AWX-EE images

iamroddo · September 7, 2022, 10:39am

We’ve been using AWX 19.3.0 with the control plane EE image being awx-ee:latest from https://quay.io/repository/ansible/awx-ee. A dev environment AWX instance got reprovisioned and out of the blue project sync errors appeared when the project included collections on our internal GitHub Enterprise instance. The error is that below.

I’m wondering whether this error is related to a change in the image “awx-ee:latest”.

Traceback (most recent call last):
File &quot;/usr/local/bin/ansible-galaxy&quot;, line 97, in &lt;module&gt;
mycli = getattr(__import__(&quot;ansible.cli.%s&quot; % sub, fromlist=[myclass]), myclass)
File &quot;/usr/local/lib/python3.8/site-packages/ansible/cli/galaxy.py&quot;, line 24, in &lt;module&gt;
from ansible.galaxy.api import GalaxyAPI
File &quot;/usr/local/lib/python3.8/site-packages/ansible/galaxy/api.py&quot;, line 28, in &lt;module&gt;
from ansible.module_utils.urls import open_url, prepare_multipart
File &quot;/usr/local/lib/python3.8/site-packages/ansible/module_utils/urls.py&quot;, line 115, in &lt;module&gt;
from urllib3.contrib.pyopenssl import PyOpenSSLContext
File &quot;/usr/lib/python3.8/site-packages/urllib3/contrib/pyopenssl.py&quot;, line 46, in &lt;module&gt;
import OpenSSL.SSL
File &quot;/usr/local/lib/python3.8/site-packages/OpenSSL/__init__.py&quot;, line 8, in &lt;module&gt;
from OpenSSL import crypto, SSL
File &quot;/usr/local/lib/python3.8/site-packages/OpenSSL/crypto.py&quot;, line 1517, in &lt;module&gt;
class X509StoreFlags(object):
File &quot;/usr/local/lib/python3.8/site-packages/OpenSSL/crypto.py&quot;, line 1537, in X509StoreFlags
CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK
AttributeError: module &apos;lib&apos; has no attribute &apos;X509_V_FLAG_CB_ISSUER_CHECK&apos;

I think the source code used to build this image is https://github.com/ansible/awx-ee.

The last tag that wasn’t “latest” on "awx-ee from https://quay.io/repository/ansible/awx-ee, which matches the last tag in https://github.com/ansible/awx-ee.

Are there any plans to use immutable tags on this image, or should I treat the images in https://quay.io/repository/ansible/awx-ee as being someone’s development playground and that is my responsibility to build my own control plane EE image, if I want a stable image?

