Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provisioner Fails when using capitalized letters in ec2_name_prefix #1948

Open
VDI-Tech-Guy opened this issue Apr 25, 2023 · 5 comments
Open

Provisioner Fails when using capitalized letters in ec2_name_prefix #1948

VDI-Tech-Guy opened this issue Apr 25, 2023 · 5 comments
Assignees
@heatmiser

Comments

@VDI-Tech-Guy
Copy link

VDI-Tech-Guy commented Apr 25, 2023
edited
Loading

Problem Summary

When provisioning using a capital letter in the ec2_name_prefix will fail the code run due to not being able to access the "Store SSH Key Pair" as it looks for directories and files without capital letters, there is a | lower placed somewhere in the code that causes the error.

This didnt happen in much older code but it does now.

Issue Type

Bug

Extra vars file

---
# region where the nodes will live
ec2_region: us-west-2

# name prefix for all the VMs
ec2_name_prefix: F5-TestDrive-Test

# creates student_total of workbenches for the workshop
student_total: 1 

# Set the right workshop type, like network, rhel or f5 (see above)
workshop_type: f5

# Generate offline token to authenticate the calls to Red Hat's APIs
# Can be accessed at https://access.redhat.com/management/api
offline_token: "..."

# Required for podman authentication to registry.redhat.io
redhat_username: MyRHUser
redhat_password: "s^perSecretP@ss!"

#####OPTIONAL VARIABLES

# add prebuilt false
pre_build: false

# turn DNS on for control nodes, and set to type in valid_dns_type
dns_type: aws

# password for Ansible control node
admin_password: s^perSecretP@ss!

# Sets the Route53 DNS zone to use for Amazon Web Services
workshop_dns_zone: "mydomain.com"

# automatically installs Tower to control node
controllerinstall: true

# SHA value of targeted AAP bundle setup files.
provided_sha_value: 7456b98f2f50e0e1d4c93fb4e375fe8a9174f397a5b1c0950915224f7f020ec4

# default vars for ec2 AMIs (ec2_info) are located in provisioner/roles/manage_ec2_instances/defaults/main/main.yml
# select ec2_info AMI vars can be overwritten via ec2_xtra vars, e.g.:
ec2_xtra:
  f5node:
    owners: 679593333241
    size: t3.large
    os_type: linux
    disk_volume_type: gp3
    disk_space: 100
    disk_iops: 3000
    disk_throughput: 125
    architecture: x86_64
    filter: 'F5 BIGIP-16.*PAYG-Best 25Mbps*'
    username: admin

f5_ee: "quay.io/f5_business_development/mmabis-ee-test:latest"

Ansible Playbook Output

[ec2-user@ip-10-0-100-29 provisioner]$ ansible-playbook provision_lab.yml -e @/git/aap-test.yaml
[WARNING]: Unable to parse /git/workshops-main-branch/provisioner/hosts as an inventory source
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'

PLAY [initial check setup] *******************************************************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************************************************
ok: [localhost]

TASK [run pre-check role to make sure workshop will complete provisioning] *******************************************************************************************************************************

TASK [../roles/workshop_check_setup : make sure we are running correct Ansible Version] ******************************************************************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [../roles/workshop_check_setup : make sure workshop_type is set to a correct value] *****************************************************************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [../roles/workshop_check_setup : make sure dns_type is set to a correct value] **********************************************************************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [../roles/workshop_check_setup : make sure network_type is set to a correct value] ******************************************************************************************************************
skipping: [localhost]

TASK [../roles/workshop_check_setup : make sure DNS name is 65 characters or less] ***********************************************************************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [../roles/workshop_check_setup : make sure security_console is set to a correct value] **************************************************************************************************************
skipping: [localhost]

TASK [../roles/workshop_check_setup : make sure we are not running with TESTWORKSHOP as the name so no overlap] ******************************************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [../roles/workshop_check_setup : make sure we are not using `ansible` as the password] **************************************************************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [../roles/workshop_check_setup : automation controller checks] **************************************************************************************************************************************
included: /git/workshops-main-branch/roles/workshop_check_setup/tasks/controller.yml for localhost

TASK [../roles/workshop_check_setup : ensure workshop folder F5-TestDrive-Test exists] *******************************************************************************************************************
changed: [localhost]

TASK [../roles/workshop_check_setup : Enforce use of user/password for manifest download] ****************************************************************************************************************
skipping: [localhost]

TASK [../roles/workshop_check_setup : Download manifest.zip] *********************************************************************************************************************************************
skipping: [localhost]

TASK [../roles/workshop_check_setup : Check that the manifest.zip exists] ********************************************************************************************************************************
ok: [localhost]

TASK [../roles/workshop_check_setup : fail] **************************************************************************************************************************************************************
skipping: [localhost]

