Bug 1003105 - python-boto-2.9.9-2.el6 breaks ansible ec2 module
Summary: python-boto-2.9.9-2.el6 breaks ansible ec2 module
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: ansible
Version: el6
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Tim Bielawa
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2013-08-30 19:29 UTC by Kevin Fenzi
Modified: 2014-03-15 19:50 UTC (History)
7 users (show)

Fixed In Version: ansible-1.5-1.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2014-03-10 06:46:19 UTC
Type: Bug

Attachments (Terms of Use)

Description Kevin Fenzi 2013-08-30 19:29:17 UTC

I am using ansible's ec2 module here to spin up instances. 



everything works as expected. 



I get a traceback: 

invalid output was: Traceback (most recent call last):
  File "/root/.ansible/tmp/ansible-1377890460.82-182712855679615/ec2", line 1300, in <module>
  File "/root/.ansible/tmp/ansible-1377890460.82-182712855679615/ec2", line 287, in main
    grp_details = ec2.get_all_security_groups()
  File "/usr/lib/python2.6/site-packages/boto/ec2/connection.py", line 2266, in get_all_security_groups
    [('item', SecurityGroup)], verb='POST')
  File "/usr/lib/python2.6/site-packages/boto/connection.py", line 1062, in get_list
    response = self.make_request(action, params, path, verb)
  File "/usr/lib/python2.6/site-packages/boto/connection.py", line 1008, in make_request
    return self._mexe(http_request)
  File "/usr/lib/python2.6/site-packages/boto/connection.py", line 927, in _mexe
    raise e
socket.gaierror: [Errno -2] Name or service not known

Happy to provide more info or debugging...

Comment 1 Garrett Holmstrom 2013-08-30 22:28:25 UTC
Let me guess:  you're pointing this at a Eucalyptus or Nova server with a self-signed certificate.  :-)  Boto started verifying server certificates by default in version 2.6.0, so if your client doesn't recognize the server's signature chain that is probably the culprit.

What we need to do is figure out how to get ansible to pass validate_certs=False to its call to boto.connect_ec2_endpoint.  I don't think that's currently configurable, so I suspect a real fix will involve a patch to ansible's ec2 module.

For the time being you can work around this change by writing this to the [Boto] section of ~/.boto:

    https_validate_certificates = False

Comment 2 Kevin Fenzi 2013-08-30 23:12:26 UTC
Yep. Thats exactly the problem. ;)

Comment 3 Garrett Holmstrom 2013-08-30 23:20:51 UTC
Filed a bug for the real fix upstream:  https://github.com/ansible/ansible/issues/3978

Comment 4 Garrett Holmstrom 2013-09-26 22:50:59 UTC
The actual fix for this will need to be part of an ansible update.  Reassigning...

Comment 5 Fedora Update System 2014-02-28 22:03:21 UTC
ansible-1.5-1.fc20 has been submitted as an update for Fedora 20.

Comment 6 Fedora Update System 2014-02-28 22:04:40 UTC
ansible-1.5-1.fc19 has been submitted as an update for Fedora 19.

Comment 7 Fedora Update System 2014-02-28 22:05:35 UTC
ansible-1.5-1.el6 has been submitted as an update for Fedora EPEL 6.

Comment 8 Fedora Update System 2014-03-01 07:15:16 UTC
Package ansible-1.5-1.el6:
* should fix your issue,
* was pushed to the Fedora EPEL 6 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=epel-testing ansible-1.5-1.el6'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).

Comment 9 Fedora Update System 2014-03-10 06:46:19 UTC
ansible-1.5-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2014-03-10 06:47:54 UTC
ansible-1.5-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2014-03-15 19:50:00 UTC
ansible-1.5-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.