Commit Graph

743 Commits (0156cb942e608df6f53760d33a9b3dfe56b409d3)

Author SHA1 Message Date
Ryan Brown f1c2739163 Handle termination_protection parameter when restarting instances (#5076)
* Restart EC2 instances with multiple network interfaces

A previous bug, #3234, caused instances with multiple ENI's to fail when being
started or stopped because sourceDestCheck is a per-interface attribute, but we
use the boto global access to it (which only works when there's a single ENI).

This patch handles a variant of that bug that only surfaced when restarting an
instance, and catches the same type of exception.

* Default termination_protection to None instead of False

AWS defaults the value of termination_protection to False, so we don't
need to explicitly send `False` when the user hasn't specified a
termination protection level. Before this patch, the below pair of tasks
would:

1. Create an instance (enabling termination_protection)
2. Restart that instance (disabling termination_protection)

Now, the default None value would prevent the restart task from
disabling termination_protection.

```
- name: make an EC2 instance
  ec2:
    vpc_subnet_id: {{ subnet  }}
    instance_type: t2.micro
    termination_protection: yes
    exact_count: 1
    count_tag:
       Name: TestInstance
    instance_tags:
       Name: TestInstance
    group_id: {{ group }}
    image: ami-7172b611
    wait: yes
- name: restart a protected EC2 instance
  ec2:
    vpc_subnet_id: {{ subnet  }}
    state: restarted
    instance_tags:
       Name: TestInstance
    group_id: {{ group }}
    image: ami-7172b611
    wait: yes
```
8 years ago
Pradeep 4cb27d914f Typo Fix 8 years ago
Ryan Brown 75507e7569 Check status of finished spot instance requests (#4990)
Per #3877, the code to wait for spot instance requests to finish would
hang for the full wait time if any spot request failed for any reason.
This commit introduces status checks for spot requests, so if the
request fails, finishes, or is cancelled the task will fail/succeed
accordingly.

One edge case introduced here is tha if a user terminates the instance
associated with the request manually it won't fail the play, under the
presumption that the user *wants* the instance terminated.
8 years ago
Denis Tiago b2c6d39bec fix health instances count when we have more than one lb in asg 8 years ago
Ryan S. Brown 0f505378c3 Accept JSON type as the content of policy_json parameter on `iam_policy` module 8 years ago
René Moser 19be0da3b0 iam_cert: remove choice list for dup_ok type bool (#4940)
See 8879931f0c
8 years ago
Ryan S. Brown a435dbbb2d Fix version_added for ec2_asg feature 8 years ago
Shawn Siefkas a29fb59a72 Adding SNS notification support to ec2_asg module
Addresses #1844
8 years ago
Ryan Brown 2e1e3562b9 Stop sorting of termination_policies in `ec2_asg` (#4883)
The AWS API requires that any termination policy list that includes
`Default` must end with Default. The attribute sorting caused any list
of attributes to be lexically sorted, so a list like
`["OldestLaunchConfiguration", "Default"]` would be changed to
`["Default", "OldestLaunchConfiguration"]` because default is earlier
alphabetically. This caused calls to fail with BotoServerError per #4069

This commit also adds proper tracebacks to all botoservererror fail_json
calls.

Closes #4069
8 years ago
mzizzi 48d932643b cloudformation stack events itertools.imap bugfix (#4868) 8 years ago
Christopher Kotfila 2632aa630f Unpack AWS reservations while waiting to terminate (#4012)
Previously calculation of the number of instances that have been
terminated assumed all instances were in the first reservation returned
by AWS.  If this is not the case the calculated number of instances
terminated never reaches the number of instances and the module always
times out. By unpacking the instances we get an accurate number and the
module correctly exits.
8 years ago
Ryan Brown ae6992bf8c Handle EC2 instances with multiple network interfaces (#4766)
Currently instances with multiple ENI's can't be started or stopped
because sourceDestCheck is a per-interface attribute, but we use the
boto global access to it (which only works when there's a single ENI).

This patch handles multiple ENI's and applies the sourcedestcheck across
all interfaces the same way.

