This is how I am using cloudformation_stack_facts module in one of my
playbooks:
---
- name: get vpc stack outputs
cloudformation_stack_facts:
stack_name: "hydra-{{ deployment }}-vpc"
region: "{{ aws.region }}"
register: vpc_cft
- name: vpc outputs
set_fact:
vpc:
id: "{{ vpc_cft['stack_outputs']['vpc'] }}"
gateway: "{{ vpc_cft['stack_outputs']['gateway'] }}"
int_ssh_sg: "{{ vpc_cft['stack_outputs']['intSshSg'] }}"
ext_https_sg: "{{ vpc_cft['stack_outputs']['extHttpsSg'] }}"
instance_profile: "{{ vpc_cft['stack_outputs']['instanceProfile'] }}"
instance_role: "{{ vpc_cft['stack_outputs']['instanceRole'] }}"
primary_nat: "{{ vpc_cft['stack_outputs']['nat'] }}"
alternate_nat: "{{ vpc_cft['stack_outputs']['natAlt'] }}"
On Monday, December 12, 2016 at 7:55:33 PM UTC-8, Girish Khadke wrote:
>
> Hi,
>
> I am running following stack for ansible :
>
> Ansible Tower 3.0.2
> Ansible 2.1.1.0 (that comes default on Tower 3.0.2)
>
> Below is the output of pip freeze on Ansible Tower CentOS 6.8 machine
> which shows any python packages that are there on my Ansible Tower image :
>
> ansible==2.1.1.0
> anyjson==0.3.3
> apache-libcloud==0.20.1
> appdirs==1.4.0
> argparse==1.4.0
> awacs==0.6.0
> azure==2.0.0rc2
> azure-common==1.1.2
> azure-graphrbac==0.30.0rc2
> azure-mgmt==0.30.0rc2
> azure-mgmt-authorization==0.30.0rc2
> azure-mgmt-cdn==0.30.0rc2
> azure-mgmt-compute==0.30.0rc2
> azure-mgmt-logic==0.30.0rc2
> azure-mgmt-network==0.30.0rc2
> azure-mgmt-notificationhubs==0.30.0rc2
> azure-mgmt-nspkg==1.0.0
> azure-mgmt-redis==0.30.0rc2
> azure-mgmt-resource==0.30.0rc2
> azure-mgmt-scheduler==0.30.0rc2
> azure-mgmt-storage==0.30.0rc2
> azure-mgmt-web==0.30.0rc2
> azure-nspkg==1.0.0
> azure-servicebus==0.20.1
> azure-servicemanagement-legacy==0.20.2
> azure-storage==0.30.0
> Babel==2.2.0
> backports.ssl-match-hostname==3.5.0.1
> begins==0.9
> boto==2.43.0
> certifi==2016.8.31
> cffi==1.7.0
> chardet==2.3.0
> cliff==1.15.0
> cmd2==0.6.8
> cryptography==1.3.2
> debtcollector==1.2.0
> decorator==4.0.6
> dogpile.cache==0.5.7
> dogpile.core==0.4.1
> enum34==1.1.6
> ethtool==0.6
> funcsigs==0.4
> functools-total-ordering-monkeypatch==1.0
> futures==3.0.4
> httplib2==0.9.2
> idna==2.0
> importlib==1.0.3
> iniparse==0.3.1
> ip-associations-python-novaclient-ext==0.1
> ipaddress==1.0.16
> iso8601==0.1.11
> isodate==0.5.1
> Jinja2==2.8
> jsonpatch==1.12
> jsonpointer==1.10
> jsonschema==2.5.1
> keyring==4.1
> keystoneauth1==2.12.1
> lxml==3.4.4
> M2Crypto==0.20.2
> MarkupSafe==0.23
> meld3==0.6.7
> mercurial==1.4
> mock==1.0.1
> monotonic==0.6
> msgpack-python==0.4.7
> msrest==0.2.0
> msrestazure==0.2.1
> munch==2.0.4
> netaddr==0.7.18
> netifaces==0.10.4
> oauthlib==1.1.2
> ordereddict==1.2
> os-client-config==1.14.0
> os-diskconfig-python-novaclient-ext==0.1.3
> os-networksv2-python-novaclient-ext==0.25
> os-virtual-interfacesv2-python-novaclient-ext==0.19
> oslo.config==3.3.0
> oslo.i18n==3.2.0
> oslo.serialization==2.2.0
> oslo.utils==3.4.0
> paramiko==1.7.5
