-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Conversation
`connect_to_aws` fixes a bug with security tokens in AWS. Modules should use that rather than calling `boto.x.connect_to_region`
try: | ||
s3 = connect_to_aws(boto.s3, location, **aws_connect_kwargs) | ||
except AnsibleAWSError: | ||
# use this as fallback because connect_to_region seems to fail in boto + non 'classic' aws accounts in some cases |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What does this mean? Can we fix this in connect_to_aws?
Thanks @dougluce for this PR. This module is maintained by the Ansible core team, so it can take a while for patches to be reviewed. Thanks for your patience. [This message brought to you by your friendly Ansibull-bot.] |
I just upgraded to Ansible 2.1 and started getting this error as well. I can confirm that @dougluce patch solves the problem (or at least prevents premature failure). The |
Ah, it seems that From a coding point of view, this gets my 👍 - with @bradmering's testing, we should be good to go. |
I've cherry-picked this commit and tested locally and can confirm it fixes the bug! |
Looks like this needs back porting to 1.9.x too (see #2421) |
fixed the bug. thanks |
@gregdek shipit |
38bd042
to
5a252fb
Compare
Thanks @dougluce for this PR. Unfortunately, it is not mergeable in its current state due to merge conflicts. Please rebase your PR. When you are done, please comment with text 'ready_for_review' and we will put this PR back into review. [This message brought to you by your friendly Ansibull-bot.] |
8073b8b
to
e888876
Compare
This is to address this error: fatal: [site]: FAILED! => {"changed": false, "failed": true, "msg": "Failed to connect to S3: Region does not seem to be available for awsmodule boto.s3. If the region definitely exists, you may need to upgrade boto or extend with endpoints_path"} Commit 0dd58e9 changed the logic so an exception is thrown (by `connect_to_aws`) before the `s3 is None` check is performed. This changes the `None` check to a catch so the old logic can compensate.
e888876
to
ec0f211
Compare
ready_for_review |
Thanks @dougluce for this PR. This module is maintained by the Ansible core team, so it can take a while for patches to be reviewed. Thanks for your patience. Core team: please review according to guidelines (http://docs.ansible.com/ansible/developing_modules.html#module-checklist) and comment with 'needs_revision' or merge as appropriate. [This message brought to you by your friendly Ansibull-bot.] |
What's the status of this? Ansible 2.1, released yesterday, contains this bug although it was reported a month and a half ago. |
Indeed. This defect practically rendered the s3 module broken outright. All of our playbooks that use s3 are 100% broken. |
I've been using a line like this in my
It's fine as a stopgap but it's important to revise as soon as the proper Ansible release is available. |
shipit |
Is there a workaround for this in the meantime before it's released? edit: I see Allen posted something. I'm installing from the apt repo, not sure if that excludes me from this workaround. |
@mrvisser I just took the |
Thanks @jamescarr . Yesterday, I switched to the pip build which, while it was painful to get working, will allow us to be a bit more nimble deploying onto specific versions in the future. For anyone who may do the same while being blocked by this, here's a packer provisioner that was required from the base ec2 ubuntu ami to get ansible installed at a particular version ( "provisioners": [
{
"type": "shell",
"inline": [
"sudo apt-get update",
"sudo apt-get install software-properties-common -y",
"sudo apt-get install build-essential python-dev python-setuptools git libffi-dev libssl-dev -y",
"sudo easy_install pip",
"sudo -H pip install git+git://github.com/ansible/ansible.git@v2.0.2.0-1",
"sudo -H pip install -U distribute",
"sudo apt-get install python-boto -y"
]
}
] |
@mrvisser thanks a ton for sharing that. Friday morning I too witnessed some pain at switching to a pip based install and simply gave up since I had a few other in-flight pull requests to wrap up. |
Includes cherry-pick of [ansible-modules-core#3347](ansible/ansible-modules-core#3347)
ISSUE TYPE
COMPONENT NAME
ANSIBLE VERSION
SUMMARY
This addresses the error:
Commit 0dd58e9 changed the logic so an exception is thrown (by
connect_to_aws
) before thes3 is None
check is performed. This change changese theNone
check to a catch so the old logic can compensate.