ec2_instance: Use "vpc_subnet_id" from module.params when subnet_id is missing from network interface #2488
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…issing from network_interface"
mandar242
requested review from
tremble,
hakbailey,
alinabuzachis,
GomathiselviS and
abikouo
tremble
requested changes
Jan 28, 2025
Docs Build 📝Thank you for contribution!✨ This PR has been merged and your docs changes will be incorporated when they are next published. |
tremble
approved these changes
Jan 28, 2025
tremble
approved these changes
Jan 28, 2025
alinabuzachis
approved these changes
Jan 29, 2025
github-actions
bot
added
backport-9
backport-8
softwarefactory-project-zuul
bot
merged commit 2fb1661
into
ansible-collections:main
49 checks passed
Backport to stable-8: 💔 cherry-picking failed — conflicts found❌ Failed to cleanly apply 2fb1661 on top of patchback/backports/stable-8/2fb1661c4fdefdf8c383a5449b55b2cbe34ad71a/pr-2488 Backporting merged PR #2488 into main
🤖 @patchback |
Backport to stable-9: 💔 cherry-picking failed — conflicts found❌ Failed to cleanly apply 2fb1661 on top of patchback/backports/stable-9/2fb1661c4fdefdf8c383a5449b55b2cbe34ad71a/pr-2488 Backporting merged PR #2488 into main
🤖 @patchback |
mandar242
added a commit
to mandar242/amazon.aws
that referenced
this pull request
Jan 29, 2025
…s missing from network interface (ansible-collections#2488) SUMMARY Fixes https://issues.redhat.com/browse/ACA-2123 This PR addresses an issue where module tries to attach all security groups in the region that default SGs for any VPC in the region. Causing error below fatal: [localhost]: FAILED! => {"boto3_version": "1.34.144", "botocore_version": "1.34.144", "changed": false, "msg": "Could not apply change {'Groups': ['sg-xxxx', 'sg-yyyy', 'sg-zzzz']} to existing instance.: Failed to modify instance attribute"} The subnet_id was previously passed as None when not found in the network_interface, causing failures when applying security group. The logic was updated to use module.params.get("vpc_subnet_id") when provided in task, as a fallback, preventing None from being passed to discover_security_groups() and ensuring the correct subnet is used when the default security group is specified. ISSUE TYPE Bugfix Pull Request COMPONENT NAME ec2_instance ADDITIONAL INFORMATION According to jira, the issue was introduced after 8.1.0 onwards (worked fine until and including 8.1.0) Issue was only seen (during testing/reproducing) when network and vpc_subnet_id were both specified in the task. Playbook used for testing/reproducing the issue. --- - name: EC2 instance hosts: localhost gather_facts: no vars: instance_type: "t2.micro" subnet_id: "subnet-xxxxxxx" region: "ap-northeast-2" image_id: "ami-xxxxxxx" tasks: - name: Create the EC2 instance with proper tags amazon.aws.ec2_instance: image_id: "{{ image_id }}" instance_type: "{{ instance_type }}" network: assign_public_ip: false private_ip_address: "{{ ec2_private_ip | default(omit) }}" purge_tags: false region: "{{ region }}" security_groups: "{{ security_group | default('default') }}" tags: Owner: mandkulk Persistent: False Name: xxxxx-test-instance vpc_subnet_id: "{{ subnet_id }}" wait: true state: present register: ec2 Reviewed-by: Mark Chappell Reviewed-by: Alina Buzachis (cherry picked from commit 2fb1661)
mandar242
added a commit
to mandar242/amazon.aws
that referenced
this pull request
Jan 29, 2025
…s missing from network interface (ansible-collections#2488) SUMMARY Fixes https://issues.redhat.com/browse/ACA-2123 This PR addresses an issue where module tries to attach all security groups in the region that default SGs for any VPC in the region. Causing error below fatal: [localhost]: FAILED! => {"boto3_version": "1.34.144", "botocore_version": "1.34.144", "changed": false, "msg": "Could not apply change {'Groups': ['sg-xxxx', 'sg-yyyy', 'sg-zzzz']} to existing instance.: Failed to modify instance attribute"} The subnet_id was previously passed as None when not found in the network_interface, causing failures when applying security group. The logic was updated to use module.params.get("vpc_subnet_id") when provided in task, as a fallback, preventing None from being passed to discover_security_groups() and ensuring the correct subnet is used when the default security group is specified. ISSUE TYPE Bugfix Pull Request COMPONENT NAME ec2_instance ADDITIONAL INFORMATION According to jira, the issue was introduced after 8.1.0 onwards (worked fine until and including 8.1.0) Issue was only seen (during testing/reproducing) when network and vpc_subnet_id were both specified in the task. Playbook used for testing/reproducing the issue. --- - name: EC2 instance hosts: localhost gather_facts: no vars: instance_type: "t2.micro" subnet_id: "subnet-xxxxxxx" region: "ap-northeast-2" image_id: "ami-xxxxxxx" tasks: - name: Create the EC2 instance with proper tags amazon.aws.ec2_instance: image_id: "{{ image_id }}" instance_type: "{{ instance_type }}" network: assign_public_ip: false private_ip_address: "{{ ec2_private_ip | default(omit) }}" purge_tags: false region: "{{ region }}" security_groups: "{{ security_group | default('default') }}" tags: Owner: mandkulk Persistent: False Name: xxxxx-test-instance vpc_subnet_id: "{{ subnet_id }}" wait: true state: present register: ec2 Reviewed-by: Mark Chappell Reviewed-by: Alina Buzachis (cherry picked from commit 2fb1661)
