Few things come to mind when looking at your code 1. Why are you using iptables? Security groups would take away a lot of problems especially the dynamics that you seem to working around with iptables.
2. If you need to restrict access between ec2 instances, why do you use public interfaces for communication? If you let us know what high level goal you are trying to achieve with your playbook? There might be better/easier ways to achieve it. Dick On Mon, 20 Mar 2017 at 16:02, <[email protected]> wrote: > I need to save two 2 IPs to a variable in a vars_file when launching > ec2_instances, which are used later during deployment. > > > This is how I am saving a single server ip: > > > - name: Save server public IP to vars file > lineinfile: line="server_public_ip{{':'}} {{ item.public_ip }}" > dest="{{ansible_env.HOME}}/dynamic_ips_{{ec2_environment}}" > with_items: server.instances #server is registered in previous task > > > The output I have in dynamic_ips file is *server_public_ip: xxx.xxx.xx.x* > > > Now I have 2 servers launched and registered as servers. > > > I need to save this as *server_public_ips: xxx.xx.x.xx , xxx.x.xx.x* > > > I tried to declare an empty string and append ips to it, something like > this, but I am getting errors. > > > set_fact: > ips: "" > set_fact: > ips: " {{ ips }} + {{ item.public_ip}} " > with_items: servers.instances #servers is registered in previous task > lineinfile: line="server_public_ips{{':'}} {{ ips }}" > dest="{{ansible_env.HOME}}/dynamic_ips_{{ec2_environment}}" > > > I think it can be done using lineinfile insertafter and regex. > > > Finally, I need this to do this in a different server, > > > - name: Restrict access to outside world > command: iptables INPUT {{ item }} ACCEPT > with_items: {{ server_public_ips }}.split(,) #grant access for each ip > command: iptables INPUT DROP > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/409799bb-9288-4c2d-b484-801dad1f4c0c%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/409799bb-9288-4c2d-b484-801dad1f4c0c%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- Sent from a mobile device - please excuse the brevity, spelling and punctuation. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAL8fbwOwWnJwZmAuSaiWnBNRiFgLDcMiHbC_afUQQxzFOijg1A%40mail.gmail.com.
