ec2_group task creates security group but not rules

15 views

Skip to first unread message

Dan Farrell

unread,

Oct 18, 2014, 12:12:02 PM10/18/14

to ansible...@googlegroups.com

Hi All, I'm just getting started trying to use ansible for provisioning and orchestration of cloud resources in AWS, so I'll apologize in advance for this noob question.

I've used ec2_group successfully before, but I can't figure out why this task isn't working. I can see it run the playlist is run, but the group is devoid of any egress or ingress rules. Can anybody spot what I'm doing wrong?

TASK: [Create Jenkins Security Group] *****************************************
skipping: [54.69.241.118]
skipping: [54.193.116.57]
changed: [54.164.169.157 -> 127.0.0.1]

TASK: [debug var=jenkins_sg] **************************************************
ok: [54.193.116.57] => {
"jenkins_sg": {
"changed": false,
"skipped": true
}
}
ok: [54.164.169.157] => {
"jenkins_sg": {
"changed": true,
"group_id": "sg-23494f46",
"invocation": {
"module_args": "",
"module_name": "ec2_group"
}
}
}
ok: [54.69.241.118] => {
"jenkins_sg": {
"changed": false,
"skipped": true
}
}

Here's how I have the task defined:

- name: Create Jenkins Security Group

local_action:

module: ec2_group

name: Jenkins SG

description: Jenkins Security Group

region: "{{preferred_region}}"

vpc_id: "{{vpc}}"

rules:

- proto: tcp

from_port: 22

to_port: 22

cidr: 0.0.0.0/0

- proto: tcp

from_port: 8080

to_port: 8080

cidr: 0.0.0.0/0

rules_egress:

- proto: all

from_port: 0

to_port: 65535

cidr: 0.0.0.0/0

when: ec2_region == preferred_region

And evidence that it has no rules set::

$ aws --profile=farrellit ec2 describe-security-groups --group-id sg-23494f46
{
"SecurityGroups": [
{
"IpPermissionsEgress": [],
"Description": "Jenkins Security Group",
"IpPermissions": [],
"GroupName": "Jenkins SG",
"VpcId": "vpc-f12baf94",
"OwnerId": "122377349983",
"GroupId": "sg-23494f46"
}
]
}