Nice work around, thanks a lot for sharing, for the record I am doing
something similar in other AWS oriented playbooks (e.g. to create mappings
of the AWS random subnets IDs to the actual subnet CIDR I've defined in my
var files) but I didn't think about using it here. It seems the
template/include var is a common trick for AWS playbooks but maybe that's
just my experience, meh.
Thanks again!
J.
On Wednesday, June 11, 2014 8:32:23 AM UTC-7, andreub wrote:
>
> Hi Jaime,
>
> I had the exact same problem. ec2_group modules recreates the rules every
> time you use the it, so if you're running it in a loop, it will create the
> group the rule for the last item only.
>
> A workaround that I implemented is to generate a var.yml with a var
> defined with the rules out of a template, and then source it dynamically:
>
> ---
> - name: Create rules
> sudo: False
> local_action:
> module: template src=sg_rules.j2
> dest=./roles/postgres-server/vars/rules.yml
>
> - name: Load vars
> sudo: False
> include_vars: rules.yml
>
> - name: Open ports for DB clients
> sudo: False
> local_action:
> module: ec2_group
> aws_access_key: "{{ ofertia_s3_access_key }}"
> aws_secret_key: "{{ ofertia_s3_secret_key }}"
> name: "{{ aws_sg }}"
> description: "{{ aws_sg }} group"
> region: "{{ aws_region }}"
> rules: "{{ security_rules }}"
>
> Where my j2 template is something like:
> ---
> security_rules:
> {% for trusted_host in trusted_hosts %}
> -
> proto: tcp
> from_port: 22
> to_port: 22
> cidr_ip: {{ trusted_host.ip }}/32
> -
> proto: icmp
> from_port: -1
> to_port: -1
> cidr_ip: {{ trusted_host.ip }}/32
> {% endfor %}
>
>
> Andreub
>
> El lunes, 9 de junio de 2014 22:50:33 UTC+2, Jaime Gago escribió:
>>
>> Hey there,
>> I'm trying to write a playbook that gets the latest Pingdom probe servers
>> IPs and add updates an EC2 Security groups rules with those IPs, but I'm
>> failing are iterating the IPs in the rule and only the latest IPs is added
>> (I'm replacing instead of appending). I opened an ticket on github (1) but
>> because I hadn't detailed out the whole use case it got closed without
>> really answering the issue; so I thought I'd post here see what others are
>> thinking.
>> I'm not sure whether I'm trying to hard to fit this into a playbook as I
>> have this working via a script, now of course I could call the script
>> itself but that IMHO would defeat the purpose of using Ansible in the first
>> place.
>> I understand why the playbook fails to append the rules but I haven't
>> been able to figure out a way around other than modifying the ec2_group
>> module itself.
>>
>> J.
>> (1) https://github.com/ansible/ansible/issues/7584
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/5b150bcd-1e1e-484f-b7ae-0cd6837a414d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
