Hello all,
I have managed to sort out this issue. I had an old version of
Python-Jinja2 in my virtual environment. Once upgraded it resolved.
Thanks
On Wednesday, October 24, 2018 at 10:08:49 AM UTC+1, Kishore Ponniah wrote:
>
> Hello all,
>
> This is the continuation of my other Post creating direct connect gateway.
> This is the same but using assume roles and cross-account deployment. I
> have added loops but there are 2 sections which are not working (debug role
> arns & assume cross account roles). Can some one help?
>
> Error:
> TASK [debug role arns]
> ************************************************************************************************************************************************************************************************************
> task path:
> /home/ec2-user/environment/aws-rxgt-mgmt-platform/ansible/rxgt-ps-rxgtmgmt-playbook.yaml:29
> fatal: [infrastructure]: FAILED! => {
> "msg": "template error while templating string: no filter named 'map'.
> String: {{ rxgt_identity_account['deploy_accounts']|map('extract',
> rxgt_identity_account['account_config'])|list }}"
> }
>
> =======================================================
> Main playbook:
>
> ---
> # This playbook builds Network infrastructure in all configured accounts
> - name: Install/Update RXGT Mgmt account CF templates
> hosts: infrastructure
> tasks:
>
> - name: Install/Update RXGT PS cross account CF templates
> hosts: infrastructure
> tasks:
> - name: get sts session token
> sts_session_token:
> duration_seconds: "{{ sts_session_duration | default(3600) }}"
> mfa_serial_nunber: "{{ sts_mfa_serial_number | default(omit) }}"
> mfa_token: "{{ sts_mfa_token | default(omit) }}"
> register: sts_session_token
> when: with_sts
> tags:
> rxgt-ps-mgmt-stack-deploy
>
> - name: retrieve sts credentials
> set_fact:
> sts_access_key: "{{ sts_session_token.sts_creds.access_key }}"
> sts_secret_key: "{{ sts_session_token.sts_creds.secret_key }}"
> sts_session_token: "{{ sts_session_token.sts_creds.session_token
> }}"
> when: with_sts
> tags:
> rxgt-ps-mgmt-stack-deploy
>
> - name: debug role arns
> debug:
> msg: "Assuming role: {{ account_config.sts_role_arn }}"
> verbosity: 1
> loop: "{{ rxgt_identity_account['deploy_accounts']|map('extract',
> rxgt_identity_account['account_config'])|list }}"
> loop_control:
> loop_var: account_config
> label: "{{ account_config.sts_role_arn }}"
> tags:
> rxgt-ps-mgmt-stack-deploy
>
> - name: assume cross account roles
> sts_assume_role:
> role_arn: "{{ account_config.sts_role_arn }}"
> role_session_name: "ansibledeploy"
> duration_seconds: "{{ sts_session_duration | default(3600) }}"
> aws_access_key: "{{ sts_access_key | default(omit) }}"
> aws_secret_key: "{{ sts_secret_key | default(omit) }}"
> security_token: "{{ sts_session_token | default(omit) }}"
> mfa_serial_nunber: "{{ sts_mfa_serial_number | default(omit) }}"
> mfa_token: "{{ sts_mfa_token | default(omit) }}"
> loop: "{{ rxgt_identity_account['deploy_accounts']|map('extract',
> rxgt_identity_account['account_config'])|list }}"
> loop_control:
> loop_var: account_config
> label: "{{ account_config.sts_role_arn }}"
> register: assumed_roles_with_account_config
> tags:
> rxgt-ps-mgmt-stack-deploy
>
> - name: create rxgt-ps-mgmt-direct-connect-gateway stack
> aws_direct_connect_gateway:
> state: present
> region: "{{ account_config.1 }}"
> aws_access_key: "{{ account_config.0.sts_creds.access_key }}"
> aws_secret_key: "{{ account_config.0.sts_creds.secret_key }}"
> security_token: "{{ account_config.0.sts_creds.session_token }}"
> name: "{{
> rxgt_identity_account.account_config.rxgtmgmt.stacks['rxgt-ps-mgmt-direct-connect-gateway'].
> params.name }}"
> amazon_asn: "{{
> rxgt_identity_account.account_config.rxgtmgmt.stacks['rxgt-ps-mgmt-direct-connect-gateway'].params.amazon_asn
>
> }}"
> loop: "{{
> assumed_roles_with_account_config.results|subelements('account_config.regions',
>
> skip_missing=True) }}"
> loop_control:
> loop_var: account_config
> label: "{{ account_config.0.account_config.account_alias }}:{{
> account_config.1 }}"
> register: created_aws_direct_connect_gateway
> tags:
> rxgt-ps-mgmt-stack-deploy
>
>
> - name: debug stack outputs
> vars:
> msg: "{{ account_config | to_nice_yaml }}"
> debug:
> msg: "{{ msg.split('\n') }}"
> verbosity: 0
> loop: "{{
> assumed_roles_with_account_config.results|subelements('account_config.regions',
>
> skip_missing=True) }}"
> loop_control:
> loop_var: account_config
> label: "{{ account_config.0.account_config.account_alias }}:{{
> account_config.1 }}"
> tags:
> - 'never'
> - 'debug'
> - rxgt-ps-mgmt-stack-deploy
>
> =======================================================
> account_config.yaml
>
> ---
> ansible_python_interpreter: "{{ lookup('env', 'VIRTUAL_ENV') }}/bin/python"
> rxgt_identity_account:
> deploy_accounts:
> - XXXXXX
>
> account_config:
> XXXXXX:
> id: XXXXXXXX
> account_alias: XXXXXX
> sts_role_arn:
> arn:aws:iam::XXXXXXXXXXXX:role/xxxx/xx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> pass_role_arn: ""
> regions:
> - eu-west-1
> stacks:
> rxgt-ps-mgmt-direct-connect-gateway:
> params:
> name: rxgtmgmt-dxgw
> amazon_asn: 65000
> override_tags:
> rx:billing:service-name: identity
> rx:billing:environment-name: xxxxxx
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/5eaae63b-1008-457d-93ae-61dda99da7c8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
