Thanks for the confirmation. Filed as
https://github.com/ansible/ansible/issues/7832
On Wed, Jun 18, 2014 at 10:12 PM, James Cammarata
<jcammar...@ansible.com> wrote:
> Yes, definitely a bug, so please open an issue for this. And the "-1" is
> used by the AWS API to indicate "any", so for the error above it's trying to
> create a default ingress rule which will also use -1's for the same fields,
> but for some reason it's not seeing you adding that rule yourself.
>
>
> On Wed, Jun 18, 2014 at 4:58 PM, Michael Peters <michael00pet...@gmail.com>
> wrote:
>>
>> I have the following as part of a playbook that makes sure we have the
>> appropriate security groups setup and all of them work just fine
>> except this one:
>>
>> - name: Create wide-open testing security group
>> local_action:
>> module: ec2_group
>> name: 'WIDE OPEN'
>> description: 'WIDE OPEN for TESTING ONLY!'
>> vpc_id: "{{ vpc_id }}"
>> region: "{{ aws_region }}"
>> state: present
>> rules:
>> # everything from anywhere
>> - proto: -1
>> from_port: -1
>> to_port: -1
>> cidr_ip: 0.0.0.0/0
>>
>> The first time I run the playbook with this task it works just fine.
>> But every time it's run after that I get this error:
>>
>> failed: [localhost] => {"failed": true, "parsed": false}
>> invalid output was: Traceback (most recent call last):
>> File
>> "/home/mpeters/.ansible/tmp/ansible-tmp-1403128269.19-243664471754105/ec2_group",
>> line 1754, in <module>
>> main()
>> File
>> "/home/mpeters/.ansible/tmp/ansible-tmp-1403128269.19-243664471754105/ec2_group",
>> line 268, in main
>> group.authorize(rule['proto'], rule['from_port'], rule['to_port'],
>> ip, grantGroup)
>> File "/usr/lib/python2.7/site-packages/boto/ec2/securitygroup.py",
>> line 204, in authorize
>> dry_run=dry_run)
>> File "/usr/lib/python2.7/site-packages/boto/ec2/connection.py", line
>> 3144, in authorize_security_group
>> params, verb='POST')
>> File "/usr/lib/python2.7/site-packages/boto/connection.py", line
>> 1196, in get_status
>> raise self.ResponseError(response.status, response.reason, body)
>> boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request
>> <?xml version="1.0" encoding="UTF-8"?>
>>
>> <Response><Errors><Error><Code>InvalidPermission.Duplicate</Code><Message>the
>> specified rule "peer: 0.0.0.0/0, ALL, ALLOW" already
>>
>> exists</Message></Error></Errors><RequestID>d5f91251-0cbb-478c-86ce-bb371fcf0361</RequestID></Response>
>>
>> Firstly, I've heard several times on this list that anytime there's a
>> Traceback thrown to the screen it's a bug in the sense that it needs
>> better error handling, right?
>>
>> But before I create a ticket for InvalidPermission.Duplicate error on
>> repeated runs I wanted to make sure that I wasn't doing anything
>> wrong. Using "-1" for proto, from_port and to_port is a little
>> unusual, but it should still be supported for multiple runs right?
>>
>> Thanks,
>> Michael
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-project+unsubscr...@googlegroups.com.
>> To post to this group, send email to ansible-project@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CAJQqANeYTcLQZn-N4o08arXsHkPe5Cy276wW9EwS-kwg%2BxGrpQ%40mail.gmail.com.
>> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAMFyvFj9EJqMExAH%3Dx%2B5ZnPkOAMQZHc1GMxW_d1yMCtxkqKRuQ%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAJQqANc%2BhL%3D8B8rz7DuY0GiBzzbr0ydPqfsZ6Pimp5YYNmootQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
