Re: [Ext] [ansible-project] Failed to create stack lambda-layer-test5: An error occurred (ValidationError) when calling the CreateStack operation: ParameterValue for ParameterKey Content is required
That error is coming from the CloudFormation template, not from the Ansible
code. Review the template and confirm that you are passing all the required
parameter values.
Rilindo
On Tue, Mar 12, 2024 at 6:03 AM kegmysta _devops
wrote:
> - name: Deploy CloudFormation Stack
> cloudformation:
> stack_name: "{{ stack_name }}"
> state: present
> region: "{{ region }}"
> template: "{{ template }}"
> template_parameters:
> LayerName: "{{ item.1 }}"
> Runtime: "{{ item.0.name }}"
> Content:
> S3Bucket: "{{ s3bucket }}"
> S3Key: "{{ item.0.name }}-{{ item.1 }}-layer.zip"
> disable_rollback: true
> tags:
> Stack: "{{ tags.Stack }}"
> Environment: "{{ tags.Environment }}"
> loop: "{{ lambda_runtimes | subelements('layers') }}"
>
>
>
> Vars:
>
> lambda_runtimes:
> - name: python310
> layers:
> - requests
> - name: python311
> layers:
> - urllib3
> - requests
>
> stack_name: lambda-layer-test5
> template: files/lambda_layer.yml
> s3bucket: twe-enc-common-test-lambdalayer-org
> region: "{{ aws_region }}"
> aws_region: ap-southeast-2
>
>
> tags:
> Stack: stack_name
> Environment: Dev
>
>
> error:
>
> botocore.exceptions.ClientError: An error occurred (ValidationError) when
> calling the CreateStack operation: ParameterValue for ParameterKey Content
> is required
> failed: [localhost] (item=[{'name': 'python310', 'layers': ['requests']},
> 'requests']) => {
> "ansible_loop_var": "item",
> "boto3_version": "1.34.32",
> "botocore_version": "1.34.32",
> "changed": false,
> "error": {
> "code": "ValidationError",
> "message": "ParameterValue for ParameterKey Content is required",
> "type": "Sender"
> },
> "invocation": {
> "module_args": {
> "access_key": null,
> "aws_ca_bundle": null,
> "aws_config": null,
> "backoff_delay": 3,
> "backoff_max_delay": 30,
> "backoff_retries": 10,
> "capabilities": [
> "CAPABILITY_IAM",
> "CAPABILITY_NAMED_IAM"
> ],
> "changeset_name": null,
> "create_changeset": false,
> "create_timeout": null,
> "debug_botocore_endpoint_logs": false,
> "disable_rollback": true,
> "endpoint_url": null,
> "events_limit": 200,
> "notification_arns": null,
> "on_create_failure": null,
> "profile": "twe",
> "region": "ap-southeast-2",
> "role_arn": null,
> "secret_key": null,
> "session_token": null,
> "stack_name": "lambda-layer-test5",
> "stack_policy": null,
> "stack_policy_body": null,
> "stack_policy_on_update_body": null,
> "state": "present",
> "tags": {
> "Environment": "Dev",
> "Stack": "stack_name"
> },
> "template": "files/lambda_layer.yml",
> "template_body": null,
> "template_parameters": {
> "Content": {
> "S3Bucket": "twe-enc-common-test-lambdalayer-org",
> "S3Key": "python310-requests-layer.zip"
> },
> "LayerName": "requests",
> "Runtime": "python310"
> },
> "template_url": null,
> "termination_protection": null,
> "validate_certs": true
> }
> },
> "item": [
> {
> "layers": [
> "requests"
> ],
> "name": "python310"
> },
> "requests"
> ],
>
>
>
> any help duly appreciated..., its driving me nuts :(
>
>
>
>
>
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/17c892dd-3342-4e58-86e2-ac0f3fc67d4dn%40googlegroups.com
>
> .
>
--
---
Rilindo Foster - VP, Defined Contribution DevOps
rilindo.fos...@gs.com
104 S. Michigan Avenue, Suite 1400
Chicago, IL 60603-5958
--
*NextCapital is a subsidiary of Goldman Sachs Asset Management and part of
The Goldman Sachs Group, Inc. All rights reserved.*
See
http://www.gs.com/disclaimer/global_email
for important risk disclosures,
conflicts of interest and other terms and conditions relating to this
e-mail and your reliance on information contained in it. This message may
contain confidential or privileged information. If you are not the
intended recipient, please advise us immediately and delete this message.
