[ansible-project] RDS DB instance and EC2 security group are in different VPCs

[Ian Williamson]

I am trying to create an RDS MySQL instance in AWS using the Ansible rds 
module.

It works fine if I do not provide subnet or SG parameters. it will deploys 
into the default VPC. However I need to be able to define the VPC for the 
instance to install into.

It seams that the rds module does not suport a "vpc_id" parameter. it has 
got "subnet" and "vpc_security_groups" parameters, but when I specify 
values for those I get

"msg": "Failed to create instance: The DB instance and EC2 [security group 
| subnet] are in different VPCs. The DB instance is in vpc- and 
the EC2 [security group | subnet] is in vpc-"


Is the rds module only capable of deploying to the default VPC?


Example play:

  - name: Create RDS MySQL

rds:

command: create

instance_name: mydb

db_engine: MySQL

size: 10

instance_type: db.t2.micro

publicly_accessible: no

# vpc_id: "{{ vpc.id }}" (Parameter does not exist error)

# subnet: "{{ subnet.id }}" (in different VPCs error)

# vpc_security_groups: "{{ sg.id }}" (in different VPCs error)

region: "{{ ec2_region }}"

username: admin

password: xyz123


I have tried making modifications to use "rds_instance" instead of "rds" 
module. I ended up in the same place. The play will create an instance in 
the default VPC but I don't know how to create the instance in the target 
VPC, so that the instance will connects to the correct subset and SG. Is 
this a bug? Should I log it to the Ansible project?


Error: "EC2 security group are in different VPCs. The DB instance is in 
vpc- and the EC2 security group is in vpc-"


- name: Create RDS MySQL

  #rds

  rds_instance:

  # command: create

  # instance_name: mydb

  db_name: mydb

  db_instance_identifier: mydb

  # db_engine: MySQL

  engine: MySQL

  # size: 10

  allocated_storage: 10

  instance_type: db.t2.micro

  publicly_accessible: no

  # db_subnet_groups vpc_id: "{{ vpc.id }}"

  # subnet: "{{ subnet.id }}"

  # vpc_security_groups: "{{ sgid }}"

  vpc_security_group_ids: "{{ sgid }}"

  region: "{{ ec2_region }}"

  username: admin

  password: xyz123

  tags:

Environment: testing

Application: cms

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5b0afdbb-de33-4e39-ae8d-b4f988290665%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] RDS module

[Guy Knights]

What's the difference between the rds module vs the rds_instance module? It
seems like they do the same thing. I assumed that rds_instance is a
replacement for rds since it's only been added in Ansible 2.7 but I don't
see anything mentioning deprecation or replacement. Just curious more than
anything.

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAFtmDk8_GERi9G4VR2nohDHno5ii9eGP4zMKbPgKWz7weBfzcg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] RDS Event Subscription

[Rajiv Narula]

Hi,

Does Ansible have support for *Event Subscription* for *RDS* ?

I could not find any references here 
http://docs.ansible.com/ansible/latest/modules/rds_module.html

Thanks,

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1a20a480-8c81-4fbf-8f43-e58b8c3911b3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] RDS

[daniel]

Hi i an mew to ansible and i cant get an rds snapshot to be deployed using 
ansible. can enyone send me an working yml file that i can rebuild it in my 
DR script please

Disclaimer
The information contained in this communication from the sender is confidential 
and may be legally 
privileged. It is intended solely for use by recipient and others authorized to 
receive it. If you 
are not the recipient you are hereby notified that any disclosure, copying, 
distribution or taking 
action in reliance of the contents of this information is strictly prohibited 
and may be unlawful.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/16abedba-11f5-4622-b75e-395cd3e5843c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] rds module - storage parameters

[a_folgueira]

Hello

Is there a way on the rds module to specify the rds instance storage type, 
if it is encrypted and the kms key used for encryption?

