[ansible-project] Re: ec2_vpc_route_table and gateways vs peering

[Barry Kaplan]

My assumption was incorrect. The module does not make any special 
considerations for gateways.

Which leaves the problem of retaining certain routes without having to use 
purge=false. I don't want to use purge=false because that leaves us to 
manually clean up the routes. And we need to add routes after the table was 
created for things like vpc peering. But don't want the peering routes to 
get purged if when ec2_vpc_route_table is run again. A bit of circular mess.

What I am doing now is something like this:

    - name: get existing public routes
      ec2_vpc_route_table_facts:
        filters:
          "tag:Name": "{{ ec2_vpc_name }}-public"
      register: __public_route_table_routes
    - assert:
        that: (__public_route_table_routes.route_tables | length) <= 1


    - name: create public route table

      vars:
        subnets: "{{ __public_subnets.results | map(attribute='subnet.id') 
| list }}"
        public_routes: "{{ __public_route_table_routes.route_tables[0] | 
default({'routes':[]}) }}"
        igw_routes:
          - dest: 0.0.0.0/0
            gateway_id: "{{ __igw.gateway_id }}"
        peering_routes: "{{ public_routes.routes | peering_routes_spec() | 
list }}"
        routes: "{{ igw_routes | union(peering_routes) }}"
      ec2_vpc_route_table:
        vpc_id: "{{ __vpc.vpc.id }}"
        region: "{{ ec2_region }}"
        tags:
          Name: "{{ ec2_vpc_name }}-public"
          cost: "{{ env | cost_tag }}"
          env: "{{ env }}"
          managed_by: ansible
          route_table_type: public
        subnets: "{{ subnets }}"
        routes: "{{ routes }}"
      register: __public_route_table


Where peering_routes_spec() is

def peering_routes_spec(items):
    results = []
    for item in items:
        vpc_peering_connection_id = item['vpc_peering_connection_id']
        if vpc_peering_connection_id != None and vpc_peering_connection_id.
startswith('pcx-'):
            results.append({"dest":item['destination_cidr_block'], 
"vpc_peering_connection_id": vpc_peering_connection_id})
    return results


What would be really nice is if the module support some type of excludes 
for the purging. 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/cce916ab-a993-4d06-b22f-732b24e94845%40googlegroups.com.