aws-samples / aws-amazon-eks-ansible-example Goto Github PK

TASK [Create EC2 KeyPair] ******************************************************
Monday 02 May 2022 15:40:26 +0000 (0:00:00.023) 0:00:00.325 ************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "The config profile (ansible) could not be found"}
PLAY RECAP *********************************************************************
localhost : ok=2 changed=0 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: [e.g. iOS]
• Browser [e.g. chrome, safari]
• Version [e.g. 22]

Smartphone (please complete the following information):

• Device: [e.g. iPhone6]
• OS: [e.g. iOS8.1]
• Browser [e.g. stock browser, safari]
• Version [e.g. 22]

Additional context
Add any other context about the problem here.

The Problem

When eksexample_clustername in /vars/static/defaults.yaml is changed from its default, the create Roles and Policies for container insights task always fails to create it's cloudformation stack.

Root Cause

The default value of the stack name is wired into the shell command in the get notegroups rolename task.

So instead of describing the stack that was created, the command tries to describe a stack that doesn't exist, causing the next task to fail.

The fix

Replace the static portion of the stack name being queried with the portion that's expected from the variables file:

-  shell: > 
-    aws cloudformation describe-stack-resources --region {{ eksexample_region }} --stack-name eksctl-{{ eksexample_clustername }}-nodegroup-ansible-eks-testcluster-linux-nodes \
+  shell: >
+    aws cloudformation describe-stack-resources --region {{ eksexample_region }} --stack-name eksctl-{{ eksexample_clustername }}-nodegroup-{{ eksexample_clustername }}-linux-nodes \

Original problem
The task Get AWS Account Information in the deploy playbook fails to connect to the bastion, with the SSH error Too many authentication failures.

Root cause
I have 7 ssh keys loaded in my agent:

$ ssh-add -l|wc -l
7

Evidently too many of these were tried before the playbook's own generated key was tried. Retrying the playbook without any adjustments to SSH configuration results in the same error. Attempting to SSH manually to the bastion also results in the same error.

My Fix
Appdending -o IdentitiesOnly=yes to the ssh_args in the playbook's ansible.cfg file ensures the playbook only tries the single key that was generated, thus allowing the playbook to connect to the bastion and continue executing.

The 0.38.0 release of the eksctl utility has started to always output timestamp and version information, which breaks all the stdout checks for No clusters found strings in tasks/eks-cluster.task.yaml and eks-destroy-cluster.playbook.yaml.

Old/Working:

$ eksctl version
0.36.2

$ eksctl get cluster --region us-west-2
No clusters found

New/Noisy/Breaky:

$ eksctl version 
0.38.0

$ eksctl get cluster --region us-west-2 
2021-02-25 09:54:00 [ℹ]  eksctl version 0.38.0
2021-02-25 09:54:00 [ℹ]  using region us-west-2
No clusters found

To Reproduce
Use the repo to create a new cluster (which pulls the latest version of eksctl), or upgrade an existing bastion's eksctl version to 0.38.0

Possible fix
eksctl has a --verbose 0 flag that silences all the extra stuff, which will get the checks working again, but this still seems somewhat brittle; maybe there's a better way to check.