Unable to rerun install

I’m trying to rerun the install (./securedrop-admin install) after updating the admin workstation to 0.7.0, but something breaks.
The task is:
TASK [restrict-direct-access : Copy IPv4 iptables rules.]

And the error message reads:
fatal: [app]: FAILED => {"changed": false, "msg": "AnsibleUndefinedVariable: ' dict object' has no attribute 'ipv4'"}
fatal: [mon]: FAILED => {"changed": false, "msg": "AnsibleUndefinedVariable: ' dict object' has no attribute 'ipv4'"}

Any good ideas ?

//Jonas

(I did all the steps first:
cd ~/Persistent/securedrop
git fetch --tags
gpg --recv-key "2224 5C81 E3BA EB41 38B3 6061 310F 5612 00F4 AD77"
git tag -v 0.7.0
git checkout 0.7.0
./securedrop-admin setup
./securedrop-admin tailsconfig

./securedrop-admin sdconfig
./securedrop-admin install

I also tried redoing the sdconfig config from scratch, by moving the file and rerunning sdconfig to recreate it)

The Copy IPv4 iptables rules task evaluates the rules_v4 template which has a fragile logic introduced in 0.7.0. I ran into an issue in the same area and proposed a workaround that was accepted. This will also fix the problem you are currently facing when 0.8.0 is published late june.

In the meantime you can:

• Edit install_files/ansible-base/roles/restrict-direct-access/templates/rules_v4
• Remove the faulty Allowed for staging and optionally for production (disables ssh over tor) block
• Save
• Run securedrop-admin install again

I suggest you file an issue so this particular problem can be fixed properly. If you are unsure how to file the bug report, I’d be happy to help.

Thank you for the information. I will try to test it, when I get the time to do it, and report back.

I didn’t get the time to try this before now. But your suggestion worked like a charm, thank you.