Fixes #3234
8 years ago
Ryan Brown 819fe45864 Fix failure when powering on/off EC2 instances by tag only. (#4767)
If you apply `wait=yes` and use `instance_tags` as your filter for
stopping/starting EC2 instances, this stack trace happens:

```
An exception occurred during task execution. The full traceback is:                                                                          │~
Traceback (most recent call last):                                                                                                           │~
  File "/tmp/ryansb/ansible_FwE8VR/ansible_module_ec2.py", line 1540, in <module>                                                            │~
    main()                                                                                                                                   │~
  File "/tmp/ryansb/ansible_FwE8VR/ansible_module_ec2.py", line 1514, in main                                                                │~
    (changed, instance_dict_array, new_instance_ids) = startstop_instances(module, ec2, instance_ids, state, instance_tags)                  │~
  File "/tmp/ryansb/ansible_FwE8VR/ansible_module_ec2.py", line 1343, in startstop_instances                                                 │~
    if len(matched_instances) < len(instance_ids):                                                                                           │~
TypeError: object of type 'NoneType' has no len()                                                                                            │~
                                                                                                                                             │~
fatal: [localhost -> localhost]: FAILED! => {"changed": false, "failed": true, "invocation": {"module_name": "ec2"}, "module_stderr": "Traceb│~
ack (most recent call last):\n  File \"/tmp/ryansb/ansible_FwE8VR/ansible_module_ec2.py\", line 1540, in <module>\n    main()\n  File \"/tmp/│~
ryansb/ansible_FwE8VR/ansible_module_ec2.py\", line 1514, in main\n    (changed, instance_dict_array, new_instance_ids) = startstop_instances│~
(module, ec2, instance_ids, state, instance_tags)\n  File \"/tmp/ryansb/ansible_FwE8VR/ansible_module_ec2.py\", line 1343, in startstop_insta│~
nces\n    if len(matched_instances) < len(instance_ids):\nTypeError: object of type 'NoneType' has no len()\n", "module_stdout": "", "msg": "│~
MODULE FAILURE", "parsed": false}
```

That's because the `instance_ids` variable is None if not supplied
in the task. That means the instances that result from the instance_tags
query aren't going to be included in the wait loop. To fix this, a list
needs to be kept of instances with matching tags and that list needs to
be added to `instance_ids` before the wait loop.
8 years ago
Abhijit Menon-Sen 55d51b3946 Fix spot instance creation by ignoring instance_initiated_shutdown_behavior (#4741)
Before this, all spot instance requests would fail because the code
_always_ called module.fail_json when the parameter was set (which it
always was, because the module parameter's default was set to 'stop').

As the comment said, this parameter doesn't make sense for spot
instances at all, so the error message was also misleading.
8 years ago
Florian Dambrine aac55fcc62 Fix ec2 module source_dest_check when running on non VPC instances (EC2 Classic) (#3243) 8 years ago
Matt Ferrante 624f813f60 Properly support tag updates on CloudFormation stack-update actions (#3638) 8 years ago
Kenny Woodson 269c06a4c9 Fix for validate rule. Ensure rule is a dict. (#4640) 8 years ago
Kenny Woodson 9b37dcb593 Getting rid of a None type error when no resource tags are defined. (#4638) 8 years ago
Ryan Brown 0c37949941 Remove spurious `changed` state on iam_policy module (#4381)
Due to a mixup of the group/role/user and policy names, policies with
the same name as the group/role/user they are attached to would never be
updated after creation. To fix that, we needed two changes to the logic
of policy comparison:

- Compare the new policy name to *all* matching policies, not just the
  first in lexicographical order
- Compare the new policy name to the matching ones, not to the IAM
  object the policy is attached to
8 years ago
Rick Mendes 02c47f5b0c Fixes #3144 (#4305) 8 years ago
Ilja Bauer acb7d873f8 Replaced use of bare variables with full variable syntax (#4149) 8 years ago
Richard Adams c8ca1a6211 Add parameter to `ec2` module to control instance shutdown behavior (stop|terminate) 8 years ago
Ryan Brown 8da5e2cb88 Merge pull request #4275 from shaunbrady/ec2_elb_lb_respect_vpc
Make ec2_elb_lb respect VPCs when resolving groups
8 years ago
Ryan Brown a2a6b5247f Merge pull request #4286 from rickmendes/fix-issue-4227
Clarify docs that led to #4227
8 years ago
Shawn Siefkas ec87c517c1 Check mode fixes for ec2_vpc_net module (#2179)
* Check mode fixes for ec2_vpc_net module

Returns VPC object information

Detects state change for VPC, DHCP options, and tags in check mode

* Early exit on VPC creation in check mode
8 years ago
Shawn Siefkas 380dbd4369 Fix #2526 (#2527)
Fail on unhandled exception in ec2_asg rather than raise
8 years ago
Shawn Siefkas 528f9a1d0b Check mode fix for ec2_group module (#2184)
The default VPC egress rules was being left in the egress rules for
purging in check mode.  This ensures that the module returns the correct
change state during check mode.
8 years ago
Rick Mendes 8287002f14 Fixes #4227: just changing messaging 8 years ago
Rick Mendes 72655fe4c8 Fix #3549, failure to reference `module` in `ec2_eip` module 8 years ago
Ryan Brown 81c663ff71 Merge pull request #4288 from rickmendes/rm-me
please remove me as maintainer
8 years ago
Lyle Mantooth 50abfd5e27 Remove file extension from policy names (#3805)
Fixes #3804.