> pbr==1.8.1
> pciutils==1.7.3
> policycoreutils-default-encoding==0.1
> positional==1.1.1
> prettytable==0.7.2
> psphere==0.5.2
> psutil==3.1.1
> psycopg2==2.6.2
> pyasn1==0.1.9
> pycparser==2.14
> pycrypto==2.6.1
> pycurl==7.19.0
> pygpgme==0.1
> pykerberos==1.1.13
> pyOpenSSL==0.15.1
> pyparsing==2.0.7
> pyrax==1.9.7
> python-cinderclient==1.5.0
> python-dateutil==2.4.0
> python-dmidecode==3.10.13
> python-glanceclient==1.1.0
> python-heatclient==0.8.1
> python-ironicclient==1.0.0
> python-keyczar==0.71rc0
> python-keystoneclient==2.1.1
> python-neutronclient==4.0.0
> python-novaclient==3.2.0
> python-ntlm3==1.0.2
> python-openstackclient==2.0.0
> python-swiftclient==2.7.0
> python-troveclient==1.4.0
> pytz==2015.7
> pywinrm==0.2.0
> PyYAML==3.11
> pyzmq==14.5.0
> rackspace-auth-openstack==1.3
> rackspace-novaclient==1.5
> rax-default-network-flags-python-novaclient-ext==0.3.2
> rax-scheduled-images-python-novaclient-ext==0.3.1
> repoze.lru==0.6
> requests==2.5.1
> requests-kerberos==0.10.0
> requests-ntlm==0.3.0
> requests-oauthlib==0.6.2
> requestsexceptions==1.1.1
> rhnlib==2.5.55
> setools==1.0
> shade==1.4.0
> simplejson==3.8.1
> six==1.9.0
> stevedore==1.10.0
> suds==0.4
> supervisor==3.0
> total-ordering==0.1.0
> troposphere==1.9.0
> unicodecsv==0.14.1
> urlgrabber==3.9.1
> virtualenv==1.10.1
> warlock==1.2.0
> wrapt==1.10.6
> xmltodict==0.9.2
> yum-metadata-parser==1.1.2
>
>
> Problem :
>
> I have some ansible playbook that depend on ansible module
> "cloudformation_stack_facts" which is not a standard core module from
> Ansible 2.1.1.0 that comes with Ansible Tower.
> Now since I wanted to use unreleased module, I followed steps from :
> https://support.ansible.com/hc/en-us/articles/204229188-Use-an-unreleased-module-from-Ansible-source-with-Tower
>
> to use that with my ansible tower project.
> However when I run my ansible playbook using Tower, I run into error with
> Boto during Job run:
>
> TASK [aws_groups : get vpc stack outputs]
> ************************************** task path:
> /var/lib/awx/projects/_1399__hydra_playbooks/hydra_deploy/ansible/roles/aws_groups/tasks/vpc_output.yml:2
> <127.0.0.1>
> ESTABLISH LOCAL CONNECTION FOR USER: awx <127.0.0.1> EXEC /bin/sh -c '(
> umask 77 && mkdir -p "` echo
> $HOME/.ansible/tmp/ansible-tmp-1481245531.53-96929779053062 `" && echo
> ansible-tmp-1481245531.53-96929779053062="` echo
> $HOME/.ansible/tmp/ansible-tmp-1481245531.53-96929779053062 `" ) && sleep 0'
> <127.0.0.1>
> PUT /tmp/tmpaBil6N TO
> /var/lib/awx/.ansible/tmp/ansible-tmp-1481245531.53-96929779053062/cloudformation_stack_facts
> <127.0.0.1>
> EXEC /bin/sh -c 'LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8
> LC_MESSAGES=en_US.UTF-8 /usr/bin/python2.6
> /var/lib/awx/.ansible/tmp/ansible-tmp-1481245531.53-96929779053062/cloudformation_stack_facts;
>
> rm -rf
> "/var/lib/awx/.ansible/tmp/ansible-tmp-1481245531.53-96929779053062/" >
> /dev/null 2>&1 && sleep 0' An exception occurred during task execution.