Rod Oliver

m.nelson · September 8, 2022, 7:25am

I am having the same behavior since about 24 hours on version 21.4

TASK [backup_haproxy_conf : Upload files to s3] ********************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'
fatal: [pra-haproxy1 -> 127.0.0.1({{ private_ip_address }})]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\\n File \\"/home/runner/.ansible/tmp/ansible-tmp-1662580960.1664975-55-35395008714411/AnsiballZ_aws_s3.py\\", line 107, in <module>\\n _ansiballz_main()\\n File \\"/home/runner/.ansible/tmp/ansible-tmp-1662580960.1664975-55-35395008714411/AnsiballZ_aws_s3.py\\", line 99, in _ansiballz_main\\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\\n File \\"/home/runner/.ansible/tmp/ansible-tmp-1662580960.1664975-55-35395008714411/AnsiballZ_aws_s3.py\\", line 47, in invoke_module\\n runpy.run_module(mod_name='ansible_collections.amazon.aws.plugins.modules.aws_s3', init_globals=dict(_module_fqn='ansible_collections.amazon.aws.plugins.modules.aws_s3', _modlib_path=modlib_path),\\n File \\"/usr/lib64/python3.8/runpy.py\\", line 207, in run_module\\n return _run_module_code(code, init_globals, run_name, mod_spec)\\n File \\"/usr/lib64/python3.8/runpy.py\\", line 97, in _run_module_code\\n _run_code(code, mod_globals, init_globals,\\n File \\"/usr/lib64/python3.8/runpy.py\\", line 87, in _run_code\\n exec(code, run_globals)\\n File \\"/tmp/ansible_aws_s3_payload_j4i98cxe/ansible_aws_s3_payload.zip/ansible_collections/amazon/aws/plugins/modules/aws_s3.py\\", line 317, in <module>\\n File \\"<frozen importlib._bootstrap>\\", line 991, in _find_and_load\\n File \\"<frozen importlib._bootstrap>\\", line 975, in _find_and_load_unlocked\\n File \\"<frozen importlib._bootstrap>\\", line 655, in _load_unlocked\\n File \\"<frozen importlib._bootstrap>\\", line 618, in _load_backward_compatible\\n File \\"<frozen zipimport>\\", line 259, in load_module\\n File \\"/tmp/ansible_aws_s3_payload_j4i98cxe/ansible_aws_s3_payload.zip/ansible_collections/amazon/aws/plugins/module_utils/core.py\\", line 74, in <module>\\n File \\"<frozen importlib._bootstrap>\\", line 991, in _find_and_load\\n File \\"<frozen importlib._bootstrap>\\", line 975, in _find_and_load_unlocked\\n File \\"<frozen importlib._bootstrap>\\", line 655, in _load_unlocked\\n File \\"<frozen importlib._bootstrap>\\", line 618, in _load_backward_compatible\\n File \\"<frozen zipimport>\\", line 259, in load_module\\n File \\"/tmp/ansible_aws_s3_payload_j4i98cxe/ansible_aws_s3_payload.zip/ansible_collections/amazon/aws/plugins/module_utils/ec2.py\\", line 65, in <module>\\n File \\"/usr/local/lib/python3.8/site-packages/boto3/__init__.py\\", line 17, in <module>\\n from boto3.session import Session\\n File \\"/usr/local/lib/python3.8/site-packages/boto3/session.py\\", line 17, in <module>\\n import botocore.session\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/session.py\\", line 26, in <module>\\n import botocore.client\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/client.py\\", line 17, in <module>\\n from botocore import waiter, xform_name\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/waiter.py\\", line 18, in <module>\\n from botocore.docs.docstring import WaiterDocstring\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/docs/__init__.py\\", line 15, in <module>\\n from botocore.docs.service import ServiceDocumenter\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/docs/service.py\\", line 14, in <module>\\n from botocore.docs.client import ClientDocumenter, ClientExceptionsDocumenter\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/docs/client.py\\", line 14, in <module>\\n from botocore.docs.example import ResponseExampleDocumenter\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/docs/example.py\\", line 13, in <module>\\n from botocore.docs.shape import ShapeDocumenter\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/docs/shape.py\\", line 19, in <module>\\n from botocore.utils import is_json_value_header\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/utils.py\\", line 34, in <module>\\n import botocore.httpsession\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/httpsession.py\\", line 41, in <module>\\n from urllib3.contrib.pyopenssl import orig_util_SSLContext as SSLContext\\n File \\"/usr/lib/python3.8/site-packages/urllib3/contrib/pyopenssl.py\\", line 46, in <module>\\n import OpenSSL.SSL\\n File \\"/usr/local/lib/python3.8/site-packages/OpenSSL/__init__.py\\", line 8, in <module>\\n from OpenSSL import crypto, SSL\\n File \\"/usr/local/lib/python3.8/site-packages/OpenSSL/crypto.py\\", line 1517, in <module>\\n class X509StoreFlags(object):\\n File \\"/usr/local/lib/python3.8/site-packages/OpenSSL/crypto.py\\", line 1537, in X509StoreFlags\\n CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK\\nAttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'\\n", "module_stdout": "", "msg": "MODULE FAILURE\\nSee stdout/stderr for the exact error", "rc": 1}

Regards,
Michael

AWX_Project · September 9, 2022, 5:06pm

Hi! this was a bug in awx-ee, and should be fixed in awx-ee:latest as of yesterday

here is the PR that fixed it https://github.com/ansible/awx-ee/pull/136

We pinned the cryptography library to 37.04

Try again with this latest image (you may need to temporarily set “always pull” on your EE to trigger the system to redownload the latest image)

AWX Team

iamroddo · September 12, 2022, 3:59am

Hi AWX Team,

Thanks for the notification. Indeed redeploying pulled the fixed image (I set “image_pull_policy: Always”) and resolved the issue.

Do you have any plans to regularly produce immutably tagged awx-ee images? I see that you have a GitHub Actions workflow called “Release” that would do this, but it hasn’t run for a long time. I always aim to consume images that are immutably tagged.

Best regards

Rod Oliver

AWX_Project · September 14, 2022, 6:47pm

There are a couple of issues talking about creating more static tags like we used to:
https://github.com/ansible/awx-ee/issues/117
https://github.com/ansible/awx-ee/issues/125

Please upvote those issues so we can get that work prioritized.

-The AWX Team

Topic		Replies	Views
Project Update failure during Collection download from Galaxy AWX Project awx , galaxy-ng	1	2	March 10, 2023
Collections errors AWX Project awx , galaxy-ng	1	0	April 7, 2023
Problem with ansible collection AWX Project awx , galaxy-ng	2	1	August 28, 2023
Creating a docker image for execution environment AWX fails at Ansible-galaxy step Get Help awx , galaxy-ng , ee , docker , ansible-galaxy	11	568	May 10, 2024
Missing python 'requests' package in AWX EE (latest) Get Help awx , ee	1	126	August 22, 2024

AWX-EE images

Related topics