diff --git a/cloud/elasticache b/cloud/elasticache new file mode 100644 index 00000000000..63c01c3cb55 --- /dev/null +++ b/cloud/elasticache @@ -0,0 +1,555 @@ +#!/usr/bin/python +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + +DOCUMENTATION = """ +--- +module: elasticache +short_description: Manage cache clusters in Amazon Elasticache. + - Returns information about the specified cache cluster. +version_added: "1.4" +requirements: [ "boto" ] +author: Jim Dalton +options: + state: + description: + - C(absent) or C(present) are idempotent actions that will create or destroy a cache cluster as needed. C(rebooted) will reboot the cluster, resulting in a momentary outage. + choices: ['present', 'absent', 'rebooted'] + required: true + name: + description: + - The cache cluster identifier + required: true + engine: + description: + - Name of the cache engine to be used (memcached or redis) + required: false + default: memcached + cache_engine_version: + description: + - The version number of the cache engine + required: false + default: 1.4.14 + node_type: + description: + - The compute and memory capacity of the nodes in the cache cluster + required: false + default: cache.m1.small + num_nodes: + description: + - The initial number of cache nodes that the cache cluster will have + required: false + cache_port: + description: + - The port number on which each of the cache nodes will accept connections + required: false + default: 11211 + cache_security_groups: + description: + - A list of cache security group names to associate with this cache cluster + required: false + default: ['default'] + zone: + description: + - The EC2 Availability Zone in which the cache cluster will be created + required: false + default: None + wait: + description: + - Wait for cache cluster result before returning + required: false + default: yes + choices: [ "yes", "no" ] + hard_modify: + description: + - Whether to destroy and recreate an existing cache cluster if necessary in order to modify its state + required: false + default: no + choices: [ "yes", "no" ] + aws_secret_key: + description: + - AWS secret key. If not set then the value of the AWS_SECRET_KEY environment variable is used. + required: false + default: None + aliases: ['ec2_secret_key', 'secret_key'] + aws_access_key: + description: + - AWS access key. If not set then the value of the AWS_ACCESS_KEY environment variable is used. + required: false + default: None + aliases: ['ec2_access_key', 'access_key'] + region: + description: + - The AWS region to use. If not specified then the value of the EC2_REGION environment variable, if any, is used. + required: false + aliases: ['aws_region', 'ec2_region'] + +""" + +EXAMPLES = """ +# Note: None of these examples set aws_access_key, aws_secret_key, or region. +# It is assumed that their matching environment variables are set. + +# Basic example +- local_action: + module: elasticache + name: "test-please-delete" + state: present + engine: memcached + cache_engine_version: 1.4.14 + node_type: cache.m1.small + num_nodes: 1 + cache_port: 11211 + cache_security_groups: + - default + zone: us-east-1d + + +# Ensure cache cluster is gone +- local_action: + module: elasticache + name: "test-please-delete" + state: absent + +# Reboot cache cluster +- local_action: + module: elasticache + name: "test-please-delete" + state: rebooted + +""" + +import sys +import os +import time + +AWS_REGIONS = ['ap-northeast-1', + 'ap-southeast-1', + 'ap-southeast-2', + 'eu-west-1', + 'sa-east-1', + 'us-east-1', + 'us-west-1', + 'us-west-2'] + +try: + import boto + from boto.elasticache.layer1 import ElastiCacheConnection + from boto.regioninfo import RegionInfo +except ImportError: + print "failed=True msg='boto required for this module'" + sys.exit(1) + + +class ElastiCacheManager(object): + """Handles elasticache creation and destruction""" + + EXIST_STATUSES = ['available', 'creating', 'rebooting', 'modifying'] + + def __init__(self, module, name, engine, cache_engine_version, node_type, + num_nodes, cache_port, cache_security_groups, zone, wait, + hard_modify, aws_access_key, aws_secret_key, region): + self.module = module + self.name = name + self.engine = engine + self.cache_engine_version = cache_engine_version + self.node_type = node_type + self.num_nodes = num_nodes + self.cache_port = cache_port + self.cache_security_groups = cache_security_groups + self.zone = zone + self.wait = wait + self.hard_modify = hard_modify + + self.aws_access_key = aws_access_key + self.aws_secret_key = aws_secret_key + self.region = region + + self.changed = False + self.data = None + self.status = 'gone' + self.conn = self._get_elasticache_connection() + self._refresh_data() + + def ensure_present(self): + """Ensure cache cluster exists or create it if not""" + if self.exists(): + self.sync() + else: + self.create() + + def ensure_absent(self): + """Ensure cache cluster is gone or delete it if not""" + self.delete() + + def ensure_rebooted(self): + """Ensure cache cluster is gone or delete it if not""" + self.reboot() + + def exists(self): + """Check if cache cluster exists""" + return self.status in self.EXIST_STATUSES + + def create(self): + """Create an ElastiCache cluster""" + if self.status == 'available': + return + if self.status in ['creating', 'rebooting', 'modifying']: + if self.wait: + self._wait_for_status('available') + return + if self.status == 'deleting': + if self.wait: + self._wait_for_status('gone') + else: + msg = "'%s' is currently deleting. Cannot create." + self.module.fail_json(msg=msg % self.name) + + try: + response = self.conn.create_cache_cluster(cache_cluster_id=self.name, + num_cache_nodes=self.num_nodes, + cache_node_type=self.node_type, + engine=self.engine, + engine_version=self.cache_engine_version, + cache_security_group_names=self.cache_security_groups, + preferred_availability_zone=self.zone, + port=self.cache_port) + except boto.exception.BotoServerError, e: + self.module.fail_json(msg=e.message) + cache_cluster_data = response['CreateCacheClusterResponse']['CreateCacheClusterResult']['CacheCluster'] + self._refresh_data(cache_cluster_data) + + self.changed = True + if self.wait: + self._wait_for_status('available') + return True + + def delete(self): + """Destroy an ElastiCache cluster""" + if self.status == 'gone': + return + if self.status == 'deleting': + if self.wait: + self._wait_for_status('gone') + return + if self.status in ['creating', 'rebooting', 'modifying']: + if self.wait: + self._wait_for_status('available') + else: + msg = "'%s' is currently %s. Cannot delete." + self.module.fail_json(msg=msg % (self.name, self.status)) + + try: + response = self.conn.delete_cache_cluster(cache_cluster_id=self.name) + except boto.exception.BotoServerError, e: + self.module.fail_json(msg=e.message) + cache_cluster_data = response['DeleteCacheClusterResponse']['DeleteCacheClusterResult']['CacheCluster'] + self._refresh_data(cache_cluster_data) + + self.changed = True + if self.wait: + self._wait_for_status('gone') + + def sync(self): + """Sync settings to cluster if required""" + if not self.exists(): + msg = "'%s' is %s. Cannot sync." + self.module.fail_json(msg=msg % (self.name, self.status)) + + if self.status in ['creating', 'rebooting', 'modifying']: + if self.wait: + self._wait_for_status('available') + else: + # Cluster can only be synced if available. If we can't wait + # for this, then just be done. + return + + if self._requires_destroy_and_create(): + if not self.hard_modify: + msg = "'%s' requires destructive modification. 'hard_modify' must be set to true to proceed." + self.module.fail_json(msg=msg % self.name) + if not self.wait: + msg = "'%s' requires destructive modification. 'wait' must be set to true." + self.module.fail_json(msg=msg % self.name) + self.delete() + self.create() + return + + if self._requires_modification(): + self.modify() + + def modify(self): + """Modify the cache cluster. Note it's only possible to modify a few select options.""" + nodes_to_remove = self._get_nodes_to_remove() + try: + response = self.conn.modify_cache_cluster(cache_cluster_id=self.name, + num_cache_nodes=self.num_nodes, + cache_node_ids_to_remove=nodes_to_remove, + cache_security_group_names=self.cache_security_groups, + apply_immediately=True, + engine_version=self.cache_engine_version) + except boto.exception.BotoServerError, e: + self.module.fail_json(msg=e.message) + + cache_cluster_data = response['ModifyCacheClusterResponse']['ModifyCacheClusterResult']['CacheCluster'] + self._refresh_data(cache_cluster_data) + + self.changed = True + if self.wait: + self._wait_for_status('available') + + def reboot(self): + """Reboot the cache cluster""" + if not self.exists(): + msg = "'%s' is %s. Cannot reboot." + self.module.fail_json(msg=msg % (self.name, self.status)) + if self.status == 'rebooting': + return + if self.status in ['creating', 'modifying']: + if self.wait: + self._wait_for_status('available') + else: + msg = "'%s' is currently %s. Cannot reboot." + self.module.fail_json(msg=msg % (self.name, self.status)) + + # Collect ALL nodes for reboot + cache_node_ids = [cn['CacheNodeId'] for cn in self.data['CacheNodes']] + try: + response = self.conn.reboot_cache_cluster(cache_cluster_id=self.name, + cache_node_ids_to_reboot=cache_node_ids) + except boto.exception.BotoServerError, e: + self.module.fail_json(msg=e.message) + + cache_cluster_data = response['RebootCacheClusterResponse']['RebootCacheClusterResult']['CacheCluster'] + self._refresh_data(cache_cluster_data) + + self.changed = True + if self.wait: + self._wait_for_status('available') + + def get_info(self): + """Return basic info about the cache cluster""" + info = { + 'name': self.name, + 'status': self.status + } + if self.data: + info['data'] = self.data + return info + + + def _wait_for_status(self, awaited_status): + """Wait for status to change from present status to awaited_status""" + status_map = { + 'creating': 'available', + 'rebooting': 'available', + 'modifying': 'available', + 'deleting': 'gone' + } + + if status_map[self.status] != awaited_status: + msg = "Invalid awaited status. '%s' cannot transition to '%s'" + self.module.fail_json(msg=msg % (self.status, awaited_status)) + + if awaited_status not in set(status_map.values()): + msg = "'%s' is not a valid awaited status." + self.module.fail_json(msg=msg % awaited_status) + + while True: + time.sleep(1) + self._refresh_data() + if self.status == awaited_status: + break + + def _requires_modification(self): + """Check if cluster requires (nondestructive) modification""" + # Check modifiable data attributes + modifiable_data = { + 'NumCacheNodes': self.num_nodes, + 'EngineVersion': self.cache_engine_version + } + for key, value in modifiable_data.iteritems(): + if self.data[key] != value: + return True + + # Check security groups + cache_security_groups = [] + for sg in self.data['CacheSecurityGroups']: + cache_security_groups.append(sg['CacheSecurityGroupName']) + if set(cache_security_groups) - set(self.cache_security_groups): + return True + return False + + def _requires_destroy_and_create(self): + """ + Check whether a destroy and create is required to synchronize cluster. + """ + unmodifiable_data = { + 'node_type': self.data['CacheNodeType'], + 'engine': self.data['Engine'], + 'cache_port': self._get_port() + } + # Only check for modifications if zone is specified + if self.zone is not None: + unmodifiable_data['zone'] = self.data['PreferredAvailabilityZone'] + for key, value in unmodifiable_data.iteritems(): + if getattr(self, key) != value: + return True + return False + + def _get_elasticache_connection(self): + """Get an elasticache connection""" + try: + endpoint = "elasticache.%s.amazonaws.com" % self.region + connect_region = RegionInfo(name=self.region, endpoint=endpoint) + return ElastiCacheConnection(aws_access_key_id=self.aws_access_key, + aws_secret_access_key=self.aws_secret_key, + region=connect_region) + except boto.exception.NoAuthHandlerFound, e: + self.module.fail_json(msg=e.message) + + def _get_port(self): + """Get the port. Where this information is retrieved from is engine dependent.""" + if self.data['Engine'] == 'memcached': + return self.data['ConfigurationEndpoint']['Port'] + elif self.data['Engine'] == 'redis': + # Redis only supports a single node (presently) so just use + # the first and only + return self.data['CacheNodes'][0]['Endpoint']['Port'] + + def _refresh_data(self, cache_cluster_data=None): + """Refresh data about this cache cluster""" + if cache_cluster_data is None: + try: + response = self.conn.describe_cache_clusters(cache_cluster_id=self.name, + show_cache_node_info=True) + except boto.exception.BotoServerError: + self.data = None + self.status = 'gone' + return + cache_cluster_data = response['DescribeCacheClustersResponse']['DescribeCacheClustersResult']['CacheClusters'][0] + self.data = cache_cluster_data + self.status = self.data['CacheClusterStatus'] + + # The documentation for elasticache lies -- status on rebooting is set + # to 'rebooting cache cluster nodes' instead of 'rebooting'. Fix it + # here to make status checks etc. more sane. + if self.status == 'rebooting cache cluster nodes': + self.status = 'rebooting' + + def _get_nodes_to_remove(self): + """If there are nodes to remove, it figures out which need to be removed""" + num_nodes_to_remove = self.data['NumCacheNodes'] - self.num_nodes + if num_nodes_to_remove <= 0: + return None + + if not self.hard_modify: + msg = "'%s' requires removal of cache nodes. 'hard_modify' must be set to true to proceed." + self.module.fail_json(msg=msg % self.name) + + cache_node_ids = [cn['CacheNodeId'] for cn in self.data['CacheNodes']] + return cache_node_ids[-num_nodes_to_remove:] + + + +def main(): + module = AnsibleModule( + argument_spec=dict( + state={'required': True, 'choices': ['present', 'absent', 'rebooted']}, + name={'required': True}, + engine={'required': False, 'default': 'memcached'}, + cache_engine_version={'required': False, 'default': '1.4.14'}, + node_type={'required': False, 'default': 'cache.m1.small'}, + num_nodes={'required': False, 'default': None, 'type': 'int'}, + cache_port={'required': False, 'default': 11211, 'type': 'int'}, + cache_security_groups={'required': False, 'default': ['default'], + 'type': 'list'}, + zone={'required': False, 'default': None}, + aws_secret_key={'default': None, + 'aliases': ['ec2_secret_key', 'secret_key'], + 'no_log': True}, + aws_access_key={'default': None, + 'aliases': ['ec2_access_key', 'access_key']}, + region={'default': None, 'required': False, + 'aliases': ['aws_region', 'ec2_region'], + 'choices': AWS_REGIONS}, + wait={'required': False, 'choices': BOOLEANS, 'default': True}, + hard_modify={'required': False, 'choices': BOOLEANS, 'default': False} + ) + ) + + aws_secret_key = module.params['aws_secret_key'] + aws_access_key = module.params['aws_access_key'] + region = module.params['region'] + + name = module.params['name'] + state = module.params['state'] + engine = module.params['engine'] + cache_engine_version = module.params['cache_engine_version'] + node_type = module.params['node_type'] + num_nodes = module.params['num_nodes'] + cache_port = module.params['cache_port'] + cache_security_groups = module.params['cache_security_groups'] + zone = module.params['zone'] + wait = module.params['wait'] + hard_modify = module.params['hard_modify'] + + if state == 'present' and not num_nodes: + module.fail_json(msg="'num_nodes' is a required parameter. Please specify num_nodes > 0") + + if not aws_secret_key: + if 'AWS_SECRET_KEY' in os.environ: + aws_secret_key = os.environ['AWS_SECRET_KEY'] + elif 'EC2_SECRET_KEY' in os.environ: + aws_secret_key = os.environ['EC2_SECRET_KEY'] + + if not aws_access_key: + if 'AWS_ACCESS_KEY' in os.environ: + aws_access_key = os.environ['AWS_ACCESS_KEY'] + elif 'EC2_ACCESS_KEY' in os.environ: + aws_access_key = os.environ['EC2_ACCESS_KEY'] + + if not region: + if 'AWS_REGION' in os.environ: + region = os.environ['AWS_REGION'] + elif 'EC2_REGION' in os.environ: + region = os.environ['EC2_REGION'] + + if not region: + module.fail_json(msg=str("Either region or EC2_REGION environment variable must be set.")) + + elasticache_manager = ElastiCacheManager(module, name, engine, + cache_engine_version, node_type, + num_nodes, cache_port, + cache_security_groups, zone, wait, + hard_modify, aws_access_key, + aws_secret_key, region) + + if state == 'present': + elasticache_manager.ensure_present() + elif state == 'absent': + elasticache_manager.ensure_absent() + elif state == 'rebooted': + elasticache_manager.ensure_rebooted() + + facts_result = dict(changed=elasticache_manager.changed, + elasticache=elasticache_manager.get_info()) + + module.exit_json(**facts_result) + +# this is magic, see lib/ansible/module_common.py +#<> + +main()