[ansible-project] (library/ec2) VPC Enhanced Support
465 views
Skip to first unread message
Samuel Sampaio
Mar 10, 2013, 10:11:58 PM3/10/13
to ansible...@googlegroups.com
Hi EveryOne!
I'm Samuel, AWS DevOps, new in this community.
Firstly i'd like to thank the helping of IRC.
I have some clients with AWS/EC2 infrastructure, generally with VPC Private Cloud,
ip addresses manageable and specific security groups.
When i used the ec2/boto pluggin, i realized that was create specific for "ec2 public clouds"
so i decided the improve this support.
The requirements are as follows:
1.) Create a machine, in the vpc private cloud;
2.) This machine needs have a specific IP delimited;
3.) Close the ports, with a specific security groups;
Following the examples, i create my own playbook.
---
# By: Samuel Sampaio <samu...@gmail.com>
# SMk Tecnologia: sam...@smktecnologia.com.br
- name: Manager of VPC instances (AWS-VPC-EC2)
hosts: 127.0.0.1
connection: local
user: root
gather_facts: false
tasks:
- name: Create a VPC instance (AWS-VPC-EC2)
local_action:
ec2
count=1
ec2_access_key=AJIYDSNKDYGISHIH
ec2_secret_key=jYF766HBbuyg8B8Y79967V7bh9776v877gg8
image=ami-7ecf5c17
key_name=samukasmk.pub
vpc_subnet_id=subnet-89j8qhf
instance_tags='{"Name":"My Test VPC Instance"}'
instance_type=t1.micro
group=MY-VPC-SPECIFIC-SECURITY-GROUP-24
###group_id=sg-ad878w9
wait=true
register: ec2
The first problem that i found:
msg: InvalidParameterCombination: The parameter groupName cannot be used with the parameter subnet
This is a Response of Boto Library.
Researching in the (boto library) for the resolution, i discovery that AWS API does not accepts, launch some
VPC instance, passing the security group NAME.
In the http://boto.readthedocs.org/en/latest/ref/ec2.html i got the resolution,
Pass the security group ID parameter (security_group_ids) instead the security group NAME parameter (security_groups).
CHANGE THIS:
try:
if group_id:
grp_details = ec2.get_all_security_groups(group_ids=group_id)
grp_item = grp_details[0]
group_name = grp_item.name
except boto.exception.NoAuthHandlerFound, e:
module.fail_json(msg = str(e))
try:
res = ec2.run_instances(image, key_name = key_name,
min_count = count,
max_count = count,
monitoring_enabled = monitoring,
security_groups = [group_name],
instance_type = instance_type,
kernel_id = kernel,
ramdisk_id = ramdisk,
subnet_id = vpc_subnet_id,
user_data = user_data)
FOR THAT:
try:
### [Samuka-SMk]: Lock for pass 2 different security groups definitions
if group_id and group_name:
print "ERROR: pass group_name or group_id"
### [Samuka-SMk]: Test Valid the security group ID, instead we got a exception
if group_id:
grp_details = ec2.get_all_security_groups(group_ids=group_id)
### [Samuka-SMk]: Get the security group ID, with the security group NAME
if group_name:
grp_details = ec2.get_all_security_groups()
for id in range(0, len(grp_details)):
if str(group_name) in str(grp_details[id]):
group_id = str(grp_details[id].id)
except boto.exception.NoAuthHandlerFound, e:
module.fail_json(msg = str(e))
try:
res = ec2.run_instances(image, key_name = key_name,
min_count = count,
max_count = count,
monitoring_enabled = monitoring,
security_group_ids = [group_id],
instance_type = instance_type,
kernel_id = kernel,
ramdisk_id = ramdisk,
subnet_id = vpc_subnet_id,
user_data = user_data)
This Resolved my first problem!!