See
[ansible-project] Failed to create stack lambda-layer-test5: An error occurred (ValidationError) when calling the CreateStack operation: ParameterValue for ParameterKey Content is required
- name: Deploy CloudFormation Stack
cloudformation:
stack_name: "{{ stack_name }}"
state: present
region: "{{ region }}"
template: "{{ template }}"
template_parameters:
LayerName: "{{ item.1 }}"
Runtime: "{{ item.0.name }}"
Content:
S3Bucket: "{{ s3bucket }}"
S3Key: "{{ item.0.name }}-{{ item.1 }}-layer.zip"
disable_rollback: true
tags:
Stack: "{{ tags.Stack }}"
Environment: "{{ tags.Environment }}"
loop: "{{ lambda_runtimes | subelements('layers') }}"
Vars:
lambda_runtimes:
- name: python310
layers:
- requests
- name: python311
layers:
- urllib3
- requests
stack_name: lambda-layer-test5
template: files/lambda_layer.yml
s3bucket: twe-enc-common-test-lambdalayer-org
region: "{{ aws_region }}"
aws_region: ap-southeast-2
tags:
Stack: stack_name
Environment: Dev
error:
botocore.exceptions.ClientError: An error occurred (ValidationError) when
calling the CreateStack operation: ParameterValue for ParameterKey Content
is required
failed: [localhost] (item=[{'name': 'python310', 'layers': ['requests']},
'requests']) => {
"ansible_loop_var": "item",
"boto3_version": "1.34.32",
"botocore_version": "1.34.32",
"changed": false,
"error": {
"code": "ValidationError",
"message": "ParameterValue for ParameterKey Content is required",
"type": "Sender"
},
"invocation": {
"module_args": {
"access_key": null,
"aws_ca_bundle": null,
"aws_config": null,
"backoff_delay": 3,
"backoff_max_delay": 30,
"backoff_retries": 10,
"capabilities": [
"CAPABILITY_IAM",
"CAPABILITY_NAMED_IAM"
],
"changeset_name": null,
"create_changeset": false,
"create_timeout": null,
"debug_botocore_endpoint_logs": false,
"disable_rollback": true,
"endpoint_url": null,
"events_limit": 200,
"notification_arns": null,
"on_create_failure": null,
"profile": "twe",
"region": "ap-southeast-2",
"role_arn": null,
"secret_key": null,
"session_token": null,
"stack_name": "lambda-layer-test5",
"stack_policy": null,
"stack_policy_body": null,
"stack_policy_on_update_body": null,
"state": "present",
"tags": {
"Environment": "Dev",
"Stack": "stack_name"
},
"template": "files/lambda_layer.yml",
"template_body": null,
"template_parameters": {
"Content": {
"S3Bucket": "twe-enc-common-test-lambdalayer-org",
"S3Key": "python310-requests-layer.zip"
},
"LayerName": "requests",
"Runtime": "python310"
},
"template_url": null,
"termination_protection": null,
"validate_certs": true
}
},
"item": [
{
"layers": [
"requests"
],
"name": "python310"
},
"requests"
],
any help duly appreciated..., its driving me nuts :(
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/17c892dd-3342-4e58-86e2-ac0f3fc67d4dn%40googlegroups.com.
[ansible-project] Re: Is there any Ansible module to Encrypt a log file during the play book execution
Hi Drew,
I appreciate your reply . The customer requirement is the secret key should
be on ansible controller and the vms /endpoints logs are copied to the
controller and encryption is done on the controller I explored copy
module has a encrypt option which can help out in the process . But for
the decryption i will need to use ansible-vault .
---
- hosts: localhost
gather_facts: false
vars_prompt:
name: vault_secret
prompt: Please enter the password to encrypt the file
default: v3rys3cr3t
private: true
vars:
vault_file: secret.log
tasks:
- name: In-place (re)encrypt file {{ vault_file }}
ansible.builtin.copy:
content: "{{ lookup('ansible.builtin.file', vault_file) |
ansible.builtin.vault(vault_secret) }}"
dest: "{{ vault_file }}"
decrypt: false
Thanks
Deepak B Kumar
On Monday, March 11, 2024 at 10:43:15 PM UTC+5:30 Drew Northup wrote:
> Hi Deepak,
> You're going to need a different opener for this can of worms, as Ansible
> Vault is meant for protecting confidential information that needs to be
> pushed out to the endpoint being configured and not for pulling information
> back to the controller for encryption nor is it meant for encryption
> in-place on the endpoint node.
> So that the community can better help you, are to looking to encrypt log
> files in place on the configured endpoint node (host, VM, container, etc.)
> or are you looking to have the log files encrypted on the controller at the
> end of the playbook run? (Or, perhaps, are they the same host?)
>
>
> On Monday, March 11, 2024 at 5:06:21 AM UTC-4 Deepak B K wrote:
>
> Hi All,
>
> I need recommendation to use encryption and decryption of generated log
> files during the playbook execution . I was going through ansible
> documentation and I don't see any module except use of ansible-vault . I
> appreciate your advise .
>
>
> there is a module to decrypt the log file
> - ansible.builtin.debug: msg="the value of foo.log is {{
> lookup('ansible.builtin.unvault', '/etc/foo.log') | string | trim }}"
>
> Thanks
> Deepak
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/e0e93ea5-4a4f-4d44-8e50-97edad1ef5a5n%40googlegroups.com.