softwarefactory-project-zuul bot
pushed a commit
that referenced
this pull request
Jan 30, 2025
…s missing from network interface (#2488) (#2491) Manual backport of #2488 SUMMARY Fixes https://issues.redhat.com/browse/ACA-2123 This PR addresses an issue where module tries to attach all security groups in the region that default SGs for any VPC in the region. Causing error below fatal: [localhost]: FAILED! => {"boto3_version": "1.34.144", "botocore_version": "1.34.144", "changed": false, "msg": "Could not apply change {'Groups': ['sg-xxxx', 'sg-yyyy', 'sg-zzzz']} to existing instance.: Failed to modify instance attribute"} The subnet_id was previously passed as None when not found in the network_interface, causing failures when applying security group. The logic was updated to use module.params.get("vpc_subnet_id") when provided in task, as a fallback, preventing None from being passed to discover_security_groups() and ensuring the correct subnet is used when the default security group is specified. ISSUE TYPE Bugfix Pull Request COMPONENT NAME ec2_instance ADDITIONAL INFORMATION According to jira, the issue was introduced after 8.1.0 onwards (worked fine until and including 8.1.0) Issue was only seen (during testing/reproducing) when network and vpc_subnet_id were both specified in the task. Playbook used for testing/reproducing the issue. name: EC2 instance hosts: localhost gather_facts: no vars: instance_type: "t2.micro" subnet_id: "subnet-xxxxxxx" region: "ap-northeast-2" image_id: "ami-xxxxxxx" tasks: name: Create the EC2 instance with proper tags amazon.aws.ec2_instance: image_id: "{{ image_id }}" instance_type: "{{ instance_type }}" network: assign_public_ip: false private_ip_address: "{{ ec2_private_ip | default(omit) }}" purge_tags: false region: "{{ region }}" security_groups: "{{ security_group | default('default') }}" tags: Owner: mandkulk Persistent: False Name: xxxxx-test-instance vpc_subnet_id: "{{ subnet_id }}" wait: true state: present register: ec2 Reviewed-by: Mark Chappell Reviewed-by: Alina Buzachis (cherry picked from commit 2fb1661) SUMMARY ISSUE TYPE Bugfix Pull Request Docs Pull Request Feature Pull Request New Module Pull Request COMPONENT NAME ADDITIONAL INFORMATION Reviewed-by: Alina Buzachis Reviewed-by: GomathiselviS <[email protected]>
softwarefactory-project-zuul bot
pushed a commit
that referenced
this pull request
Jan 30, 2025
…s missing from network interface (#2488) (#2490) Manual backport of #2488 SUMMARY Fixes https://issues.redhat.com/browse/ACA-2123 This PR addresses an issue where module tries to attach all security groups in the region that default SGs for any VPC in the region. Causing error below fatal: [localhost]: FAILED! => {"boto3_version": "1.34.144", "botocore_version": "1.34.144", "changed": false, "msg": "Could not apply change {'Groups': ['sg-xxxx', 'sg-yyyy', 'sg-zzzz']} to existing instance.: Failed to modify instance attribute"} The subnet_id was previously passed as None when not found in the network_interface, causing failures when applying security group. The logic was updated to use module.params.get("vpc_subnet_id") when provided in task, as a fallback, preventing None from being passed to discover_security_groups() and ensuring the correct subnet is used when the default security group is specified. ISSUE TYPE Bugfix Pull Request COMPONENT NAME ec2_instance ADDITIONAL INFORMATION According to jira, the issue was introduced after 8.1.0 onwards (worked fine until and including 8.1.0) Issue was only seen (during testing/reproducing) when network and vpc_subnet_id were both specified in the task. Playbook used for testing/reproducing the issue. name: EC2 instance hosts: localhost gather_facts: no vars: instance_type: "t2.micro" subnet_id: "subnet-xxxxxxx" region: "ap-northeast-2" image_id: "ami-xxxxxxx" tasks: name: Create the EC2 instance with proper tags amazon.aws.ec2_instance: image_id: "{{ image_id }}" instance_type: "{{ instance_type }}" network: assign_public_ip: false private_ip_address: "{{ ec2_private_ip | default(omit) }}" purge_tags: false region: "{{ region }}" security_groups: "{{ security_group | default('default') }}" tags: Owner: mandkulk Persistent: False Name: xxxxx-test-instance vpc_subnet_id: "{{ subnet_id }}" wait: true state: present register: ec2 Reviewed-by: Mark Chappell Reviewed-by: Alina Buzachis (cherry picked from commit 2fb1661) SUMMARY ISSUE TYPE Bugfix Pull Request Docs Pull Request Feature Pull Request New Module Pull Request COMPONENT NAME ADDITIONAL INFORMATION Reviewed-by: GomathiselviS <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
SUMMARY
Fixes https://issues.redhat.com/browse/ACA-2123
defaultSGs for any VPC in the region. Causing error belowNonewhen not found in thenetwork_interface, causing failures when applying security group.module.params.get("vpc_subnet_id")when provided in task, as a fallback, preventingNonefrom being passed todiscover_security_groups()and ensuring the correct subnet is used when the default security group is specified.ISSUE TYPE
COMPONENT NAME
ec2_instance
ADDITIONAL INFORMATION
According to jira, the issue was introduced after 8.1.0 onwards (worked fine until and including 8.1.0)
Issue was only seen (during testing/reproducing) when
networkandvpc_subnet_idwere both specified in the task.Playbook used for testing/reproducing the issue.