But i still need to pass the (SPECIFIC VPC PRIVATE IP)
I Create the new Argument;
module = AnsibleModule(
argument_spec = dict(
...
vpc_private_ip_address = dict(aliases=['private_ip_address']),
...
)
)
vpc_private_ip_address = module.params.get('vpc_private_ip_address')
And i pass the new argument, for the boto library:
try:
res = ec2.run_instances(image, key_name = key_name,
min_count = count,
max_count = count,
monitoring_enabled = monitoring,
security_group_ids = [group_id],
instance_type = instance_type,
kernel_id = kernel,
ramdisk_id = ramdisk,
subnet_id = vpc_subnet_id,
private_ip_address = vpc_private_ip_address,
user_data = user_data)
The new Playbook for my new features:
---
# By: Samuel Sampaio <samu...@gmail.com>
# SMk Tecnologia: sam...@smktecnologia.com.br
- name: Manager of VPC instances (AWS-VPC-EC2)
hosts: 127.0.0.1
connection: local
user: root
gather_facts: false
tasks:
- name: Create a VPC instance (AWS-VPC-EC2)
local_action:
ec2
count=1
ec2_access_key=AJIYDSNKDYGISHIH
ec2_secret_key=jYF766HBbuyg8B8Y79967V7bh9776v877gg8
image=ami-7ecf5c17
key_name=samukasmk.pub
instance_tags='{"Name":"My VPC Instance Test 01"}'
instance_type=t1.micro
group=MY-VPC-SPECIFIC-SECURITY-GROUP-24
###group_id=sg-ad878w9
wait=true
vpc_subnet_id=subnet-89j8qhf
vpc_private_ip_address="10.0.4.88"
register: ec2
Testing My New Features:
SamukaSMk@stryck3r:~/Projects/smk-ansible/playbooks$ ansible-playbook ec2-playbooks/launch-instance-ec2.yml
TASK: [Create a VPC instance (AWS-VPC-EC2)] *********************
changed: [127.0.0.1]
That's All Folks Guys!
I hope have helped the community!
Please change the project, even if possible improve my implementations.
follow my attached file (ec2-enhanced-vpc-features.py)
Graciously,
Samuel Sampaio
 |
Samuel Maciel Sampaio Consultor de Infraestrutura Amazon Linux
|
Michael DeHaan
Mar 10, 2013, 10:19:42 PM3/10/13
to ansible...@googlegroups.com
Can you please submit this as a github pull request?
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Samuel Sampaio
Mar 11, 2013, 1:24:05 PM3/11/13
to ansible...@googlegroups.com
i iordanov
Mar 1, 2014, 12:51:21 AM3/1/14
to ansible...@googlegroups.com
Hey Samuel, Michael,
Activity on this discussion seems to have stalled a bit, but I'd sure like to hear what the progress on this and related functionality is.
I need to spin up instances in a VPC security goup in a private subnet. Samuel, your contribution looks like precisely what I need, right? Does this functionality exist in any shape or form outside Samuel's work? If not, Samuel, do you have any time to create a new pull request or rebase your pull request so it matches the current devel branch?
Thanks very much for your help in advance!
Sincerely,
iordan
Activity on this discussion seems to have stalled a bit, but I'd sure like to hear what the progress on this and related functionality is.
I need to spin up instances in a VPC security goup in a private subnet. Samuel, your contribution looks like precisely what I need, right? Does this functionality exist in any shape or form outside Samuel's work? If not, Samuel, do you have any time to create a new pull request or rebase your pull request so it matches the current devel branch?
Thanks very much for your help in advance!
Sincerely,
iordan
i iordanov
Mar 1, 2014, 1:08:50 PM3/1/14
to ansible...@googlegroups.com
It seems I was able to satisfy my requirements using the devel branch by specifying:
group_id
and:
vpc_subnet_id
Thanks!
iordan
group_id
and:
vpc_subnet_id
Thanks!
iordan
Reply all
Reply to author
Forward
0 new messages