AWX-EE images
334 views
Skip to first unread message
Rod Oliver
Sep 7, 2022, 6:40:09 AM9/7/22
to AWX Project
We've been using AWX 19.3.0 with the control plane EE image being awx-ee:latest from https://quay.io/repository/ansible/awx-ee. A dev environment AWX instance got reprovisioned and out of the blue project sync errors appeared when the project included collections on our internal GitHub Enterprise instance. The error is that below.
I'm wondering whether this error is related to a change in the image "awx-ee:latest".
```
Traceback (most recent call last):
File "/usr/local/bin/ansible-galaxy", line 97, in <module>
mycli = getattr(__import__("ansible.cli.%s" % sub, fromlist=[myclass]), myclass)
File "/usr/local/lib/python3.8/site-packages/ansible/cli/galaxy.py", line 24, in <module>
from ansible.galaxy.api import GalaxyAPI
File "/usr/local/lib/python3.8/site-packages/ansible/galaxy/api.py", line 28, in <module>
from ansible.module_utils.urls import open_url, prepare_multipart
File "/usr/local/lib/python3.8/site-packages/ansible/module_utils/urls.py", line 115, in <module>
from urllib3.contrib.pyopenssl import PyOpenSSLContext
File "/usr/lib/python3.8/site-packages/urllib3/contrib/pyopenssl.py", line 46, in <module>
import OpenSSL.SSL
File "/usr/local/lib/python3.8/site-packages/OpenSSL/__init__.py", line 8, in <module>
from OpenSSL import crypto, SSL
File "/usr/local/lib/python3.8/site-packages/OpenSSL/crypto.py", line 1517, in <module>
class X509StoreFlags(object):
File "/usr/local/lib/python3.8/site-packages/OpenSSL/crypto.py", line 1537, in X509StoreFlags
CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK
AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'
```
I think the source code used to build this image is https://github.com/ansible/awx-ee.
The last tag that wasn't "latest" on "awx-ee from https://quay.io/repository/ansible/awx-ee, which matches the last tag in https://github.com/ansible/awx-ee.
Are there any plans to use immutable tags on this image, or should I treat the images in https://quay.io/repository/ansible/awx-ee as being someone's development playground and that is my responsibility to build my own control plane EE image, if I want a stable image?
I'm wondering whether this error is related to a change in the image "awx-ee:latest".
```
Traceback (most recent call last):
File "/usr/local/bin/ansible-galaxy", line 97, in <module>
mycli = getattr(__import__("ansible.cli.%s" % sub, fromlist=[myclass]), myclass)
File "/usr/local/lib/python3.8/site-packages/ansible/cli/galaxy.py", line 24, in <module>
from ansible.galaxy.api import GalaxyAPI
File "/usr/local/lib/python3.8/site-packages/ansible/galaxy/api.py", line 28, in <module>
from ansible.module_utils.urls import open_url, prepare_multipart
File "/usr/local/lib/python3.8/site-packages/ansible/module_utils/urls.py", line 115, in <module>
from urllib3.contrib.pyopenssl import PyOpenSSLContext
File "/usr/lib/python3.8/site-packages/urllib3/contrib/pyopenssl.py", line 46, in <module>
import OpenSSL.SSL
File "/usr/local/lib/python3.8/site-packages/OpenSSL/__init__.py", line 8, in <module>
from OpenSSL import crypto, SSL
File "/usr/local/lib/python3.8/site-packages/OpenSSL/crypto.py", line 1517, in <module>
class X509StoreFlags(object):
File "/usr/local/lib/python3.8/site-packages/OpenSSL/crypto.py", line 1537, in X509StoreFlags
CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK
AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'
```
I think the source code used to build this image is https://github.com/ansible/awx-ee.
The last tag that wasn't "latest" on "awx-ee from https://quay.io/repository/ansible/awx-ee, which matches the last tag in https://github.com/ansible/awx-ee.
Are there any plans to use immutable tags on this image, or should I treat the images in https://quay.io/repository/ansible/awx-ee as being someone's development playground and that is my responsibility to build my own control plane EE image, if I want a stable image?
