Ansible Tower 3.0.2 and Boto

Hi,

I am running following stack for ansible :

Ansible Tower 3.0.2
Ansible 2.1.1.0 (that comes default on Tower 3.0.2)

Below is the output of pip freeze on Ansible Tower CentOS 6.8 machine which shows any python packages that are there on my Ansible Tower image :

ansible==2.1.1.0
anyjson==0.3.3
apache-libcloud==0.20.1
appdirs==1.4.0
argparse==1.4.0
awacs==0.6.0
azure==2.0.0rc2
azure-common==1.1.2
azure-graphrbac==0.30.0rc2
azure-mgmt==0.30.0rc2
azure-mgmt-authorization==0.30.0rc2
azure-mgmt-cdn==0.30.0rc2
azure-mgmt-compute==0.30.0rc2
azure-mgmt-logic==0.30.0rc2
azure-mgmt-network==0.30.0rc2
azure-mgmt-notificationhubs==0.30.0rc2
azure-mgmt-nspkg==1.0.0
azure-mgmt-redis==0.30.0rc2
azure-mgmt-resource==0.30.0rc2
azure-mgmt-scheduler==0.30.0rc2
azure-mgmt-storage==0.30.0rc2
azure-mgmt-web==0.30.0rc2
azure-nspkg==1.0.0
azure-servicebus==0.20.1
azure-servicemanagement-legacy==0.20.2
azure-storage==0.30.0
Babel==2.2.0
backports.ssl-match-hostname==3.5.0.1
begins==0.9
boto==2.43.0
certifi==2016.8.31
cffi==1.7.0
chardet==2.3.0
cliff==1.15.0
cmd2==0.6.8
cryptography==1.3.2
debtcollector==1.2.0
decorator==4.0.6
dogpile.cache==0.5.7
dogpile.core==0.4.1
enum34==1.1.6
ethtool==0.6
funcsigs==0.4
functools-total-ordering-monkeypatch==1.0
futures==3.0.4
httplib2==0.9.2
idna==2.0
importlib==1.0.3
iniparse==0.3.1
ip-associations-python-novaclient-ext==0.1
ipaddress==1.0.16
iso8601==0.1.11
isodate==0.5.1
Jinja2==2.8
jsonpatch==1.12
jsonpointer==1.10
jsonschema==2.5.1
keyring==4.1
keystoneauth1==2.12.1
lxml==3.4.4
M2Crypto==0.20.2
MarkupSafe==0.23
meld3==0.6.7
mercurial==1.4
mock==1.0.1
monotonic==0.6
msgpack-python==0.4.7
msrest==0.2.0
msrestazure==0.2.1
munch==2.0.4
netaddr==0.7.18
netifaces==0.10.4
oauthlib==1.1.2
ordereddict==1.2
os-client-config==1.14.0
os-diskconfig-python-novaclient-ext==0.1.3
os-networksv2-python-novaclient-ext==0.25
os-virtual-interfacesv2-python-novaclient-ext==0.19
oslo.config==3.3.0
oslo.i18n==3.2.0
oslo.serialization==2.2.0
oslo.utils==3.4.0
paramiko==1.7.5
pbr==1.8.1
pciutils==1.7.3
policycoreutils-default-encoding==0.1
positional==1.1.1
prettytable==0.7.2
psphere==0.5.2
psutil==3.1.1
psycopg2==2.6.2
pyasn1==0.1.9
pycparser==2.14
pycrypto==2.6.1
pycurl==7.19.0
pygpgme==0.1
pykerberos==1.1.13
pyOpenSSL==0.15.1
pyparsing==2.0.7
pyrax==1.9.7
python-cinderclient==1.5.0
python-dateutil==2.4.0
python-dmidecode==3.10.13
python-glanceclient==1.1.0
python-heatclient==0.8.1
python-ironicclient==1.0.0
python-keyczar==0.71rc0
python-keystoneclient==2.1.1
python-neutronclient==4.0.0
python-novaclient==3.2.0
python-ntlm3==1.0.2
python-openstackclient==2.0.0
python-swiftclient==2.7.0
python-troveclient==1.4.0
pytz==2015.7
pywinrm==0.2.0
PyYAML==3.11
pyzmq==14.5.0
rackspace-auth-openstack==1.3
rackspace-novaclient==1.5
rax-default-network-flags-python-novaclient-ext==0.3.2
rax-scheduled-images-python-novaclient-ext==0.3.1
repoze.lru==0.6
requests==2.5.1
requests-kerberos==0.10.0
requests-ntlm==0.3.0
requests-oauthlib==0.6.2
requestsexceptions==1.1.1
rhnlib==2.5.55
setools==1.0
shade==1.4.0
simplejson==3.8.1
six==1.9.0
stevedore==1.10.0
suds==0.4
supervisor==3.0
total-ordering==0.1.0
troposphere==1.9.0
unicodecsv==0.14.1
urlgrabber==3.9.1
virtualenv==1.10.1
warlock==1.2.0
wrapt==1.10.6
xmltodict==0.9.2
yum-metadata-parser==1.1.2

Problem :

I have some ansible playbook that depend on ansible module “cloudformation_stack_facts” which is not a standard core module from Ansible 2.1.1.0 that comes with Ansible Tower.

Now since I wanted to use unreleased module, I followed steps from : https://support.ansible.com/hc/en-us/articles/204229188-Use-an-unreleased-module-from-Ansible-source-with-Tower to use that with my ansible tower project.
However when I run my ansible playbook using Tower, I run into error with Boto during Job run:

TASK [aws_groups : get vpc stack outputs] ************************************** task path: /var/lib/awx/projects/_1399__hydra_playbooks/hydra_deploy/ansible/roles/aws_groups/tasks/vpc_output.yml:2 <127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: awx <127.0.0.1> EXEC /bin/sh -c ‘( umask 77 && mkdir -p “echo $HOME/.ansible/tmp/ansible-tmp-1481245531.53-96929779053062” && echo ansible-tmp-1481245531.53-96929779053062=“echo $HOME/.ansible/tmp/ansible-tmp-1481245531.53-96929779053062” ) && sleep 0’ <127.0.0.1> PUT /tmp/tmpaBil6N TO /var/lib/awx/.ansible/tmp/ansible-tmp-1481245531.53-96929779053062/cloudformation_stack_facts <127.0.0.1> EXEC /bin/sh -c ‘LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 LC_MESSAGES=en_US.UTF-8 /usr/bin/python2.6 /var/lib/awx/.ansible/tmp/ansible-tmp-1481245531.53-96929779053062/cloudformation_stack_facts; rm -rf “/var/lib/awx/.ansible/tmp/ansible-tmp-1481245531.53-96929779053062/” > /dev/null 2>&1 && sleep 0’ An exception occurred during task execution. The full traceback is: Traceback (most recent call last): File “/tmp/ansible_QEgMLD/ansible_module_cloudformation_stack_facts.py”, line 96, in main() File “/tmp/ansible_QEgMLD/ansible_module_cloudformation_stack_facts.py”, line 55, in main cfn = boto.cloudformation.connect_to_region(region) File “/var/lib/awx/venv/ansible/lib/python2.6/site-packages/boto/cloudformation/init.py”, line 55, in connect_to_region return region.connect(**kw_params) File “/var/lib/awx/venv/ansible/lib/python2.6/site-packages/boto/regioninfo.py”, line 187, in connect return self.connection_cls(region=self, **kw_params) File “/var/lib/awx/venv/ansible/lib/python2.6/site-packages/boto/cloudformation/connection.py”, line 89, in init profile_name=profile_name) File “/var/lib/awx/venv/ansible/lib/python2.6/site-packages/boto/connection.py”, line 1100, in init provider=provider) File “/var/lib/awx/venv/ansible/lib/python2.6/site-packages/boto/connection.py”, line 569, in init host, config, self.provider, self._required_auth_capability()) File “/var/lib/awx/venv/ansible/lib/python2.6/site-packages/boto/auth.py”, line 993, in get_auth_handler ‘Check your credentials’ % (len(names), str(names))) boto.exception.NoAuthHandlerFound: No handler was ready to authenticate. 1 handlers were checked. [‘HmacAuthV4Handler’] Check your credentials fatal: [localhost]: FAILED! => {“changed”: false, “failed”: true, “invocation”: {“module_name”: “cloudformation_stack_facts”}, “module_stderr”: “Traceback (most recent call last):\n File "/tmp/ansible_QEgMLD/ansible_module_cloudformation_stack_facts.py", line 96, in \n main()\n File "/tmp/ansible_QEgMLD/ansible_module_cloudformation_stack_facts.py", line 55, in main\n cfn = boto.cloudformation.connect_to_region(region)\n File "/var/lib/awx/venv/ansible/lib/python2.6/site-packages/boto/cloudformation/init.py", line 55, in connect_to_region\n return region.connect(**kw_params)\n File "/var/lib/awx/venv/ansible/lib/python2.6/site-packages/boto/regioninfo.py", line 187, in connect\n return self.connection_cls(region=self, **kw_params)\n File "/var/lib/awx/venv/ansible/lib/python2.6/site-packages/boto/cloudformation/connection.py", line 89, in init\n profile_name=profile_name)\n File "/var/lib/awx/venv/ansible/lib/python2.6/site-packages/boto/connection.py", line 1100, in init\n provider=provider)\n File "/var/lib/awx/venv/ansible/lib/python2.6/site-packages/boto/connection.py", line 569, in init\n host, config, self.provider, self._required_auth_capability())\n File "/var/lib/awx/venv/ansible/lib/python2.6/site-packages/boto/auth.py", line 993, in get_auth_handler\n ‘Check your credentials’ % (len(names), str(names)))\nboto.exception.NoAuthHandlerFound: No handler was ready to authenticate. 1 handlers were checked. [‘HmacAuthV4Handler’] Check your credentials\n”, “module_stdout”: “”, “msg”: “MODULE FAILURE”, “parsed”: false}