Thanks 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/66b48d80-97fa-44ac-967c-78d8183c9d0f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] RDS instance snapshot and restore

[Tony]

Hi All,
I am trying to create a playbook intend to create an RDS MySQL snapshot and 
then create a restore form the snapshot. I used the aws cli locally and it 
works but don't know how to translate the commands in a ansible playbook. 
In my understanding Ansiblee use ssh but I can't ssh the rds instance. 
Anybody can help me?

Thanks

Tony

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/61ca5bc4-b2b0-4f49-94f1-4fbf945abaa8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] rds ansible module throwing error allowmajorupgradeversion

[Nitin Ayyagari]

I'm trying to upgrade mysql rds from 5.5 to 5.6 using ansible rds module. 
However its throwing that AllowMajorUpgradeVersion flag must be present but 
docs donot have that option. can anyone help me please how to pass this 
parameter

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6d64a1ce-59c4-4149-bb5c-4ed5c24de8ba%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] rds module | determining endpoint when module exits without complete result data

[Darren S.]

OS X 10.10.5
Python 2.7.11
Ansible 2.0.2.0
boto 2.40.0
boto3 1.3.1
botocore 1.4.24


Using the following tasks in a play:

- name: db | rds | create RDS instance
  become: no
  local_action: rds
  args:
command: create
instance_name: "{{ rds_instance_name }}"
instance_type: "{{ rds_instance_class }}"
vpc_security_groups: "{{ rds_instance_vpc_security_groups }}"
multi_zone: "{{ rds_instance_multi_zone }}"
subnet: "{{ rds_instance_subnet_group }}"
db_engine: "{{ rds_instance_engine }}"
publicly_accessible: "{{ rds_instance_public }}"
db_name: "{{ mysql_app_db_name }}"
size: "{{ mysql_app_db_size }}"
username: "{{ mysql_admin_user }}"
password: "{{ mysql_admin_pass }}"
  async: 600
  poll: 60
  register: rds
  tags: [db, rds]

- name: db | rds | output db info
  debug:
msg: "The new MySQL DB endpoint is {{ rds.instance.endpoint }}"
#var: rds
  tags: [db, rds]


The result is that data in rds.instance is not populated completely at
the time the module returns successfully (changed status in this
case). Importantly, the 'endpoint' value is not missing. In the AWS
RDS console, it can be seen that the RDS instance is continuing to be
deployed (in "modifying" status for several minutes) and has not
populated a number of attributes. This is the result in Ansible when
it returns "early":


TASK [app : db | rds | create RDS instance] **
changed: [example.com -> localhost]


TASK [app : db | rds | output db info] 
ok: [example.com] => {
"msg": "The new MySQL DB endpoint is "
}

Though above, the debug 'msg' attribute shows in this case that
rd.instance.endpoint is empty, on a previous run I dumped the rds
variable and it shows many fields unpopulated:


TASK [app : db | rds | output db info] 
ok: [example.com] => {
"rds": {
"ansible_job_id": "34553352208.25036",
"changed": false,
"finished": 1,
"instance": {
"availability_zone": "us-west-2b",
"backup_retention": 1,
"create_time": 1464425508.477,
"endpoint": null,
"id": "database",
"instance_type": "db.m4.large",
"iops": null,
"maintenance_window": "sun:10:23-sun:10:53",
"multi_zone": false,
"port": null,
"replication_source": null,
"status": "modifying",
"username": "mysqladmin",
"vpc_security_groups": "sg-4f02f029"
}
}
}


In the examples [1] for the Ansible rds module, the task uses
wait/wait_timeout before returning and shows that the registered
variable has a full set of fields. I assumed that since the RDS
instance creation can take a great deal of time on AWS side, it may be
better to use asynchronous calls to avoid any long waits/timeouts.
Should this work properly using async/poll? Any reason why the module
returns but is not able to supply a complete instance dictionary? Is
there a better approach for this case?