> The full traceback is: Traceback (most recent call last): File
> "/tmp/ansible_QEgMLD/ansible_module_cloudformation_stack_facts.py", line
> 96, in <module> main() File
> "/tmp/ansible_QEgMLD/ansible_module_cloudformation_stack_facts.py", line
> 55, in main cfn = boto.cloudformation.connect_to_region(region) File
> "/var/lib/awx/venv/ansible/lib/python2.6/site-packages/boto/cloudformation/__init__.py",
>
> line 55, in connect_to_region return region.connect(**kw_params) File
> "/var/lib/awx/venv/ansible/lib/python2.6/site-packages/boto/regioninfo.py",
> line 187, in connect return self.connection_cls(region=self, **kw_params)
> File
> "/var/lib/awx/venv/ansible/lib/python2.6/site-packages/boto/cloudformation/connection.py",
>
> line 89, in __init__ profile_name=profile_name) File
> "/var/lib/awx/venv/ansible/lib/python2.6/site-packages/boto/connection.py",
> line 1100, in __init__ provider=provider) File
> "/var/lib/awx/venv/ansible/lib/python2.6/site-packages/boto/connection.py",
> line 569, in __init__ host, config, self.provider,
> self._required_auth_capability()) File
> "/var/lib/awx/venv/ansible/lib/python2.6/site-packages/boto/auth.py", line
> 993, in get_auth_handler 'Check your credentials' % (len(names),
> str(names))) boto.exception.NoAuthHandlerFound: No handler was ready to
> authenticate. 1 handlers were checked. ['HmacAuthV4Handler'] Check your
> credentials fatal: [localhost]: FAILED! => {"changed": false, "failed":
> true, "invocation": {"module_name": "cloudformation_stack_facts"},
> "module_stderr": "Traceback (most recent call last):\n File
> \"/tmp/ansible_QEgMLD/ansible_module_cloudformation_stack_facts.py\", line
> 96, in <module>\n main()\n File
> \"/tmp/ansible_QEgMLD/ansible_module_cloudformation_stack_facts.py\", line
> 55, in main\n cfn = boto.cloudformation.connect_to_region(region)\n File
> \"/var/lib/awx/venv/ansible/lib/python2.6/site-packages/boto/cloudformation/__init__.py\",
>
> line 55, in connect_to_region\n return region.connect(**kw_params)\n File
> \"/var/lib/awx/venv/ansible/lib/python2.6/site-packages/boto/regioninfo.py\",
> line 187, in connect\n return self.connection_cls(region=self,
> **kw_params)\n File
> \"/var/lib/awx/venv/ansible/lib/python2.6/site-packages/boto/cloudformation/connection.py\",
>
> line 89, in __init__\n profile_name=profile_name)\n File
> \"/var/lib/awx/venv/ansible/lib/python2.6/site-packages/boto/connection.py\",
> line 1100, in __init__\n provider=provider)\n File
> \"/var/lib/awx/venv/ansible/lib/python2.6/site-packages/boto/connection.py\",
> line 569, in __init__\n host, config, self.provider,
> self._required_auth_capability())\n File
> \"/var/lib/awx/venv/ansible/lib/python2.6/site-packages/boto/auth.py\",
> line 993, in get_auth_handler\n 'Check your credentials' % (len(names),
> str(names)))\nboto.exception.NoAuthHandlerFound: No handler was ready to
> authenticate. 1 handlers were checked. ['HmacAuthV4Handler'] Check your
> credentials\n", "module_stdout": "", "msg": "MODULE FAILURE", "parsed":
> false}
>
>
> Looks like boto on Ansible Tower is unable to find the AWS credentials I
> am using to run my ansible job through Ansible Tower.
>
> In Ansible Tower I have created correct AWS Credentials and I am using
> those to run my playbook job. I am also using AWS dynamic inventory for
> EC2 in Ansible Tower and also using AWS credentials created in Ansible
> Tower there too. Dynamic Inventory sync is working fine in Ansible Tower.
>
> But whenever I run the playbook job that depends on non-released module,
> it errors out saying that boto was unable to find AWS credentials for
> authentication.
>
> I am wondering what am I doing wrong here. Is the version of boto has to
> do something with it? We need boto latest version to use some of our
> other playbooks that we need to run through Ansible Tower.
>
> Any help here is appreciated.
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/173adcc1-dedb-461c-9e19-b3cda786512f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
