Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

check_mode option is not referenced in ec2_instance #46611

Closed
cahlchang opened this issue Oct 8, 2018 · 5 comments
Closed

check_mode option is not referenced in ec2_instance #46611

cahlchang opened this issue Oct 8, 2018 · 5 comments
Labels
affects_2.7 This issue/PR affects Ansible v2.7 aws bug This issue/PR relates to a bug. cloud module This issue/PR relates to a module. needs_maintainer Ansibot is unable to identify maintainers for this PR. (Check `author` in docs or BOTMETA.yml) python3 support:community This issue/PR relates to code supported by the Ansible community.

Comments

@cahlchang
Copy link
Contributor

SUMMARY

In the ec2_instance module, the instance also starts up when check_mode is enabled.
I am working on this problem and I am planning to release PR later.

ISSUE TYPE
  • Bug Report
COMPONENT NAME

ec2_instance

ANSIBLE VERSION
$ ansible --version
ansible 2.7.0
  config file = None
  configured module search path = ['/home/cahlchang/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.6/dist-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 3.6.5 (default, May  3 2018, 10:08:28) [GCC 5.4.0 20160609]
CONFIGURATION
$ ansible-config dump --only-changed
$
# no changed
OS / ENVIRONMENT

ubuntu16.04

STEPS TO REPRODUCE
$ ansible-playbook -C test.yml -vvv
  - name: create ec2 instance
    ec2_instance:
      name: test-ec2-2
      state: present
      image_id: "{{ map_ami_param.image_id }}"
      profile: wheel-base-iamrole
      instance_type: "t2.micro"
      key_name: "base_keypair"
      vpc_subnet_id: "{{ list_subnets | selectattr ('name_subnet', 'equalto', 'wheel-public-1c') | map(attribute='id_subnet') | list | first }}"
      security_group: "default"
      volumes:
        - device_name: "/dev/sda1"
          ebs:
            volume_size: 16
            delete_on_termination: true
      profile: "test"
      region: "ap-northeast-1"
    check_mode: true # Just for sure
EXPECTED RESULTS
ACTUAL RESULTS
TASK [create ec2 instance] ******************************************************************************************************************************************************************************************task path: /home/cahlchang/git/ansible_dev_work/test.yml:40
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: cahlchang
<127.0.0.1> EXEC /bin/sh -c 'echo ~cahlchang && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/cahlchang/.ansible/tmp/ansible-tmp-1538977531.9534602-129065864925869 `" && echo ansible-tmp-1538977531.9534602-129065864925869="` echo /home/cahlchang/.ansible/tmp/ansible-tmp-1538977531.9534602-129065864925869 `" ) && sleep 0'
Using module file /usr/local/lib/python3.6/dist-packages/ansible/modules/cloud/amazon/ec2_instance.py
<127.0.0.1> PUT /home/cahlchang/.ansible/tmp/ansible-local-3124x71lxgex/tmp0s1jvslh TO /home/cahlchang/.ansible/tmp/ansible-tmp-1538977531.9534602-129065864925869/AnsiballZ_ec2_instance.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /home/cahlchang/.ansible/tmp/ansible-tmp-1538977531.9534602-129065864925869/ /home/cahlchang/.ansible/tmp/ansible-tmp-1538977531.9534602-129065864925869/AnsiballZ_ec2_instance.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python3.6 /home/cahlchang/.ansible/tmp/ansible-tmp-1538977531.9534602-129065864925869/AnsiballZ_ec2_instance.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/cahlchang/.ansible/tmp/ansible-tmp-1538977531.9534602-129065864925869/ > /dev/null 2>&1 && sleep 0'
changed: [localhost] => {
    "changed": true,
    "instance_ids": [
        "i-xxxxxxxxxxxxxxxxxx"
    ],
    "instances": [
        {

When I actually checked the AWS console, I confirmed that an EC 2 instance was made.

ASSUMED LOCATION AS PROBLEM

ansible/lib/ansible/modules/cloud/amazon/ec2_instance.py

Line 1515 in 990e95e

supports_check_mode=True

And there is no logic to use the check mode option in this code.
@ansibot
Copy link
Contributor

ansibot commented Oct 8, 2018

Files identified in the description:

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

@ansibot
Copy link
Contributor

ansibot commented Oct 8, 2018

Hi @cahlchang,

Thank you for the issue, just so you are aware we have a dedicated Working Group for aws.
You can find other people interested in this in #ansible-aws on Freenode IRC
For more information about communities, meetings and agendas see https://github.com/ansible/community

click here for bot help

@ansibot ansibot added affects_2.7 This issue/PR affects Ansible v2.7 aws bug This issue/PR relates to a bug. cloud module This issue/PR relates to a module. needs_maintainer Ansibot is unable to identify maintainers for this PR. (Check `author` in docs or BOTMETA.yml) needs_triage Needs a first human triage before being processed. python3 support:community This issue/PR relates to code supported by the Ansible community. labels Oct 8, 2018
@briantist
Copy link
Contributor

Thanks for this. It's really disconcerting how many ansible modules in "stable" releases make changes in check mode.

Workaround for anyone who encounters these: when: not ansible_check_mode :(

@ryansb ryansb removed the needs_triage Needs a first human triage before being processed. label Oct 9, 2018
@cahlchang cahlchang mentioned this issue Oct 10, 2018
Merged
@cahlchang
Copy link
Contributor Author

I sent the modified code with the above PR.
I changed the test, so it seems to be working properly.
Try it if you like.

@dead10ck
Copy link

dead10ck commented Nov 30, 2018
edited

This is a very serious bug. I ran into it today by inadvertently making changes to existing production ec2 instances. Fortunately, in my case it was only adding a tag and an IAM role, but it could easily have been accidental termination. This shouldn't wait until 2.8. I think this warrants an emergency patch release to all stable branches.

@ansible ansible locked and limited conversation to collaborators Jul 22, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
affects_2.7 This issue/PR affects Ansible v2.7 aws bug This issue/PR relates to a bug. cloud module This issue/PR relates to a module. needs_maintainer Ansibot is unable to identify maintainers for this PR. (Check `author` in docs or BOTMETA.yml) python3 support:community This issue/PR relates to code supported by the Ansible community.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ryansb @dead10ck @briantist @ansibot @cahlchang