ssh-firewall-rule']) + + ([] if not database_public_access | bool else [patroni_cluster_name + '-public-database-firewall-rule']) + + ([] if not firewall | bool else [patroni_cluster_name + '-private-firewall-rule']) + }} - name: "Hetzner Cloud: Add server to network '{{ server_network }}'" hetzner.hcloud.hcloud_server_network: