search

ansible-collections / amazon.aws

Ansible Collection for Amazon AWS
GNU General Public License v3.0
304 stars 333 forks source link

amazon.aws.ec2_eip fails to allocate and associate EIPs to secondary private IPs #2218

Open biatwc opened 1 month ago

biatwc commented 1 month ago

Summary

I have multiple secondary IPs on multiple ENIs, and I'm trying to allocate and then associate EIPs to all IPs (primary and secondary) on each ENI - up to the limit the instance allows. I am using t4g.small which allows 2 interfaces with 4 IPs per interface (ref: https://docs.aws.amazon.com/ec2/latest/instancetypes/gp.html).

What I see happening is with a list of 6 items, only 2 EIPs are ever allocated and they are associated with the primary IP on each ENI. When I check the tags on the 2 EIPs that are created, I see the "ip" tag has a value that does not match the private_ip_address it has been associated with - so it looks like the loop is overwriting tags and for some reason not allocating a new EIP.

Issue Type

Bug Report

Component Name

amazon.aws.ec2_eip

Ansible Version

$ ansible --version
ansible [core 2.15.12]
python version = 3.12.4
jinja version = 3.1.4

Collection Versions

$ ansible-galaxy collection list
amazon.aws                    8.1.0

AWS SDK versions

$ pip show boto boto3 botocore
WARNING: Package(s) not found: boto
Name: boto3
Version: 1.34.131
---
Name: botocore
Version: 1.34.131

Configuration

  $ ansible-config dump --only-changed

OS / Environment

Fedora 40

Steps to Reproduce

With eni_info being:

[
        {
            "eni": "eni-02e27f806845a09de",
            "ip": "192.168.142.188"
        },
        {
            "eni": "eni-02e27f806845a09de",
            "ip": "192.168.133.224"
        },
        {
            "eni": "eni-02e27f806845a09de",
            "ip": "192.168.139.178"
        },
        {
            "eni": "eni-0fb509662f6d64604",
            "ip": "192.168.131.230"
        },
        {
            "eni": "eni-0fb509662f6d64604",
            "ip": "192.168.137.223"
        },
        {
            "eni": "eni-0fb509662f6d64604",
            "ip": "192.168.130.68"
        }
]

the below task returns changed for all items, but only 2 EIPs are ever allocated, and they are associated with the primary IP of each ENI. When I check the tags on the 2 EIPs they do not match the private_ip_address they are associated with.


- name: Associate EIP
  become: no
  delegate_to: localhost
  amazon.aws.ec2_eip:
    device_id: "{{ item.eni }}"
    private_ip_address: "{{ item.ip }}"
    in_vpc: true
    tags:
      eni: "{{ item.eni }}"
      ip: "{{ item.ip }}"
  loop: "{{ eni_info }}"

Expected Results

I expect 6 EIPs to be allocated and associated with primary and secondary private IP addresse. This can be achieved when done manually in the AWS console.

Actual Results

TASK [eip : Associate EIP] *******************************************************************************************************************************************************************************************************************
changed: [myhost -> localhost] => (item={'eni': 'eni-0fb509662f6d64604', 'ip': '192.168.131.230'})
changed: [myhost -> localhost] => (item={'eni': 'eni-0fb509662f6d64604', 'ip': '192.168.137.223'})
changed: [myhost-> localhost] => (item={'eni': 'eni-0fb509662f6d64604', 'ip': '192.168.130.68'})
changed: [myhost -> localhost] => (item={'eni': 'eni-02e27f806845a09de', 'ip': '192.168.142.188'})
changed: [myhost-> localhost] => (item={'eni': 'eni-02e27f806845a09de', 'ip': '192.168.133.224'})
changed: [myhost -> localhost] => (item={'eni': 'eni-02e27f806845a09de', 'ip': '192.168.139.178'})

Evidence of only 2 EIPs being created and associated (note the difference in tag IP and the IP assoicated):

$ aws ec2 describe-addresses --filters "Name=tag-key,Values=ip"
{
    "Addresses": [
        {
            "InstanceId": "i-01a82021739b0d47d",
            "PublicIp": "3.127.161.240",
            "AllocationId": "eipalloc-00a0505ca83eb7ab2",
            "AssociationId": "eipassoc-0d5b78915e99deba0",
            "Domain": "vpc",
            "NetworkInterfaceId": "eni-02e27f806845a09de",
            "NetworkInterfaceOwnerId": "546442592561",
            "PrivateIpAddress": "192.168.142.188",
            "Tags": [
                {
                    "Key": "ip",
                    "Value": "192.168.139.178"
                },
                {
                    "Key": "eni",
                    "Value": "eni-02e27f806845a09de"
                }
            ],
            "PublicIpv4Pool": "amazon",
            "NetworkBorderGroup": "eu-central-1"
        },
        {
            "InstanceId": "i-01a82021739b0d47d",
            "PublicIp": "3.74.1.24",
            "AllocationId": "eipalloc-0178711a6fd1d4416",
            "AssociationId": "eipassoc-023fd29137ed53faa",
            "Domain": "vpc",
            "NetworkInterfaceId": "eni-0fb509662f6d64604",
            "NetworkInterfaceOwnerId": "546442592561",
            "PrivateIpAddress": "192.168.131.230",
            "Tags": [
                {
                    "Key": "eni",
                    "Value": "eni-0fb509662f6d64604"
                },
                {
                    "Key": "ip",
                    "Value": "192.168.130.68"
                }
            ],
            "PublicIpv4Pool": "amazon",
            "NetworkBorderGroup": "eu-central-1"
        }
    ]
}

Code of Conduct

alinabuzachis commented 3 weeks ago

@biatwc Thank you for reporting this issue. Would you be willing to take the time to work on a fix and open a pull request?