Rod Oliver
m.ne...@cityscoot.eu
Sep 8, 2022, 3:25:27 AM9/8/22
to awx-p...@googlegroups.com
I am having the same behavior since about 24 hours on version 21.4
TASK [backup_haproxy_conf : Upload files to s3] ********************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'
fatal: [pra-haproxy1 -> 127.0.0.1({{ private_ip_address }})]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\\n File \\"/home/runner/.ansible/tmp/ansible-tmp-1662580960.1664975-55-35395008714411/AnsiballZ_aws_s3.py\\", line 107, in <module>\\n _ansiballz_main()\\n File \\"/home/runner/.ansible/tmp/ansible-tmp-1662580960.1664975-55-35395008714411/AnsiballZ_aws_s3.py\\", line 99, in _ansiballz_main\\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\\n File \\"/home/runner/.ansible/tmp/ansible-tmp-1662580960.1664975-55-35395008714411/AnsiballZ_aws_s3.py\\", line 47, in invoke_module\\n runpy.run_module(mod_name='ansible_collections.amazon.aws.plugins.modules.aws_s3', init_globals=dict(_module_fqn='ansible_collections.amazon.aws.plugins.modules.aws_s3', _modlib_path=modlib_path),\\n File \\"/usr/lib64/python3.8/runpy.py\\", line 207, in run_module\\n return _run_module_code(code, init_globals, run_name, mod_spec)\\n File \\"/usr/lib64/python3.8/runpy.py\\", line 97, in _run_module_code\\n _run_code(code, mod_globals, init_globals,\\n File \\"/usr/lib64/python3.8/runpy.py\\", line 87, in _run_code\\n exec(code, run_globals)\\n File \\"/tmp/ansible_aws_s3_payload_j4i98cxe/ansible_aws_s3_payload.zip/ansible_collections/amazon/aws/plugins/modules/aws_s3.py\\", line 317, in <module>\\n File \\"<frozen importlib._bootstrap>\\", line 991, in _find_and_load\\n File \\"<frozen importlib._bootstrap>\\", line 975, in _find_and_load_unlocked\\n File \\"<frozen importlib._bootstrap>\\", line 655, in _load_unlocked\\n File \\"<frozen importlib._bootstrap>\\", line 618, in _load_backward_compatible\\n File \\"<frozen zipimport>\\", line 259, in load_module\\n File \\"/tmp/ansible_aws_s3_payload_j4i98cxe/ansible_aws_s3_payload.zip/ansible_collections/amazon/aws/plugins/module_utils/core.py\\", line 74, in <module>\\n File \\"<frozen importlib._bootstrap>\\", line 991, in _find_and_load\\n File \\"<frozen importlib._bootstrap>\\", line 975, in _find_and_load_unlocked\\n File \\"<frozen importlib._bootstrap>\\", line 655, in _load_unlocked\\n File \\"<frozen importlib._bootstrap>\\", line 618, in _load_backward_compatible\\n File \\"<frozen zipimport>\\", line 259, in load_module\\n File \\"/tmp/ansible_aws_s3_payload_j4i98cxe/ansible_aws_s3_payload.zip/ansible_collections/amazon/aws/plugins/module_utils/ec2.py\\", line 65, in <module>\\n File \\"/usr/local/lib/python3.8/site-packages/boto3/__init__.py\\", line 17, in <module>\\n from boto3.session import Session\\n File \\"/usr/local/lib/python3.8/site-packages/boto3/session.py\\", line 17, in <module>\\n import botocore.session\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/session.py\\", line 26, in <module>\\n import botocore.client\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/client.py\\", line 17, in <module>\\n from botocore import waiter, xform_name\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/waiter.py\\", line 18, in <module>\\n from botocore.docs.docstring import WaiterDocstring\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/docs/__init__.py\\", line 15, in <module>\\n from botocore.docs.service import ServiceDocumenter\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/docs/service.py\\", line 14, in <module>\\n from botocore.docs.client import ClientDocumenter, ClientExceptionsDocumenter\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/docs/client.py\\", line 14, in <module>\\n from botocore.docs.example import ResponseExampleDocumenter\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/docs/example.py\\", line 13, in <module>\\n from botocore.docs.shape import ShapeDocumenter\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/docs/shape.py\\", line 19, in <module>\\n from botocore.utils import is_json_value_header\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/utils.py\\", line 34, in <module>\\n import botocore.httpsession\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/httpsession.py\\", line 41, in <module>\\n from urllib3.contrib.pyopenssl import orig_util_SSLContext as SSLContext\\n File \\"/usr/lib/python3.8/site-packages/urllib3/contrib/pyopenssl.py\\", line 46, in <module>\\n import OpenSSL.SSL\\n File \\"/usr/local/lib/python3.8/site-packages/OpenSSL/__init__.py\\", line 8, in <module>\\n from OpenSSL import crypto, SSL\\n File \\"/usr/local/lib/python3.8/site-packages/OpenSSL/crypto.py\\", line 1517, in <module>\\n class X509StoreFlags(object):\\n File \\"/usr/local/lib/python3.8/site-packages/OpenSSL/crypto.py\\", line 1537, in X509StoreFlags\\n CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK\\nAttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'\\n", "module_stdout": "", "msg": "MODULE FAILURE\\nSee stdout/stderr for the exact error", "rc": 1}
Regards,
Michael
On 07/09/2022 12:39, Rod Oliver <rodo...@gmail.com> wrote:
> We've been using AWX 19.3.0 with the control plane EE image being
> awx-ee:latest from https://quay.io/repository/ansible/awx-ee
> <https://quay.io/repository/ansible/awx-ee>. A dev environment AWX
> https://github.com/ansible/awx-ee <https://github.com/ansible/awx-ee>.
