Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1601752 - [ansible-2.6] Failed to create ec2 security group due to the unsupported module port "all"
[ansible-2.6] Failed to create ec2 security group due to the unsupported mod...
Status: CLOSED ERRATA
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer (Show other bugs)
3.11.0
Unspecified Unspecified
medium Severity medium
: ---
: 3.11.0
Assigned To: Chris Callegari
sheng.lao
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2018-07-17 03:51 EDT by sheng.lao
Modified: 2018-10-11 03:22 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: An update to the AWS api disallowed applications from using the 'all' value to security_group rules. Consequence: Downstream applications Boto, Boto3 and Ansible will fail to create a security_group rule when using value 'all' Fix: openshift-installer task has been updated to use port range 1 - 65535 in replacement of the 'all' value. Result: security_group rule is successfully created.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-10-11 03:21:41 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:2652 None None None 2018-10-11 03:22 EDT

  None (edit)
Description sheng.lao 2018-07-17 03:51:01 EDT 
Description of problem:
Simliar upstream issue: https://github.com/ansible/ansible/issues/42230

When using the ansible-2.6 to creat Aws scale group, with prerequisites.yml. Installer failed to create ec2 security group due to the unsupported module port "all"

The default port "all" against security group seems not be supported in ansible-2.6 native module ec2_group.

openshift_aws_node_security_groups is defined in the playbook:
roles/openshift_aws/defaults/main.yml
258 openshift_aws_node_security_groups:
259   default:                                
<--snip-->
267     - proto: all
268       from_port: all
269       to_port: all                                   
<--snip-->

and is uesed in roles/openshift_aws/tasks/security_group.yml
  9 - name: create the node group sgs
 10   ec2_group:
 <--snip-->
 16   with_dict: "{{ openshift_aws_node_security_groups }}"

Version-Release number of the following components:
openshift-ansible: git master branch: a7cab9f1218b7

# rpm -qa |grep ansible
ansible-2.6.1-1.el7ae.noarch

# ansible --version
ansible 2.6.1
  config file = /root/openshift-ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Apr 11 2018, 07:36:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]


How reproducible:
always

Steps to Reproduce:
1. ansible-playbook -i inventory.yml playbooks/aws/openshift-cluster/prerequisites.yml -e @provisioning_vars.yml
2.
3.

Actual results:
TASK [openshift_aws : create the node group sgs] *************************************************************************************************task path: /root/openshift-ansible/roles/openshift_aws/tasks/security_group.yml:9
Tuesday 17 July 2018  02:45:00 -0400 (0:00:02.903)       0:00:20.540 ********** 
Using module file /usr/lib/python2.7/site-packages/ansible/modules/cloud/amazon/ec2_group.py
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: root
<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python2 && sleep 0'
The full traceback is:
Traceback (most recent call last):
  File "/tmp/ansible_TPFk1j/ansible_module_ec2_group.py", line 1021, in <module>
    main() 
  File "/tmp/ansible_TPFk1j/ansible_module_ec2_group.py", line 875, in main
    rules = deduplicate_rules_args(rules_expand_sources(rules_expand_ports(module.params['rules'])))
  File "/tmp/ansible_TPFk1j/ansible_module_ec2_group.py", line 607, in rules_expand_ports
    for rule in rule_expand_ports(rule_complex)]
  File "/tmp/ansible_TPFk1j/ansible_module_ec2_group.py", line 584, in rule_expand_ports
    rule['from_port'] = int(rule.get('from_port'))
ValueError: invalid literal for int() with base 10: 'all'

Expected results:
asnsible job is success

Additional info:
Please attach logs from ansible-playbook with the -vvv flag
Comment 1 Chris Callegari 2018-08-08 10:51:11 EDT 
The fix for this issue has been committed and merged via pull/9390

https://github.com/openshift/openshift-ansible/pull/9390/commits/8946f22cc7aa0bfefb73cade49cfaab200116e88#diff-28877217ed3fe1943b811f9f27bcdb6fL268-269
Comment 2 Scott Dodson 2018-08-14 17:24:50 EDT 
Should be in openshift-ansible-3.11.0-0.15.0
Comment 3 sheng.lao 2018-08-16 02:38:47 EDT 
Fixed at: openshift-ansible-3.11.0-0.15.0
Comment 5 errata-xmlrpc 2018-10-11 03:21:41 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2652
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.