Hi All,
Note: I’ve posted this question to StackOverflow as well: https://stackoverflow.com/q/45090838/320399
There’s a GitLab.com update rolling out today, and I’m seeing issues connecting to a particular AWS region with Ansible: us-gov-west-1.
This is odd, since in my CI job, I’m able to use the AWS CLI just fine:
### CI build step
$ aws ec2 describe-instances
### Output (truncated)
{
“Reservations”: [
{
“Instances”: [
{
“Monitoring”: {
“State”: “disabled”
},
“PublicDnsName”: "ec2-…
The very build step is as follows, notice that it fails to connect to the region:
### CI build step
$ ansible-playbook -vvv -i inventory/ec2.py -e ansible_ssh_private_key_file=aws-keypairs/gitlab_keypair.pem playbooks/deploy.yml
### Output (truncated)
Using /builds/me/my-project/ansible.cfg as config file ERROR! Attempted to execute “inventory/ec2.py” as inventory script: Inventory script (inventory/ec2.py) had an execution error: region name: us-gov-west-1 likely not supported, or AWS is down. connection to region failed. ERROR: Job failed: exit code 1
Is anyone else seeing this?
It was working this morning. Any idea why this might be failing now?
Thanks!
That normally means your account does not have access to us-gov (which
is restricted to special accounts) or that the AWS API and/or region
was down.
Hi Brian,
Thanks for the email. It might have been the push I needed to find the bug 
I wrote a small Python script to dive deeper into boto. When I googled how to list the regions,I was reminded of the differences in boto 2 vs boto 3. Then, I reviewed the mechanism I was using to install boto. It looks like the boto installation was the problem.
Here’s the buggy version of my .gitlab-ci.yml file:
image: ansible/ansible:ubuntu1604
test_aws:
stage: deploy
before_script:
- apt-get update
- apt-get -y install python
- apt-get -y install python-boto python-pip
- pip install awscli
script:
- 'aws ec2 describe-instances'
deploy_app:
stage: deploy
before_script:
- apt-get update
- apt-get -y install python
- apt-get -y install python-boto python-pip
- pip install awscli
script:
- 'chmod 400 aws-keypairs/gitlab_keypair.pem'
- 'ansible-playbook -vvv -i inventory/ec2.py -e ansible_ssh_private_key_file=aws-keypairs/gitlab_keypair.pem playbooks/deploy.yml'
And here’s the fixed version:
image: ansible/ansible:ubuntu1604
all_in_one:
stage: deploy
before_script:
- rm -rf /var/lib/apt/lists/*
- apt-get update
- apt-get -y install python python-pip
- pip install boto==2.48.0
- pip install awscli
- pip install ansible==2.2.2.0
script:
- 'chmod 400 aws-keypairs/gitlab_keypair.pem'
- 'aws ec2 describe-instances'
- 'python ./boto_debug.py'
- 'ansible-playbook -vvv -i inventory/ec2.py -e ansible_ssh_private_key_file=aws-keypairs/gitlab_keypair.pem playbooks/deploy.yml'
Notice that I switched from using apt-get install to using pip install. Hopefully others will come across this post in the future and avoid installing boto with apt-get -y install python-boto!
Thanks all,