Many thanks for this tip.
It's clever
On Wednesday, June 11, 2014 at 10:32:23 PM UTC+7, andreub wrote:
>
> Hi Jaime,
>
> I had the exact same problem. ec2_group modules recreates the rules every
> time you use the it, so if you're running it in a loop, it will create the
> group the rule for the last item only.
>
> A workaround that I implemented is to generate a var.yml with a var
> defined with the rules out of a template, and then source it dynamically:
>
> ---
> - name: Create rules
> sudo: False
> local_action:
> module: template src=sg_rules.j2
> dest=./roles/postgres-server/vars/rules.yml
>
> - name: Load vars
> sudo: False
> include_vars: rules.yml
>
> - name: Open ports for DB clients
> sudo: False
> local_action:
> module: ec2_group
> aws_access_key: "{{ ofertia_s3_access_key }}"
> aws_secret_key: "{{ ofertia_s3_secret_key }}"
> name: "{{ aws_sg }}"
> description: "{{ aws_sg }} group"
> region: "{{ aws_region }}"
> rules: "{{ security_rules }}"
>
> Where my j2 template is something like:
> ---
> security_rules:
> {% for trusted_host in trusted_hosts %}
> -
> proto: tcp
> from_port: 22
> to_port: 22
> cidr_ip: {{ trusted_host.ip }}/32
> -
> proto: icmp
> from_port: -1
> to_port: -1
> cidr_ip: {{ trusted_host.ip }}/32
> {% endfor %}
>
>
> Andreub
>
> El lunes, 9 de junio de 2014 22:50:33 UTC+2, Jaime Gago escribió:
>>
>> Hey there,
>> I'm trying to write a playbook that gets the latest Pingdom probe servers
>> IPs and add updates an EC2 Security groups rules with those IPs, but I'm
>> failing are iterating the IPs in the rule and only the latest IPs is added
>> (I'm replacing instead of appending). I opened an ticket on github (1) but
>> because I hadn't detailed out the whole use case it got closed without
>> really answering the issue; so I thought I'd post here see what others are
>> thinking.
>> I'm not sure whether I'm trying to hard to fit this into a playbook as I
>> have this working via a script, now of course I could call the script
>> itself but that IMHO would defeat the purpose of using Ansible in the first
>> place.
>> I understand why the playbook fails to append the rules but I haven't
>> been able to figure out a way around other than modifying the ec2_group
>> module itself.
>>
>> J.
>> (1) https://github.com/ansible/ansible/issues/7584
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/94f289c7-8986-4b23-8db8-84aeb7961951%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
