Uploaded image for project: 'IGB'
  1. IGB
  2. IGBF-2397

Investigate and fix long delay each time security group task runs

        Details

        • Type: Task
        • Status: Closed (View Workflow)
        • Priority: Major
        • Resolution: Done
        • Affects Version/s: None
        • Fix Version/s: None
        • Labels:
          None

          Description

          Our appstore playbooks automate creation an ec2 instance to host appstore.

          This works pretty great, except for the task in which we create a security group for the ec2.

          See task "Create security group for {{ ec2_name }}" in https://bitbucket.org/lorainelab/appstore-playbooks/src/master/roles/ec2/tasks/main.yml).

          The task is working in that the security group is created correctly with all the proper permissions. However, whenever it runs, there is a very long pause and then a warning message is printed to the console. Also, the task is always listed as having changed even when the security group already exists and is properly configured.

          Please look into why this is happening and figure out a way to make this task properly idempotent and execute faster.

          Here is the warning message:

          TASK [ec2 : Create security group for testappstore] **********************************
          [WARNING]: Ran out of time waiting for sg-0c3690afe2c252497 IpPermissions. Current:

          {Rule(port_range=(22, 22), protocol='tcp', target='172.31.19.94/32', target_type='ipv4', description='ip-172-31-19-94'), Rule(port_range=(80, 80), protocol='tcp', target='0.0.0.0/0', target_type='ipv4', description='allow all on port 80'), Rule(port_range=(443, 443), protocol='tcp', target='0.0.0.0/0', target_type='ipv4', description='allow all on port 443')}

          , Desired:
          [Rule(port_range=(22, 22), protocol='TCP', target='172.31.19.94/32',
          target_type='ipv4', description='ip-172-31-19-94'), Rule(port_range=(80, 80),
          protocol='TCP', target='0.0.0.0/0', target_type='ipv4', description='allow all on
          port 80'), Rule(port_range=(443, 443), protocol='TCP', target='0.0.0.0/0',
          target_type='ipv4', description='allow all on port 443')]
          changed: [localhost]

            Attachments

            1. After the change.png
              362 kB
              Chester Dias
            2. Before change.png
              447 kB
              Chester Dias

              Issue Links

              is blocked by

              Task - A task that needs to be done. IGBF-2384 Reorganize folder hierarchy for appstore playbooks

              • Major - Major loss of function.
              • Closed

                Activity

                Ascending order - Click to sort in descending order
                Hide
                Permalink
                cdias1 Chester Dias (Inactive) added a comment -

                A very funny error.... An error occurred due to capitalization of the protocol text as 'TCP' instead of using 'tcp'
                Understanding during Root Cause Analysis
                There were solutions proposed online on the link https://github.com/ansible/ansible/issues/42661
                but in one place they used numbers instead of actual protocol names which also does not work
                My understanding is that possibly the module is not designed to handle uppercases in the protocol names, although this was accepted as valid at aws end.
                I think time consumed was during the request packet sent from the module not for the response.

                Show
                cdias1 Chester Dias (Inactive) added a comment - A very funny error.... An error occurred due to capitalization of the protocol text as 'TCP' instead of using 'tcp' Understanding during Root Cause Analysis There were solutions proposed online on the link https://github.com/ansible/ansible/issues/42661 but in one place they used numbers instead of actual protocol names which also does not work My understanding is that possibly the module is not designed to handle uppercases in the protocol names, although this was accepted as valid at aws end. I think time consumed was during the request packet sent from the module not for the response.
                Hide
                Permalink
                cdias1 Chester Dias (Inactive) added a comment -

                Please review : https://bitbucket.org/chesterdias/chester-local-appstore-playbooks/branch/IGBF-2397#diff
                I believe this can be merged directly
                I have also attached screenshots of the time profile for the task before and after the change

                Show
                cdias1 Chester Dias (Inactive) added a comment - Please review : https://bitbucket.org/chesterdias/chester-local-appstore-playbooks/branch/IGBF-2397#diff I believe this can be merged directly I have also attached screenshots of the time profile for the task before and after the change
                Hide
                Permalink
                ann.loraine Ann Loraine added a comment -

                OK! Please submit a PR.

                Show
                ann.loraine Ann Loraine added a comment - OK! Please submit a PR.
                Hide
                Permalink
                cdias1 Chester Dias (Inactive) added a comment -

                PR: https://bitbucket.org/lorainelab/appstore-playbooks/pull-requests/27/igbf-2397-protocol-renamed-to-lowercase/diff

                Show
                cdias1 Chester Dias (Inactive) added a comment - PR: https://bitbucket.org/lorainelab/appstore-playbooks/pull-requests/27/igbf-2397-protocol-renamed-to-lowercase/diff
                Hide
                Permalink
                ann.loraine Ann Loraine added a comment -

                Passes testing - no more delay.

                Thank you Chester Dias !

                Show
                ann.loraine Ann Loraine added a comment - Passes testing - no more delay. Thank you Chester Dias !

                  People

                  • Assignee:
                    cdias1 Chester Dias (Inactive)
                    Reporter:
                    ann.loraine Ann Loraine
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    2 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: