Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

route53: always thinks alias record has changed #192

Closed
geerlingguy opened this issue Aug 17, 2020 · 3 comments
Closed

route53: always thinks alias record has changed #192

geerlingguy opened this issue Aug 17, 2020 · 3 comments
Labels
affects_2.10 bug This issue/PR relates to a bug module module plugins plugin (any type) waiting_on_contributor Needs help. Feel free to engage to get things unblocked

Comments

@geerlingguy
Copy link

geerlingguy commented Aug 17, 2020
edited
Loading

SUMMARY

See: ansible/ansible#29858

Using command=create with the route53 module for an alias record without overwrite=yes fails when the record already exists. It correctly detects matching record if you are not using alias records.

The problem is the module accepts a domain without a trailing dot, e.g. www.example.com, but the route53_info module returns the domain with a trailing dot (e.g. www.example.com.), so it seems that's what Ansible is using for the comparison, thus causing the error.

ISSUE TYPE
  • Bug Report
COMPONENT NAME

route53

ANSIBLE VERSION
2.9.12
CONFIGURATION
N/A
OS / ENVIRONMENT

macOS / Linux (all)

STEPS TO REPRODUCE
  - name: Create A record alias for proxy node
    route53:
      aws_access_key: "{{aws_access_key}}"
      aws_secret_key: "{{aws_secret_key}}"
      zone: "larkave.com"
      command: create
      type: A
      alias: True
      alias_hosted_zone_id: "{{ kube_proxy_zone_id }}"
      value: "{{ kube_proxy_dns_name }}"
      record: "proxy.{{ kube_dns_domain }}"
      ttl: 300
EXPECTED RESULTS
ok: [localhost]
ACTUAL RESULTS
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "invocation": {"module_args": {"alias": true, "alias_hosted_zone_id": "Z33MTJ483KN6FU", "aws_access_key": "AKIAJJU7TXWYTYP4GQAA", "aws_secret_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "command": "create", "ec2_url": null, "failover": null, "health_check": null, "hosted_zone_id": null, "identifier": null, "overwrite": null, "private_zone": false, "profile": null, "record": "proxy.larkave.com", "region": null, "retry_interval": 500, "security_token": null, "ttl": 300, "type": "A", "validate_certs": true, "value": "tst-kube-proxy-1257808881.us-west-2.elb.amazonaws.com", "vpc_id": null, "weight": null, "zone": "larkave.com"}, "module_name": "route53"}, "msg": "Record already exists with different value. Set 'overwrite' to replace it"}
Notes

From @petrosad's comment in the original issue:

To prevent the route53 module from always indicating that alias records have changed even when in fact they haven't, the following is required:

  1. Lower-case the value of the alias record
  2. Make sure the value ends in a dot
  3. Make sure the value has no leading or trailing spaces
  4. Make sure the alias_hosted_zone_id is all uppercase

Then this works exactly as expected. Without all of the above in place, the module will flag records as always changed.
@geerlingguy geerlingguy mentioned this issue Aug 17, 2020
Closed
@ansibullbot
Copy link

Files identified in the description:

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

@ansibullbot
Copy link

cc @jillr @jimbydamonk @s-hertel @tremble @wimnat
click here for bot help

@ansibullbot ansibullbot added affects_2.10 bug This issue/PR relates to a bug module module needs_triage labels Aug 19, 2020
@ansibullbot ansibullbot added plugins plugin (any type) labels Aug 27, 2020
@gravesm gravesm added waiting_on_contributor Needs help. Feel free to engage to get things unblocked and removed needs_triage labels Feb 12, 2021
@tremble
Copy link
Contributor

tremble commented Oct 16, 2021

Thanks for copying this over @geerlingguy,

The Route53 module was rewritten to use the boto3 SDK (#405) and then had work done to fix the idempotency (#525). Looking at the integration tests this issue should now be resolved.

@tremble tremble closed this as completed Oct 16, 2021
alinabuzachis pushed a commit to alinabuzachis/community.aws that referenced this issue May 25, 2022
@dlundgren
Adds the ability to use bypath to aws_secrets lookup (ansible-collect…
3ef1de8 
…ions#192)

* Adds the ability to use bypath to aws_secrets lookup

* Fix up some linting format

* Fixes from rebase

* Updated per code review

* Add changelog fragment

* Add the PR link to the changelog

* Fix documentation
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
affects_2.10 bug This issue/PR relates to a bug module module plugins plugin (any type) waiting_on_contributor Needs help. Feel free to engage to get things unblocked
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tremble @geerlingguy @gravesm @ansibullbot