[1] http://docs.ansible.com/ansible/rds_module.html

Regards,

-- 
Darren Spruell
phatbuck...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAKVSOJW2Rvywbt%3Dm-fPGABsGzdmZRszLL_09nBQJ3qNz%2BFJSXw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] rds module doesn't support/allow Boto config file?

[Darren S.]

Attempting to provision an AWS RDS instance using
http://docs.ansible.com/ansible/rds_module.html. The module indicates
that it requires boto, which itself can read configuration data from a
number of paths including ~/.boto [1]. However the module indicates
that the 'region' parameter is required, or if not specified, the
EC2_REGION environment variable. Without providing the region in
either of those settings, the play does indeed error out:


TASK [create database] **

fatal: [example.com -> localhost]: FAILED! => {"changed": false,
"failed": true, "msg": "Region not specified. Unable to determine
region from EC2_REGION."}


Is it intentional that the module does not support Boto's
configuration file parameters? In this case, Boto is configured with
appropriate settings:


# ~/.boto
[Credentials]
aws_access_key_id = 
aws_secret_access_key = *

[Boto]
ec2_region_name = us-west-2


It would be a duplication of config to have to also extract the region
name out to a shell environment file. Can this module be allowed to
support the dependent library's native configuration in the event that
either region parameter is not explicitly set?

[1] http://docs.pythonboto.org/en/latest/boto_config_tut.html

Kind regards,

-- 
Darren Spruell
phatbuck...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAKVSOJUzG7PGEK4BdHu%3DwOm%3D5ruWXZf8Vc3OabtCDKKcRd%2B0ww%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] RDS Module "promote" function not working. Reporting "ok", but not making a change.

[Sena Heydari]

The role play:

- name: Promote Read-Replica to New Standalone RDS Instance

  rds:

command: promote

instance_name: new-db

aws_access_key: "{{ some-key }}"

aws_secret_key: "{{ some-secret }}"

region: us-east-1


Output from - (anonymized):


<127.0.0.1> REMOTE_MODULE rds region=us-east-1 command=promote 
aws_access_key=some-key aws_secret_key=some-secret instance_name=new-db

<127.0.0.1> EXEC ['/bin/sh', '-l', '-c', 'mkdir -p 
$HOME/.ansible/tmp/ansible-tmp-1435075726.85-46917134810376 && chmod a+rx 
$HOME/.ansible/tmp/ansible-tmp-1435075726.85-46917134810376 && echo 
$HOME/.ansible/tmp/ansible-tmp-1435075726.85-46917134810376']

<127.0.0.1> PUT /tmp/tmpvipCL4 TO 
/home/dir/.ansible/tmp/ansible-tmp-1435075726.85-46917134810376/rds

<127.0.0.1> EXEC ['/bin/sh', '-l', '-c', u'LANG=en_US.UTF-8 
LC_CTYPE=en_US.UTF-8 /usr/bin/python 
/home/dir/.ansible/tmp/ansible-tmp-1435075726.85-46917134810376/rds; rm -rf 
/home/dir/.ansible/tmp/ansible-tmp-1435075726.85-46917134810376/ >/dev/null 
2>&1']

ok: [127.0.0.1] => {"changed": false, "instance": {"availability_zone": 
"us-east-1d", "backup_retention": 0, "create_time": 1435073003.518, 
"endpoint": "new-db.account-num.us-east-1.rds.amazonaws.com", "id": 
"new-db", "instance_type": "db.m3.large", "iops": null, 
"maintenance_window": "mon:03:00-mon:03:30", "multi_zone": false, "port": 
3306, "replication_source": "source-db", "status": "available", "username": 
"someroot", "vpc_security_groups": "sg-something"}}


Testing run with full RDS rights for user with access-key/secret. 


Boto Version also up to date:


Type "help", "copyright", "credits" or "license" for more information.

>>> import boto

>>> boto.Version

'2.38.0'


Play runs as "ok", but I confirmed the DB is still read-replica in AWS 
console. 


