ec2_vpc_route_table and gateways vs peering

14 views
Skip to first unread message

Barry Kaplan

unread,
Aug 10, 2019, 2:20:30 PM8/10/19
to Ansible Project
It seems that ec2_vpc_route_table will not purge igw or nat gateways even if purge=true, which is very nice. But it DOES purge routes associated with peering. Shouldn't peering routes be treated in the same as gateways?

Barry Kaplan

unread,
Aug 10, 2019, 5:52:05 PM8/10/19
to Ansible Project
My assumption was incorrect. The module does not make any special considerations for gateways.

Which leaves the problem of retaining certain routes without having to use purge=false. I don't want to use purge=false because that leaves us to manually clean up the routes. And we need to add routes after the table was created for things like vpc peering. But don't want the peering routes to get purged if when ec2_vpc_route_table is run again. A bit of circular mess.

What I am doing now is something like this:

    - name: get existing public routes
      ec2_vpc_route_table_facts:
        filters:
          "tag:Name": "{{ ec2_vpc_name }}-public"
      register: __public_route_table_routes
    - assert:
        that: (__public_route_table_routes.route_tables | length) <= 1


    - name: create public route table

      vars:
        subnets: "{{ __public_subnets.results | map(attribute='subnet.id') | list }}"
        public_routes: "{{ __public_route_table_routes.route_tables[0] | default({'routes':[]}) }}"
        igw_routes:
          - dest: 0.0.0.0/0
            gateway_id: "{{ __igw.gateway_id }}"
        peering_routes: "{{ public_routes.routes | peering_routes_spec() | list }}"
        routes: "{{ igw_routes | union(peering_routes) }}"
      ec2_vpc_route_table:
        vpc_id: "{{ __vpc.vpc.id }}"
        region: "{{ ec2_region }}"
        tags:
          Name: "{{ ec2_vpc_name }}-public"
          cost: "{{ env | cost_tag }}"
          env: "{{ env }}"
          managed_by: ansible
          route_table_type: public
        subnets: "{{ subnets }}"
        routes: "{{ routes }}"
      register: __public_route_table


Where peering_routes_spec() is

def peering_routes_spec(items):
    results = []
    for item in items:
        vpc_peering_connection_id = item['vpc_peering_connection_id']
        if vpc_peering_connection_id != None and vpc_peering_connection_id.startswith('pcx-'):
            results.append({"dest":item['destination_cidr_block'], "vpc_peering_connection_id": vpc_peering_connection_id})
    return results


What would be really nice is if the module support some type of excludes for the purging. 

Barry Kaplan

unread,
Aug 10, 2019, 6:25:27 PM8/10/19
to Ansible Project
Something like this in `ensure_routes` where it collects the routes to purge

            if purge_routes_exclude_pcx and r.get('VpcPeeringConnectionId') and r['VpcPeeringConnectionId'].startswith('pcx-'):
                continue
            if purge_routes_exclude_igw and r.get('GatewayId') and r['GatewayId'].startswith('igw-'):
                continue
            if purge_routes_exclude_nat and r.get('GatewayId') and r['GatewayId'].startswith('nat-'):
                continue



Reply all
Reply to author
Forward
0 new messages