I have a task which creates a security group:
- name: Create Production Security Group
ec2_group:
name: "Production Security Group"
description: "Allow access on ssh and 8080"
vpc_id: "{{ prd_vpc_id }}"
rules:
- proto: "tcp"
from_port: "22"
to_port: "22"
cidr_ip: "{{ lookup('env', 'ATTACK_IP') }}"
- proto: "tcp"
from_port: "8080"
to_port: "8080"
cidr_ip: "{{ lookup('env', 'ATTACK_IP') }}"
register: prd_sg
This works fine, the first time I run it.
If I run it again, I get:
TASK [vpc : Create Production Security Group]
***********************************************************************************************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use
-vvv. The error was: botocore.exceptions.ClientError: An error occurred
(InvalidPermission.Duplicate) when calling the
AuthorizeSecurityGroupIngress operation: the specified rule "peer:
138.68.160.0/20, TCP, from port: 22, to port: 22, ALLOW" already exists
fatal: [localhost]: FAILED! => {"changed": false, "error": {"code":
"InvalidPermission.Duplicate", "message": "the specified rule \"peer:
138.68.160.0/20, TCP, from port: 22, to port: 22, ALLOW\" already exists"},
"failed": true, "msg": "Unable to authorize in for ip 138.68.174.135/20
security group 'Production Security Group' - An error occurred
(InvalidPermission.Duplicate) when calling the
AuthorizeSecurityGroupIngress operation: the specified rule \"peer:
138.68.160.0/20, TCP, from port: 22, to port: 22, ALLOW\" already exists",
"response_metadata": {"http_headers": {"connection": "close", "date": "Fri,
01 Sep 2017 18:32:20 GMT", "server": "AmazonEC2", "transfer-encoding":
"chunked"}, "http_status_code": 400, "request_id":
"c79c01db-78d8-43aa-b779-b204f4685052", "retry_attempts": 0}}
to retry, use: --limit @/home/ansible/playbook.retry
I looked into this, and it seemed to be the same issue describe in:
https://github.com/ansible/ansible/issues/24476 which is fixed
in https://github.com/ansible/ansible/pull/24528
With that in mind, I installed the devel branch of ansible:
$ ansible --version
ansible 2.4.0
config file = None
configured module search path =
['/home/ansible/.ansible/plugins/modules',
'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.2 (default, Aug 11 2017, 11:59:59) [GCC 7.1.1
20170622 (Red Hat 7.1.1-3)]
And tried again....
But I am having the same issue. I know that ansible is the 2.4.0 version
because I added an assert especially to stop if not >=2.4.0, and the assert
passes.
Am I missing something here? Is there a simpler way to solve this?
S.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/b7a9975f-d453-4f2c-87e7-34e96bb75f9a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