Prevents `__file__` from contributing ".", which is an illegal character in ELB policy names.
8 years ago
Rick Mendes 203b332cdb please remove me as maintainer 8 years ago
Rick Mendes 9cf83ab764 Fixes #4227 8 years ago
Jasmine Hegman a3bae3e6ce Update docs to indicate ec2_asg state defaults to present (#4046)
* Update docs to indicate ec2_asg state defaults to present

Hopefully fixes Issue #4016

* Forgot to flip required to false
8 years ago
Shaun Brady de29bafc1e Make ec2_elb_lb respect VPCs when resolving groups
AWS security groups are unique by name only by VPC (Restated, the VPC
and group name form a unique key).

When attaching security groups to an ELB, the ec2_elb_lb module would
erroneously find security groups of the same name in other VPCs thus
causing an error stating as such.

To eliminate the error, we check that we are attaching subnets (implying
that we are in a VPC), grab the vpc_id of the 0th subnet, and filtering
the list of security groups on this VPC.  In other cases, no such filter
is applied (filters=None).
8 years ago
Shaun Brady 8fa56c16ee Remove trailing white space 8 years ago
Shaun Brady 890bba6a0e Make group_name resolution VPC aware
EC2 Security Group names are unique given a VPC.  When a group_name
value is specified in a rule, if the group_name does not exist in the
provided vpc_id it should create the group as per the documentation.

The groups dictionary uses group_names as keys, so it is possible to
find a group in another VPC with the name that is desired.  This causes
an error as the security group being acted on, and the security group
referenced in the rule are in two different VPCs.

To prevent this issue, we check to see if vpc_id is defined and if so
check that VPCs match, else we treat the group as new.
8 years ago
Ryan Brown d288ef2abc Merge pull request #4163 from kaikousa/improve-ec2_lc-documentation
Improve `ec2_lc` documentation on security_groups option
8 years ago
Ryan Brown a960f01bf3 Merge pull request #4234 from chrisweaver/patch-1
Enforce `bool` type for dup_ok option on AWS `iam_cert` module
8 years ago
Ryan Brown 95c67dc72a Merge pull request #4231 from phy1729/cfn-iam-capabilities
Support CAPABILITY_NAMED_IAM in AWS CloudFormation module
8 years ago
chrisweaver 8879931f0c Enforce boolean type for dup_ok
Stop "choices" from being interpreted as strings.
8 years ago
Matthew Martin 34d48eb89b Add CAPABILITY_NAMED_IAM to cloudformation capabilities
While from the documentation[1] one would assume that replacing
CAPABILITY_IAM with CAPABILITY_NAMED_IAM; this as empirically been shown
to not be the case.

1: "If you have IAM resources, you can specify either capability. If you
have IAM resources with custom names, you must specify
CAPABILITY_NAMED_IAM."
http://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateStack.html
8 years ago
Michael Baydoun 07383c40d7
fixes issues where iam_policy incorrected reported changed 8 years ago
Ryan Brown f61ddbc8a9 Merge pull request #3863 from ryansb/iam-pass-module
Bugfix: IAM group modules need `module` passed
8 years ago
Kai Kousa 7632bc1ecb Improve documentation on security_groups-option 8 years ago
Adrian Moisey 74285d6a53 Add default port for aurora (#4102)
If a port isn't specified, it's looked up. The lookup breaks without
this.

Related: https://github.com/ansible/ansible-modules-core/pull/3414
8 years ago
Matt Davis 0ee7b9896d Merge pull request #4080 from talonx/devel
Fix for #16518 - added missing regions
8 years ago
Ryan Brown 4845c96b00 Remove double-assignment of EC2 parameters (#4081)
The `source_dest_check` and `termination_protection` variables are being
assigned twice in ec2.py, likely due to an incorrect merge somewhere
along the line.
8 years ago
Hrishikesh Barua 718471e302 Fix for #16518 - added missing regions 8 years ago
Javier M. Mellid a88d6d9a53 Add s3_url requirement in doc when rgw support is enabled in s3.py
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
9 years ago