Ansible module ec2_ami_copy

[Cvijan Uros]

Hi all, 

I have a question regarding this module and creating encrypted image. 

I have the latest version of Ansible tower,asnible, boto. On centos 7, all installed from repositories. (i even tested it with ansible 2.2 release candidate, as it says that version 2.2 is needed), but it wont work with it either.  

If i remove the encrypted and kms_key_id, module works. but it wont work with these two parameters. 

And copying encrypted image just wont work. I get the message: 

"msg": "UnknownParameter: The parameter Encrypted is not recognized"

Can anyone provide some assistance what is it that is wrong? 

Thanks, 

Uros

[joba...@ansible.com]

Hi,

1) Just checking, are you using "encrypted" (lowercase)

2) Can you please provide the output of:

ansible-playbook --version

3) Can you please copy & paste just the failing task from your playbook (remembering to remove any sensitive data)

FYI the code to add int encrypted and kms_key_id was added at the end of May by https://github.com/ansible/ansible-modules-extras/commit/0ba34435cf6896a6bcf1039cb04fde0d426fad4e#diff-f3b7742028fc91b33de9fee0daabc496

Thanks,

John Barker

[Cvijan Uros]

Hi John, 

Thank you for reply. 

1) yes, it is all lower case, you will see in the playbook itself. 

2) ansible-playbook --version

ansible-playbook 2.2.0.0

  config file = /etc/ansible/ansible.cfg

  configured module search path = Default w/o overrides

This is installed on separate server for testing purposes. But this happened with every release i tried, even with the 3.0, from git, and with latest stable from repository. 

3) This is the playbook: 

---

- name: 'Create encrypted AMI'

  hosts: localhost

  connection: local

  gather_facts: False

  vars_files:

   - "vars/global.yml"

  tasks:

  - name: 'Copy image'

    ec2_ami_copy:

      description: "Encrypted image"

      aws_access_key: "{{ ec2_access_key }}"

      aws_secret_key: "{{ ec2_secret_key }}"

      source_region: "{{ ec2_region }}"

      region: "{{ ec2_region }}"

      source_image_id: "{{ ec2_image_id }}"

      encrypted: yes

      kms_key_id: "{{ ec2_encrypt_key }}"

4) This is the whole error i get with -vvv: 

 [WARNING]: provided hosts list is empty, only localhost is available

PLAYBOOK: create_enc.yml *******************************************************

1 plays in /var/lib/awx/projects/test/create_enc.yml

PLAY [Create encrypted AMI] ****************************************************

TASK [Copy image] **************************************************************

task path: /var/lib/awx/projects/test/create_enc.yml:10

Using module file /usr/lib/python2.7/site-packages/ansible/modules/extras/cloud/amazon/ec2_ami_copy.py

<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: root

<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1477638624.19-200038182352706 `" && echo ansible-tmp-1477638624.19-200038182352706="` echo $HOME/.ansible/tmp/ansible-tmp-1477638624.19-200038182352706 `" ) && sleep 0'

<127.0.0.1> PUT /tmp/tmpCTcaiy TO /root/.ansible/tmp/ansible-tmp-1477638624.19-200038182352706/ec2_ami_copy.py

<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1477638624.19-200038182352706/ /root/.ansible/tmp/ansible-tmp-1477638624.19-200038182352706/ec2_ami_copy.py && sleep 0'

<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-tmp-1477638624.19-200038182352706/ec2_ami_copy.py; rm -rf "/root/.ansible/tmp/ansible-tmp-1477638624.19-200038182352706/" > /dev/null 2>&1 && sleep 0'

fatal: [localhost]: FAILED! => {

    "changed": false,

    "failed": true,

    "invocation": {

        "module_args": {

            "aws_access_key": "*************",

            "aws_secret_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",

            "description": "Encrypted image",

            "ec2_url": null,

            "encrypted": true,

            "kms_key_id": "**********",

            "name": null,

            "profile": null,

            "region": "eu-central-1",

            "security_token": null,

            "source_image_id": "********",

            "source_region": "eu-central-1",

            "tags": null,

            "validate_certs": true,

            "wait": false,

            "wait_timeout": "1200"

        },

        "module_name": "ec2_ami_copy"

    },

    "msg": "UnknownParameter: The parameter Encrypted is not recognized"

}

        to retry, use: --limit @/var/lib/awx/projects/test/create_enc.retry

PLAY RECAP *********************************************************************

localhost                  : ok=0    changed=0    unreachable=0    failed=1

Thank again for taking time to look at the problem. 

Uros

[Cvijan Uros]

Hi John, 

Do you maybe know something more based on the answers below?