TASK [../roles/workshop_check_setup : check workshop specific information] *******************************************************************************************************************************
included: /git/workshops-main-branch/roles/workshop_check_setup/tasks/unsupported_workshop.yml for localhost => (item=/git/workshops-main-branch/roles/workshop_check_setup/tasks/unsupported_workshop.yml)

TASK [../roles/workshop_check_setup : unsupported workshop for workshop_check_setup role] ****************************************************************************************************************
ok: [localhost] => {
    "msg": "no more setup for workshop_check_setup role the f5 does not have any specific setup specified"
}

TASK [run AWS check setup if using AWS] ******************************************************************************************************************************************************************

TASK [../roles/aws_check_setup : grab boto version] ******************************************************************************************************************************************************
changed: [localhost]

TASK [../roles/aws_check_setup : make sure we are running correct boto version] **************************************************************************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [../roles/aws_check_setup : check for underscores in workshop name] *********************************************************************************************************************************
skipping: [localhost]

TASK [../roles/aws_check_setup : does route53 zone exist] ************************************************************************************************************************************************
ok: [localhost]

TASK [../roles/aws_check_setup : make sure workshop_dns_zone is owned by your account] *******************************************************************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [../roles/aws_check_setup : Find available AZ for region us-west-2] *********************************************************************************************************************************
ok: [localhost]

TASK [../roles/aws_check_setup : Remove any AZs in the aws_az_deny_list when defined] ********************************************************************************************************************
ok: [localhost]

TASK [../roles/aws_check_setup : Output AWS Availability Zones (AZs)] ************************************************************************************************************************************
skipping: [localhost]

TASK [../roles/aws_check_setup : SET AZ ZONE TO FIRST AVAILABLE] *****************************************************************************************************************************************
ok: [localhost]

TASK [../roles/aws_check_setup : grab information about AWS user] ****************************************************************************************************************************************
ok: [localhost]

TASK [../roles/aws_check_setup : print whoami] ***********************************************************************************************************************************************************
ok: [localhost] => {
    "whoami": {
        "account": "250871914685",
        "account_alias": "",
        "arn": "arn:aws:iam::250871914685:user/matt_mabis_programmatic_access",
        "changed": false,
        "failed": false,
        "user_id": "AIDATU2JBUC6RHXGIDTCZ"
    }
}

TASK [../roles/aws_check_setup : save username of AWS user] **********************************************************************************************************************************************
ok: [localhost]

TASK [../roles/aws_check_setup : save account id of AWS user] ********************************************************************************************************************************************
ok: [localhost]

TASK [download AAP] **************************************************************************************************************************************************************************************

TASK [../roles/aap_download : check if aap.tar.gz exists] ************************************************************************************************************************************************
ok: [localhost]

TASK [../roles/aap_download : download aap.tar.gz from specified URL] ************************************************************************************************************************************
skipping: [localhost]

TASK [../roles/aap_download : download aap.tar.gz from access.redhat.com] ********************************************************************************************************************************
skipping: [localhost]

TASK [../roles/aap_download : check if aap.tar.gz again (post download)] *********************************************************************************************************************************
ok: [localhost]

TASK [../roles/aap_download : Verify sha256sum of aap.tar.gz] ********************************************************************************************************************************************
skipping: [localhost]

PLAY [Create lab instances in AWS] ***********************************************************************************************************************************************************************

TASK [Cluster nodes] *************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [include_role : ../roles/manage_ec2_instances] ******************************************************************************************************************************************************

TASK [../roles/manage_ec2_instances : overwrite select ec2_info vars if ec2_xtra vars are provided] ******************************************************************************************************
ok: [localhost]

TASK [../roles/manage_ec2_instances : include_tasks] *****************************************************************************************************************************************************
skipping: [localhost]

TASK [../roles/manage_ec2_instances : check if we have access to pre_build AMI images] *******************************************************************************************************************
included: /git/workshops-main-branch/roles/manage_ec2_instances/tasks/check_prebuild.yml for localhost

TASK [../roles/manage_ec2_instances : check if we have access to AMI] ************************************************************************************************************************************
ok: [localhost]

TASK [../roles/manage_ec2_instances : check if we have access to pre_build hub AMI images] ***************************************************************************************************************
skipping: [localhost]

TASK [../roles/manage_ec2_instances : provision aws resources and instances] *****************************************************************************************************************************
included: /git/workshops-main-branch/roles/manage_ec2_instances/tasks/provision.yml for localhost

TASK [../roles/manage_ec2_instances : ensure workshop folder F5-TestDrive-Test exists] *******************************************************************************************************************
ok: [localhost]

TASK [../roles/manage_ec2_instances : provision aws resources] *******************************************************************************************************************************************
included: /git/workshops-main-branch/roles/manage_ec2_instances/tasks/resources/resources.yml for localhost

TASK [../roles/manage_ec2_instances : Create AWS VPC F5-TestDrive-Test-vpc] ******************************************************************************************************************************
changed: [localhost]

TASK [../roles/manage_ec2_instances : create file for all AWS security group rules] **********************************************************************************************************************
changed: [localhost]

TASK [../roles/manage_ec2_instances : include_vars] ******************************************************************************************************************************************************
ok: [localhost]

TASK [../roles/manage_ec2_instances : Create EC2 security group for VPC named F5-TestDrive-Test-vpc] *****************************************************************************************************
changed: [localhost]

TASK [../roles/manage_ec2_instances : Create subnet for F5-TestDrive-Test-vpc] ***************************************************************************************************************************
changed: [localhost]

TASK [../roles/manage_ec2_instances : Create subnet2 for F5-TestDrive-Test-vpc (SECURITY MODE)] **********************************************************************************************************
changed: [localhost]

TASK [../roles/manage_ec2_instances : vpc internet gateway is present for vpc-013d70db38bad85d3] *********************************************************************************************************
changed: [localhost]

TASK [../roles/manage_ec2_instances : vpc public subnet route table is present for vpc-013d70db38bad85d3] ************************************************************************************************
changed: [localhost]

TASK [../roles/manage_ec2_instances : set variables for instance creation] *******************************************************************************************************************************
ok: [localhost]

TASK [../roles/manage_ec2_instances : Create ssh key pair for workshop F5-TestDrive-Test] ****************************************************************************************************************
changed: [localhost]

TASK [../roles/manage_ec2_instances : save private key] **************************************************************************************************************************************************
changed: [localhost]

TASK [../roles/manage_ec2_instances : use aws storage for key] *******************************************************************************************************************************************
included: /git/workshops-main-branch/roles/manage_ec2_instances/tasks/resources/aws.yml for localhost

TASK [../roles/manage_ec2_instances : s3 bucket for persistent storage of ec2 key exists] ****************************************************************************************************************
changed: [localhost]

TASK [../roles/manage_ec2_instances : Store SSH Key Pair] ************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Local object \"/git/workshops-main-branch/provisioner/f5-testdrive-test/f5-testdrive-test-private.pem\" does not exist for PUT operation"}

PLAY RECAP ***********************************************************************************************************************************************************************************************
localhost                  : ok=44   changed=12   unreachable=0    failed=1    skipped=13   rescued=0    ignored=0

Ansible Version

[ec2-user@ip-10-0-100-29 provisioner]$ ansible --version
ansible [core 2.14.4]
  config file = /git/workshops-main-branch/provisioner/ansible.cfg
  configured module search path = ['/home/ec2-user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/ec2-user/.local/lib/python3.9/site-packages/ansible
  ansible collection location = /home/ec2-user/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/ec2-user/.local/bin/ansible
  python version = 3.9.16 (main, Dec  8 2022, 00:00:00) [GCC 11.3.1 20221121 (Red Hat 11.3.1-4)] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True

Ansible Configuration

[ec2-user@ip-10-0-100-29 provisioner]$ ansible-config dump --only-changed
CONFIG_FILE() = /git/workshops-main-branch/provisioner/ansible.cfg
DEFAULT_FORKS(/git/workshops-main-branch/provisioner/ansible.cfg) = 50
DEFAULT_HOST_LIST(/git/workshops-main-branch/provisioner/ansible.cfg) = ['/git/workshops-main-branch/provisioner/hosts']
HOST_KEY_CHECKING(/git/workshops-main-branch/provisioner/ansible.cfg) = False
PERSISTENT_COMMAND_TIMEOUT(/git/workshops-main-branch/provisioner/ansible.cfg) = 60
PERSISTENT_CONNECT_TIMEOUT(/git/workshops-main-branch/provisioner/ansible.cfg) = 60
RETRY_FILES_ENABLED(/git/workshops-main-branch/provisioner/ansible.cfg) = False

Ansible Execution Node

CLI Ansible (Ansible Core)

Operating System

[ec2-user@ip-10-0-100-29 provisioner]$ cat /etc/redhat-release 
CentOS Stream release 9
@VDI-Tech-Guy
Copy link
Author

@heatmiser

@heatmiser
Copy link
Contributor

@VDI-Tech-Guy Do you suggest that:

  1. Utilize ec2_name_prefix | lower be utilized when setting the var
  2. A documentation addition to specify what the ec2_name_prefix var is used for and resultant limitations on case used
  3. Both 1 and 2
    ???

@VDI-Tech-Guy
Copy link
Author

Hey @heatmiser - i know that in the past this worked fine with upper cased characters in it, not sure when the change occurred as i was used aged code at the time (AAP 2.1)

I would suggest #3 to ensure users are aware of the limtation as well as ensure if there was a reason for this that its handled appropriately

Downside is that workshop name will be lowercased but to me its not end of the world

image

@IPvSean
Copy link
Contributor

IPvSean commented Oct 3, 2023

@heatmiser are you implementing this, or need help?

@heatmiser
Copy link
Contributor

@IPvSean Circling back on this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@heatmiser heatmiser

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@heatmiser @VDI-Tech-Guy @IPvSean