> <https://quay.io/repository/ansible/awx-ee>, which matches the last tag
> in https://github.com/ansible/awx-ee <https://github.com/ansible/awx-ee>.
> You received this message because you are subscribed to the Google
> Groups "AWX Project" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to awx-project...@googlegroups.com
> <mailto:awx-project...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/awx-project/CAGaNFzOaaPdD91Ys5XG2%2BYHXMQ3QpvZA9OeXmn6xS9OxKTF%3Drw%40mail.gmail.com <https://groups.google.com/d/msgid/awx-project/CAGaNFzOaaPdD91Ys5XG2%2BYHXMQ3QpvZA9OeXmn6xS9OxKTF%3Drw%40mail.gmail.com?utm_medium=email&utm_source=footer>.
>
TASK [backup_haproxy_conf : Upload files to s3] ********************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'
fatal: [pra-haproxy1 -> 127.0.0.1({{ private_ip_address }})]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\\n File \\"/home/runner/.ansible/tmp/ansible-tmp-1662580960.1664975-55-35395008714411/AnsiballZ_aws_s3.py\\", line 107, in <module>\\n _ansiballz_main()\\n File \\"/home/runner/.ansible/tmp/ansible-tmp-1662580960.1664975-55-35395008714411/AnsiballZ_aws_s3.py\\", line 99, in _ansiballz_main\\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\\n File \\"/home/runner/.ansible/tmp/ansible-tmp-1662580960.1664975-55-35395008714411/AnsiballZ_aws_s3.py\\", line 47, in invoke_module\\n runpy.run_module(mod_name='ansible_collections.amazon.aws.plugins.modules.aws_s3', init_globals=dict(_module_fqn='ansible_collections.amazon.aws.plugins.modules.aws_s3', _modlib_path=modlib_path),\\n File \\"/usr/lib64/python3.8/runpy.py\\", line 207, in run_module\\n return _run_module_code(code, init_globals, run_name, mod_spec)\\n File \\"/usr/lib64/python3.8/runpy.py\\", line 97, in _run_module_code\\n _run_code(code, mod_globals, init_globals,\\n File \\"/usr/lib64/python3.8/runpy.py\\", line 87, in _run_code\\n exec(code, run_globals)\\n File \\"/tmp/ansible_aws_s3_payload_j4i98cxe/ansible_aws_s3_payload.zip/ansible_collections/amazon/aws/plugins/modules/aws_s3.py\\", line 317, in <module>\\n File \\"<frozen importlib._bootstrap>\\", line 991, in _find_and_load\\n File \\"<frozen importlib._bootstrap>\\", line 975, in _find_and_load_unlocked\\n File \\"<frozen importlib._bootstrap>\\", line 655, in _load_unlocked\\n File \\"<frozen importlib._bootstrap>\\", line 618, in _load_backward_compatible\\n File \\"<frozen zipimport>\\", line 259, in load_module\\n File \\"/tmp/ansible_aws_s3_payload_j4i98cxe/ansible_aws_s3_payload.zip/ansible_collections/amazon/aws/plugins/module_utils/core.py\\", line 74, in <module>\\n File \\"<frozen importlib._bootstrap>\\", line 991, in _find_and_load\\n File \\"<frozen importlib._bootstrap>\\", line 975, in _find_and_load_unlocked\\n File \\"<frozen importlib._bootstrap>\\", line 655, in _load_unlocked\\n File \\"<frozen importlib._bootstrap>\\", line 618, in _load_backward_compatible\\n File \\"<frozen zipimport>\\", line 259, in load_module\\n File \\"/tmp/ansible_aws_s3_payload_j4i98cxe/ansible_aws_s3_payload.zip/ansible_collections/amazon/aws/plugins/module_utils/ec2.py\\", line 65, in <module>\\n File \\"/usr/local/lib/python3.8/site-packages/boto3/__init__.py\\", line 17, in <module>\\n from boto3.session import Session\\n File \\"/usr/local/lib/python3.8/site-packages/boto3/session.py\\", line 17, in <module>\\n import botocore.session\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/session.py\\", line 26, in <module>\\n import botocore.client\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/client.py\\", line 17, in <module>\\n from botocore import waiter, xform_name\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/waiter.py\\", line 18, in <module>\\n from botocore.docs.docstring import WaiterDocstring\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/docs/__init__.py\\", line 15, in <module>\\n from botocore.docs.service import ServiceDocumenter\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/docs/service.py\\", line 14, in <module>\\n from botocore.docs.client import ClientDocumenter, ClientExceptionsDocumenter\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/docs/client.py\\", line 14, in <module>\\n from botocore.docs.example import ResponseExampleDocumenter\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/docs/example.py\\", line 