Hi,
As others have before me, I find the syntax for nested loops somewhat
confusing :(
Consider my group_vars:
ec2_specs:
- { region: "us-east-1", ami: "ami-b66ed3de", count: 1, type: "t2.micro" }
- { region: "us-west-1", ami: "ami-b56e64f0", count: 2, type: "t2.micro" }
- { region: "sa-east-1", ami: "ami-9337828e", count: 1, type: "t2.micro" }
nginx_containers:
- { name: "NGINX_A", hostport: "443" }
- { name: "NGINX_B", hostport: "444" }
- { name: "NGINX_B", hostport: "445" }
I'm setting up a security group for these instances like so:
- name: Setup AWS EC2 Security group
ec2_group:
name: microserver_security_group
description: "Security group for microservices"
region: "{{ item.region }}"
rules:
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
- proto: tcp
* from_port: 443 to_port: 445* cidr_ip: 0.0.0.0/0
rules_egress:
- proto: all
cidr_ip: 0.0.0.0/0
with_items: ec2_specs
This works because the host ports are continuous 443-445. I need to retain
the flexibility of changing this to something like 443, 1443, 2443 ... etc.
One way to express this might be:
- name: Setup AWS EC2 Security group
ec2_group:
name: microserver_security_group
description: "Security group for microservices"
region: "{{ item.region }}"
rules:
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
- proto: tcp
* from_port: "{{ subitem.hostport }}" to_port: "{{
subitem.hostport }}"* cidr_ip: 0.0.0.0/0
*with_subitems: nginx_containers*
rules_egress:
- proto: all
cidr_ip: 0.0.0.0/0
with_items: ec2_specs
Something like: with_XYZ at arbitrary levels with XYZ representing each
item would be intuitive to me here. No doubt there are other ways of
expressing this as well - where the syntax makes visual sense. As of now
though, I don't know how to accomplish this short of hard-coding it in the
role tasks.
A second problem arising from the same problem (or my lack of syntactic
know-how) is the way I call ec2 and use its somewhat clunky output.
- name: Setup AWS EC2 Instances
ec2:
instance_type: "{{ item.type }}"
image: "{{ item.ami }}"
monitoring: no
wait: yes
group: microserver_security_group
key_name: microserver_keypair
instance_tags:
nvtype: microserver
Name: "MicroServer"
count: "{{ item.count }}"
region: "{{ item.region }}"
with_items: ec2_specs
register: ec2
The only way I've found of using the output of the above is the following
sanity test example:
- name: Test microsites 443
shell: chdir={{ tempdir.stdout }} /usr/bin/curl -v -s -k --key test.key
--cert test.crt https://{{ *item.1.public_ip* }}:443
* with_subelements: - ec2.results - instances*
register: curl_out
Since the curl_test itself runs from localhost, I can't use the dynamic
inventory within the site.yml file against the test role. I now have to
hard-code N tests here - one for each host-port in the nginx_containers
variable. I'd much rather express this as a single task with a nested loop
- but I haven't been able to figure out how to.
Is this possible?
Many thanks,
Ananda
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/e65eb844-9a81-4e74-b076-6c6669e81264%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
