ec2_asg returns as changed when multiple subnets/AZs are provided #25182

Open
conlon opened this Issue May 30, 2017 · 7 comments

Comments

Projects
None yet
6 participants
@conlon

conlon commented May 30, 2017

ISSUE TYPE
  • Bug Report
COMPONENT NAME

ec2_asg

ANSIBLE VERSION
ansible 2.3.0.0 (devel d56ba0945d) last updated 2017/05/10 16:28:41 (GMT -500)
  config file = /Users/mconlon/git/hyperwave_relay_inf_as_code/ansible.cfg
  configured module search path = [u'custom_modules']
  python version = 2.7.12 (default, Oct 11 2016, 05:20:59) [GCC 4.2.1 Compatible Apple LLVM 8.0.0 (clang-800.0.38)]
CONFIGURATION

ansible.cfg:

[defaults]
roles_path = roles
lookup_plugins = lookup_plugins
filter_plugins = filter_plugins
hash_behaviour = merge
library = custom_modules
forks = 50

[ssh_connection]
scp_if_ssh = True
pipelining = True
# an attempt to fix ssh unreachable errors when machines are actually reachable
retries = 5
OS / ENVIRONMENT

N/A

SUMMARY

When providing a list of subnets in the vpc_zone_identifier arg, the module always returns as changed.
When providing a single subnet, the module returns as ok as expected.

This issue was closed seemingly for no reason in 2014 and apparently hasn't been addressed since #8501

From the summary (which looks useful in full):

the module supplied list of zones are not necessarily in the same order of the zones in the list returned from EC2.

STEPS TO REPRODUCE
- name: create auto scaling group
  ec2_asg:
    region: "{{ region }}"
    name: "{{ asg_name }}"
    vpc_zone_identifier: "{{ subnets | join(,) }}"
    launch_config_name: "{{ launch_config_name }}"
    state: present
EXPECTED RESULTS

The module should only return as changed if something actually changed

ACTUAL RESULTS

The module returns as changed unless I specify the exact ordering of subnets/AZs that was provided by AWS

@bcoca

This comment has been minimized.

Show comment
Hide comment
Member

bcoca commented May 31, 2017

@willthames

This comment has been minimized.

Show comment
Hide comment
@willthames

willthames Jun 1, 2017

Contributor

Thanks for the vote of confidence @bcoca

cc @wimnat too but I'm doing a lot of work on ec2_asg at the mo so I'll take this on.

Contributor

willthames commented Jun 1, 2017

Thanks for the vote of confidence @bcoca

cc @wimnat too but I'm doing a lot of work on ec2_asg at the mo so I'll take this on.

@willthames

This comment has been minimized.

Show comment
Hide comment
@willthames

willthames Jun 1, 2017

Contributor

@conlon can you check this behaviour in latest devel?

I've been using latest ec2_asg with multiple subnets for a while and haven't noticed this behaviour. Looking at the code, deciding on changed wouldn't even detect if the subnets do change, which is likely a bug in itself.

Contributor

willthames commented Jun 1, 2017

@conlon can you check this behaviour in latest devel?

I've been using latest ec2_asg with multiple subnets for a while and haven't noticed this behaviour. Looking at the code, deciding on changed wouldn't even detect if the subnets do change, which is likely a bug in itself.

@rcrelia

This comment has been minimized.

Show comment
Hide comment
@rcrelia

rcrelia Jun 13, 2017

I've recently run into a similar issue with ec2_asg and can report that the current devel branch version does NOT have the same idempotency issue, fyi...

[root@ip-172-31-14-54 wbn]# ansible --version
ansible 2.4.0 (devel 343a709800) last updated 2017/06/13 12:44:40 (GMT +000)
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /root/ansible/lib/ansible
  executable location = /root/ansible/bin/ansible
  python version = 2.7.12 (default, Sep  1 2016, 22:14:00) [GCC 4.8.3 20140911 (Red Hat 4.8.3-9)]

rcrelia commented Jun 13, 2017

I've recently run into a similar issue with ec2_asg and can report that the current devel branch version does NOT have the same idempotency issue, fyi...