13, in <module>\\n from botocore.docs.shape import ShapeDocumenter\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/docs/shape.py\\", line 19, in <module>\\n from botocore.utils import is_json_value_header\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/utils.py\\", line 34, in <module>\\n import botocore.httpsession\\n File \\"/usr/local/lib/python3.8/site-packages/botocore/httpsession.py\\", line 41, in <module>\\n from urllib3.contrib.pyopenssl import orig_util_SSLContext as SSLContext\\n File \\"/usr/lib/python3.8/site-packages/urllib3/contrib/pyopenssl.py\\", line 46, in <module>\\n import OpenSSL.SSL\\n File \\"/usr/local/lib/python3.8/site-packages/OpenSSL/__init__.py\\", line 8, in <module>\\n from OpenSSL import crypto, SSL\\n File \\"/usr/local/lib/python3.8/site-packages/OpenSSL/crypto.py\\", line 1517, in <module>\\n class X509StoreFlags(object):\\n File \\"/usr/local/lib/python3.8/site-packages/OpenSSL/crypto.py\\", line 1537, in X509StoreFlags\\n CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK\\nAttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'\\n", "module_stdout": "", "msg": "MODULE FAILURE\\nSee stdout/stderr for the exact error", "rc": 1}
Regards,
Michael
On 07/09/2022 12:39, Rod Oliver <rodo...@gmail.com> wrote:
> We've been using AWX 19.3.0 with the control plane EE image being
> awx-ee:latest from https://quay.io/repository/ansible/awx-ee
> <https://quay.io/repository/ansible/awx-ee>, which matches the last tag
> in https://github.com/ansible/awx-ee <https://github.com/ansible/awx-ee>.
>
> Are there any plans to use immutable tags on this image, or should I
> treat the images in https://quay.io/repository/ansible/awx-ee
> <https://quay.io/repository/ansible/awx-ee> as being someone's
> development playground and that is my responsibility to build my own
> control plane EE image, if I want a stable image?
>
> Rod Oliver
>
> --
> Are there any plans to use immutable tags on this image, or should I
> treat the images in https://quay.io/repository/ansible/awx-ee
> <https://quay.io/repository/ansible/awx-ee> as being someone's
> development playground and that is my responsibility to build my own
> control plane EE image, if I want a stable image?
>
> Rod Oliver
>
> You received this message because you are subscribed to the Google
> Groups "AWX Project" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to awx-project...@googlegroups.com
> <mailto:awx-project...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/awx-project/CAGaNFzOaaPdD91Ys5XG2%2BYHXMQ3QpvZA9OeXmn6xS9OxKTF%3Drw%40mail.gmail.com <https://groups.google.com/d/msgid/awx-project/CAGaNFzOaaPdD91Ys5XG2%2BYHXMQ3QpvZA9OeXmn6xS9OxKTF%3Drw%40mail.gmail.com?utm_medium=email&utm_source=footer>.
>
AWX Project
Sep 9, 2022, 1:06:12 PM9/9/22
to AWX Project
Hi! this was a bug in awx-ee, and should be fixed in awx-ee:latest as of yesterday
here is the PR that fixed it https://github.com/ansible/awx-ee/pull/136
We pinned the cryptography library to 37.04
Try again with this latest image (you may need to temporarily set "always pull" on your EE to trigger the system to redownload the latest image)
AWX Team
Rod Oliver
Sep 11, 2022, 11:59:58 PM9/11/22
to awx-p...@googlegroups.com
Hi AWX Team,
Thanks for the notification. Indeed redeploying pulled the fixed image (I set "image_pull_policy: Always") and resolved the issue.
Do you have any plans to regularly produce immutably tagged awx-ee images? I see that you have a GitHub Actions workflow called "Release" that would do this, but it hasn't run for a long time. I always aim to consume images that are immutably tagged.
Best regards
Rod Oliver
To unsubscribe from this group and stop receiving emails from it, send an email to awx-project...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/93c2b0e5-b852-4686-85d0-5cd5dec66a6an%40googlegroups.com.
AWX Project
Sep 14, 2022, 2:47:09 PM9/14/22
to AWX Project
There are a couple of issues talking about creating more static tags like we used to:
https://github.com/ansible/awx-ee/issues/117
https://github.com/ansible/awx-ee/issues/125
https://github.com/ansible/awx-ee/issues/117
https://github.com/ansible/awx-ee/issues/125
Please upvote those issues so we can get that work prioritized.
-The AWX Team
Reply all
Reply to author
Forward
0 new messages