Anything obvious I'm missing, or is this a bug?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/9c5797d5-c193-4cb5-8ef4-95b7cfa6d86e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] RDS Module Doesn't Promote Read-Replica Properly

[Sena Heydari]

Boto version is 2.38, AWS credentials have full RDS rights. Play reports 
"ok", but RDS MySQL instance is still read-replica only. Any suggestions?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b8e43f11-6586-4646-99fb-4f8cdeae7388%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] RDS modify error

[jjeffers]

I'm running into a problem trying to use the RDS module to modify an 
existing RDS instance.


When running this command (attempting to modify the instance from 
db.t2.small to db.t2.medium):


ansible-playbook rds.yml -e "command=modify application=soa 
db_admin_user=** db_admin_user_pwd='**' env=dev instance_name=* 
instance_type=db.t2.medium iops=1000 read_only_replica=false size=200 
subnet=*** vpc_security_groups=***"


I get the following error:


TASK: [rds | rds ] 
 

failed: [localhost] => {"failed": true}

msg: Both storage size and iops need to be specified when modifying storage 
size or iops on an DB Instance that has iops



Here's what the play looks like for a modify:


---

- rds:

apply_immediately: "{{ apply_immediately }}"

command: "{{ command }}"

instance_name: "{{ instance_name }}"

size: "{{ size }}"

instance_type: "{{ instance_type }}"

iops: "{{ iops }}"

password: "{{ db_admin_user_pwd }}"

parameter_group: "{{ parameter_group }}"

multi_zone: "{{ multi_zone }}"

region: "{{ region }}"

vpc_security_groups: "{{ vpc_security_groups }}"

wait: "{{ wait }}"

wait_timeout: "{{ wait_timeout }}"



Not sure what to do here, since I am passing in both size and iops in with 
extra variables, and those values exist in the playbook.


Any assistance would be appreciated.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/bf8493f1-ef83-45cf-9580-5ac1d21ed9ef%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] rds module sets Postgres to listen on port 3306 if not specified

[Dan Vaida]

Hi James,

Sure. Here's the issue:
https://github.com/ansible/ansible-modules-core/issues/452

I'd also like to suggest a few parameters for the rds module:
- storage type (something like standard, gp2, io1)
- publicly accessible (yes/no)

I already have a few PRs scheduled for this weekend so not sure if I can
tackle this as well any time soon.

On 4 December 2014 at 21:47, James Cammarata  wrote:

> Hi Dan, could you please open an issue on GitHub in the
> ansible/ansible-modules-core for this?
>
> Thanks!
>
> On Thu, Dec 4, 2014 at 2:22 PM, Dan Vaida  wrote:
>
>> Ansible version is 1.9
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-project+unsubscr...@googlegroups.com.
>> To post to this group, send email to ansible-project@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/34ba8c22-ee59-42f6-a81d-344a9f5cc5e8%40googlegroups.com
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>  --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/LkJckOOjL7w/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAMFyvFjtCngaVrngdR9P-LJZj9mO-xQzU91_DczJHFWySE%2BodQ%40mail.gmail.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAGXE1HoQH3RR56XDu8%3Dw5eHLD90EXeRzt%2BhGH1_CbmhP4hHzQw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] rds module sets Postgres to listen on port 3306 if not specified

[James Cammarata]

Hi Dan, could you please open an issue on GitHub in the
ansible/ansible-modules-core for this?

Thanks!

On Thu, Dec 4, 2014 at 2:22 PM, Dan Vaida  wrote:

> Ansible version is 1.9
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/34ba8c22-ee59-42f6-a81d-344a9f5cc5e8%40googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAMFyvFjtCngaVrngdR9P-LJZj9mO-xQzU91_DczJHFWySE%2BodQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] rds module sets Postgres to listen on port 3306 if not specified

[Dan Vaida]

Ansible version is 1.9

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/34ba8c22-ee59-42f6-a81d-344a9f5cc5e8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.