Looks like boto on Ansible Tower is unable to find the AWS credentials I am using to run my ansible job through Ansible Tower.

In Ansible Tower I have created correct AWS Credentials and I am using those to run my playbook job. I am also using AWS dynamic inventory for EC2 in Ansible Tower and also using AWS credentials created in Ansible Tower there too. Dynamic Inventory sync is working fine in Ansible Tower.

But whenever I run the playbook job that depends on non-released module, it errors out saying that boto was unable to find AWS credentials for authentication.

I am wondering what am I doing wrong here. Is the version of boto has to do something with it? We need boto latest version to use some of our other playbooks that we need to run through Ansible Tower.

Any help here is appreciated.

This is how I am using cloudformation_stack_facts module in one of my playbooks:

---
- name: get vpc stack outputs
  cloudformation_stack_facts:
      stack_name: "hydra-{{ deployment }}-vpc"
      region: "{{ aws.region }}"
  register: vpc_cft
- name: vpc outputs
  set_fact:
      vpc:
          id: "{{ vpc_cft['stack_outputs']['vpc'] }}"
          gateway: "{{ vpc_cft['stack_outputs']['gateway'] }}"
          int_ssh_sg: "{{ vpc_cft['stack_outputs']['intSshSg'] }}"
          ext_https_sg: "{{ vpc_cft['stack_outputs']['extHttpsSg'] }}"
          instance_profile: "{{ vpc_cft['stack_outputs']['instanceProfile'] }}"
          instance_role: "{{ vpc_cft['stack_outputs']['instanceRole'] }}"
          primary_nat: "{{ vpc_cft['stack_outputs']['nat'] }}"
          alternate_nat: "{{ vpc_cft['stack_outputs']['natAlt'] }}"