Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1608882

Summary: playbooks/aws/openshift-cluster/prerequisites.yml fails when parsing fromPort
Product: OpenShift Container Platform Reporter: Andrew McDermott <amcdermo>
Component: InstallerAssignee: Chris Callegari <ccallega>
Status: CLOSED ERRATA QA Contact: sheng.lao <shlao>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.11.0CC: aos-bugs, dma, jokerman, mmccomas, shlao
Target Milestone: ---   
Target Release: 3.11.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: An update to the AWS api disallowed applications from using the 'all' value to security_group rules. Consequence: Downstream applications Boto, Boto3 and Ansible will fail to create a security_group rule when using value 'all' Fix: openshift-installer task has been updated to use port range 1 - 65535 in replacement of the 'all' value. Result: security_group rule is successfully created.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-11 07:22:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Andrew McDermott 2018-07-26 12:40:39 UTC 
Bug/repo captured here: 

  https://github.com/openshift/openshift-ansible/issues/9342

This means it is not possible to deploy a cluster using the AWS playbooks.
Comment 1 Chris Callegari 2018-08-16 21:05:10 UTC 
Fixed in pull https://github.com/openshift/openshift-ansible/pull/9595

Waiting on peer review and merge
Comment 2 Andrew McDermott 2018-08-20 09:13:28 UTC 
I see the same issue having pulled pr-9595.

$ git branch
  master
* pr-9595
  release-3.6
  release-3.7
  release-3.8
  release-3.9

$ git log -n 4
commit 78e1bab060165b3cc571d447df5878b348fe5641 (HEAD -> pr-9595)
Author: Chris Callegari <mazzystr>
Date:   Tue Aug 14 16:25:50 2018 -0400

    Commit to enable standalone masters

commit f64f1ea1d1b4f94ae9a0bbd1c61c533cd57334fb
Author: Chris Callegari <mazzystr>
Date:   Tue Aug 14 16:34:41 2018 -0400

    Commit to remove openshift_master_cluster_hostname override

commit c2275312b681c550becae635329a76ecf7946073
Author: Chris Callegari <mazzystr>
Date:   Tue Aug 14 16:33:24 2018 -0400

    Commit to change aws lc & asg name to contain deployment serial

commit ef80e89f980a06fe14ed4dfdb5f3b37dbc54311e
Merge: 8cab8f967 2c831a9fe
Author: OpenShift Merge Robot <openshift-merge-robot.github.com>
Date:   Tue Aug 14 11:09:57 2018 -0700

    Merge pull request #9574 from vareti/update-master-restart
    
    Update Commands in Nuage Roles to Restart Master API Server and Controller

---

Running the installer again I still see:

TASK [openshift_aws : create the node group sgs] **********************************************************************
task path: /home/aim/openshift-ansible/roles/openshift_aws/tasks/security_group.yml:9
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: aim
<127.0.0.1> EXEC /bin/sh -c 'echo ~aim && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/aim/.ansible/tmp/ansible-tmp-1534754888.45-69568376497734 `" && echo ansible-tmp-1534754888.45-69568376497734="` echo /home/aim/.ansible/tmp/ansible-tmp-1534754888.45-69568376497734 `" ) && sleep 0'
Using module file /usr/lib/python2.7/site-packages/ansible/modules/cloud/amazon/ec2_group.py
<127.0.0.1> PUT /home/aim/.ansible/tmp/ansible-local-227584GvCj_/tmpeym8fE TO /home/aim/.ansible/tmp/ansible-tmp-1534754888.45-69568376497734/ec2_group.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /home/aim/.ansible/tmp/ansible-tmp-1534754888.45-69568376497734/ /home/aim/.ansible/tmp/ansible-tmp-1534754888.45-69568376497734/ec2_group.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python2 /home/aim/.ansible/tmp/ansible-tmp-1534754888.45-69568376497734/ec2_group.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/aim/.ansible/tmp/ansible-tmp-1534754888.45-69568376497734/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
  File "/tmp/ansible_b2yXLF/ansible_module_ec2_group.py", line 1021, in <module>
    main()
  File "/tmp/ansible_b2yXLF/ansible_module_ec2_group.py", line 875, in main
    rules = deduplicate_rules_args(rules_expand_sources(rules_expand_ports(module.params['rules'])))
  File "/tmp/ansible_b2yXLF/ansible_module_ec2_group.py", line 607, in rules_expand_ports
    for rule in rule_expand_ports(rule_complex)]
  File "/tmp/ansible_b2yXLF/ansible_module_ec2_group.py", line 584, in rule_expand_ports
    rule['from_port'] = int(rule.get('from_port'))
ValueError: invalid literal for int() with base 10: 'all'

failed: [localhost] (item={'value': {u'rules': [{u'to_port': 22, u'from_port': 22, u'cidr_ip': u'0.0.0.0/0', u'proto': u'tcp'}, {u'to_port': u'all', u'from_port': u'all', u'group_name': u'amcdermo-asg311', u'proto': u'all'}], u'name': u'amcdermo-asg311', u'desc': u'amcdermo-asg311 default'}, 'key': u'default'}) => {
    "changed": false, 
    "item": {
        "key": "default", 
        "value": {
            "desc": "amcdermo-asg311 default", 
            "name": "amcdermo-asg311", 
            "rules": [
                {
                    "cidr_ip": "0.0.0.0/0", 
                    "from_port": 22, 
                    "proto": "tcp", 
                    "to_port": 22
                }, 
                {
                    "from_port": "all", 
                    "group_name": "amcdermo-asg311", 
                    "proto": "all", 
                    "to_port": "all"
                }
            ]
        }
    }, 
    "module_stderr": "Traceback (most recent call last):\n  File \"/tmp/ansible_b2yXLF/ansible_module_ec2_group.py\", line 1021, in <module>\n    main()\n  File \"/tmp/ansible_b2yXLF/ansible_module_ec2_group.py\", line 875, in main\n    rules = deduplicate_rules_args(rules_expand_sources(rules_expand_ports(module.params['rules'])))\n  File \"/tmp/ansible_b2yXLF/ansible_module_ec2_group.py\", line 607, in rules_expand_ports\n    for rule in rule_expand_ports(rule_complex)]\n  File \"/tmp/ansible_b2yXLF/ansible_module_ec2_group.py\", line 584, in rule_expand_ports\n    rule['from_port'] = int(rule.get('from_port'))\nValueError: invalid literal for int() with base 10: 'all'\n", 
    "module_stdout": "", 
    "msg": "MODULE FAILURE", 
    "rc": 1
}
Comment 3 Andrew McDermott 2018-08-20 09:30:18 UTC 
I'm beginning to wonder if I just have a incompatible ansible and/or python versions. 

I have:

$ ansible --version
ansible 2.6.2
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/aim/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.15 (default, May 16 2018, 17:50:09) [GCC 8.1.1 20180502 (Red Hat 8.1.1-1)]
Comment 6 sheng.lao 2018-08-22 02:16:44 UTC 
Verified with: openshift-ansible-3.11.0-0.19.0

and found that it was duplicate of bz-1601752
Comment 8 errata-xmlrpc 2018-10-11 07:22:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2652