[root@ip-172-31-14-54 wbn]# ansible --version
ansible 2.4.0 (devel 343a709800) last updated 2017/06/13 12:44:40 (GMT +000)
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /root/ansible/lib/ansible
  executable location = /root/ansible/bin/ansible
  python version = 2.7.12 (default, Sep  1 2016, 22:14:00) [GCC 4.8.3 20140911 (Red Hat 4.8.3-9)]
@rcrelia

This comment has been minimized.

Show comment
Hide comment
@rcrelia

rcrelia Jun 18, 2017

@conlon I've just implemented a workaround for this issue that you may find of use. It's a bit of a kludge, but it seems to be 100% reliable.

Prior to calling ec2_asg, with a variable called "subnet_ids" as the content for vpc_zone_identifier in ec2_asg, I do the following:

- name: "check for ASG subnet order due to idempotency failures with ec2_asg"
    command: 'aws autoscaling describe-auto-scaling-groups --region "{{ region }}" --auto-scaling-group-names "{{ tag }}" '
    register: describe_asg
    changed_when: false

  - name: "parse the json input from aws describe-auto-scaling-groups"
    set_fact: asg="{{ describe_asg.stdout | from_json }}"

  - name: "get vpc_zone_identifier and parse for subnet-id ordering"
    set_fact: asg_subnets="{{ asg.AutoScalingGroups[0].VPCZoneIdentifier.split(',') }}"
    when: asg.AutoScalingGroups

  - name: "update subnet_ids on subsequent runs"
    set_fact: subnet_ids="{{ asg_subnets }}"
    when: asg.AutoScalingGroups

 # now call ec2_asg and use:
 #     vpc_zone_identifier: "{{ subnet_ids }}"
 #

It's essentially asking AWS what the order should be for the subnet IDs in vpc_zone_identifier and then uses that order in what I feed into ec2_asg. I ran this 100 times after the ASG was created initially and never hit a changed=true because of ec2_asg, so my runs with ec2_asg are now idempotent. Cheers!

rcrelia commented Jun 18, 2017

@conlon I've just implemented a workaround for this issue that you may find of use. It's a bit of a kludge, but it seems to be 100% reliable.

Prior to calling ec2_asg, with a variable called "subnet_ids" as the content for vpc_zone_identifier in ec2_asg, I do the following:

- name: "check for ASG subnet order due to idempotency failures with ec2_asg"
    command: 'aws autoscaling describe-auto-scaling-groups --region "{{ region }}" --auto-scaling-group-names "{{ tag }}" '
    register: describe_asg
    changed_when: false

  - name: "parse the json input from aws describe-auto-scaling-groups"
    set_fact: asg="{{ describe_asg.stdout | from_json }}"

  - name: "get vpc_zone_identifier and parse for subnet-id ordering"
    set_fact: asg_subnets="{{ asg.AutoScalingGroups[0].VPCZoneIdentifier.split(',') }}"
    when: asg.AutoScalingGroups

  - name: "update subnet_ids on subsequent runs"
    set_fact: subnet_ids="{{ asg_subnets }}"
    when: asg.AutoScalingGroups

 # now call ec2_asg and use:
 #     vpc_zone_identifier: "{{ subnet_ids }}"
 #

It's essentially asking AWS what the order should be for the subnet IDs in vpc_zone_identifier and then uses that order in what I feed into ec2_asg. I ran this 100 times after the ASG was created initially and never hit a changed=true because of ec2_asg, so my runs with ec2_asg are now idempotent. Cheers!

@ansibot

This comment has been minimized.

Show comment
Hide comment
@s-hertel

This comment has been minimized.

Show comment
Hide comment
@s-hertel

s-hertel Jul 19, 2017

Contributor

@willthames Are you still working on this? Since this is fixed on devel, may be worth considering to backport?

@ryansb

Contributor

s-hertel commented Jul 19, 2017

@willthames Are you still working on this? Since this is fixed on devel, may be worth considering to backport?

@ryansb

@ansibot ansibot added bug and removed bug_report labels Mar 1, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment