Is this the same problem as
https://github.com/ansible/ansible-modules-core/issues/1068 ? It looks
from your output like it might be:
138.68.160.0/20, TCP, from port: 22, to port: 22, ALLOW" already exists
fatal: [localhost]: FAILED! => {"changed": false, "error": {"code":
"InvalidPermission.Duplicate", "message": "the specified rule \"peer:
138.68.160.0/20, TCP, from port: 22, to port: 22, ALLOW\" already exists"},
"failed": true, "msg": "Unable to authorize in for ip 138.68.174.135/20
When you specify 138.68.174.135/20, that gets translated to the arguably
more correct 138.68.160.0/20 when AWS creates the rule, but then Ansible
doesn't do that translation when it checks if the rule already exists --
it looks for 138.68.174.135/20, sees 138.68.160.0/20, doesn't realize
they're equivalent, tries to add the rule, and gets the error.
You might be able to work around this by just canonicalizing the ATTACK_IP
you're trying to allow, before you run Ansible, if that's easy to do.
-Josh ([email protected])
(apologies for the automatic corporate disclaimer that follows)
This email is intended for the person(s) to whom it is addressed and may
contain information that is PRIVILEGED or CONFIDENTIAL. Any unauthorized use,
distribution, copying, or disclosure by any person other than the addressee(s)
is strictly prohibited. If you have received this email in error, please notify
the sender immediately by return email and delete the message and any
attachments from your system.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/22955.62914.700525.309810%40gargle.gargle.HOWL.
For more options, visit https://groups.google.com/d/optout.
