Just after posting here I found this post <https://groups.google.com/d/msg/ansible-project/z93RhgUuglg/O8-vr8izhKYJ> in the group. It does what I want. All I need to do is make sure I add group_desc with group_name everywhere. And then I can just do a single play, with rules in the calls to ec2_group.
:D #happy On Sunday, 17 May 2015 00:35:01 UTC+5:30, Sankalp Khare wrote: > > I've faced this, with an elasticsearch sg being one of my requirements (in > my setup I'd have to make a directed acylic graph of the security groups in > order to have them all created in a single run). > > Resorted to a playbook with two plays, one that creates my security groups > (no rules), tagged create, and another that populates them, tagged > configure (or whatever you like). > > --- > - name: create security groups > tags: > - create > # some tasks that create my set of security groups > > - name: populate security groups > tags: > - configure > # tasks that add rules. so that when I refer to a sg, it's there. > > > > If I've just made changes in the group config, I use --skip-tag=create. > For fresh infrastructure, I go with the whole playbook. > > But this method has its caveats. If I want to add a completely new > security group, i need to add it using ansible ad-hoc (without rules) and > then run the skip-tags variant. If I go with adding the create task in > the play, and running the entire playbook, the sgs that existed from before > get wiped clean of rules by play #1 for a brief period. That is not > acceptable. > > I'd like to be able to somehow detect if a sg already exists, and if so, > just update its rules. If not, initialize it and add the rules listed. *with > support for references to the security group itself, in its rules*. > > :/ > > On Saturday, 21 December 2013 12:19:32 UTC+5:30, Alexey Verkhovsky wrote: >> >> I need to define an EC2 security group that opens a port to other nodes >> of the same group. The use case is Elastic Search cluster autodiscovery. >> Which looks legitimate enough to me :) >> >> As far as I can tell, there is no way to do it with the current >> implementation of ec2_group module. I could pretty easily write a one-liner >> patch for that module so that group_id: self (or some other magic word) >> makes it so. Is that a good way to do this? >> >> --Alex >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/d0ec1758-d195-40ee-8164-3566557b4081%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
