ec2.py external inventory script failing on "missing" RDS security group

Archives Ansible Project
1

Greetings,

I have an odd issue with the ec2.py external inventory module reporting an issue about a missing RDS security group. This will likely only be interesting if you are using the ec2 inventory module, VPC, and RDS instances.

The root of my question is if I have something bizarre to my environment, or if a missing list of RDS security groups is a scenario I should add some code around, I would suppose to skip creating an inventory group by security group? The boto library (looking at 2.9.4 and the devel branch) does not make any assumption that security groups exist.

But this doesn’t mean there isn’t something wrong, the AWS API docs have some language around “group-id” and “group-name” that is different with the introduction of the confusing “nondefault VPC” and “default VPC” semantics. (whomever thought that up that mess needs to get a demotion).

Details follow below:

This appears to be related to issue 1280, which the root cause was a boto version. I am using boto 2.9.4, which is essentially current.

https://github.com/ansible/ansible/issues/1280

error checking code was added in add_rds_instance() to exit if there is an issue adding a security group name to self.inventory.

Inventory: Group by security group

try:
key = self.to_safe(“security_group_” + instance.security_group.name)
self.push(self.inventory, key, dest)
except AttributeError:
print ‘in RDS security group’
print ‘Package boto seems a bit older.’
print ‘Please upgrade boto >= 2.3.0.’
sys.exit(1)

In my case I’ve diagnosed that the value of instance.security_group is None, though I am getting other RDS data like instance size, etc…

In the AWS console I have a default security group. The RDS Java command line tools report this security group with the same authorization parameters I am using with ec2.py

[jclaybaugh@ansible1 RDSCli-1.14.001]$ bin/rds rds-describe-db-security-groups
SECGROUP default default

So why is boto reporting that nothing exists? I have no clue. If the ec2 library maintainers suspect this is something weird in boto I am happy to diagnose further inside the boto library.

cheers,
Jonathan

2

Hi Jonathan,

That certainly is bazaar. If you don’t mind, can you add some details as to how I could reproduce this in my environment? Then I can investigate further.

It may well be an issue with boto, but a patch to get the EC2 inventory working around it would be very welcome.

3

I’ve just experienced the same problem as Jonathan, with the latest Ansible taken from git today. The inventory script used to work for me, but I’ve recently added an RDS instance in a VPC, which is the exact scenario Jonathan described, and now the script breaks.

I worked around it just by adding a test for None, like this (starting at line 386 in today’s version):

try:

if instance.security_group is not None:

key = self.to_safe(“security_group_” + instance.security_group.name)

self.push(self.inventory, key, dest)

Let me know if a proper patch would be helpful.

Anton

4

Absolutely, please send in a pull request.

Thanks!