Taking a page out of the ec2 config, make sure that all of the
OpenStack modules handle the inbound auth config in the same way.
The one outlier is keystone wrt auth_url.
The OpenStack client utilities consume a set of input environment
variables for things like username and auth_url, so it's very
common for OpenStack users to have such settings set in their
environment. Indeed, things like devstack also output a shell file
to be sourced to set them. Although in a playbook it's entirely
expected that variables should be used to pass in system settings
like api passwords, for ad-hoc command line usage, needing to pass
in five parameters which are almost certainly in the environment
already reduces the utility.
Grab the environment variables and inject them as default. Special care
is taken to ensure that in the case where the values are not found, the
behavior of which parameters are required is not altered.
It is possible to create an instance, terminate the instance and then
attempt to recreate the instance with the same parameters. In this case
`ec2.run_instances` returns a reservation list containing the instance ids
but the logic gets stuck waiting for the instance to exist in the call to
`ec2.get_all_instances`, even if wait is no).
The provisioning module knows more about how nova deals with IP
addresses now. Ensure that the inventory module is similarly as smart
by separating out the logic into the openstack/module_utils.
During the state check, check IP address information. This gets us
two things. The most obvious is that for direct IP management, a
change to the config will reflect in the config of the instance. But
also, if we succeed in creating the instance but fail in adding an IP,
this should let us re-run and arrive in the state we were expecting.
The fun part about having multiple vendors providing the same cloud
is that while their APIs are the same, what they do with their metadata
tends to be ... fun. So in order to be able to express sanely what you
want without needing to stick tons of unreadable uuids in your config,
it turns out what sometimes you need to further filter image and flavor
names. Specific examples are (deprecated) images in HP Cloud and the
Standard and Performance flavors on Rackspace.
Putting uuid and numberic identifies in playbooks is fragile, especially
with cloud providers who change them out from under you. Asking for
Ubuntu 14.04 is consistent, the UUID associated with that is not. Add
mutually exclusive parameters to allow for specifying images by name and
flavors by RAM amount.
Taking a page out of the ec2 config, make sure that all of the
OpenStack modules handle the inbound auth config in the same way.
The one outlier is keystone wrt auth_url.
The OpenStack client utilities consume a set of input environment
variables for things like username and auth_url, so it's very
common for OpenStack users to have such settings set in their
environment. Indeed, things like devstack also output a shell file
to be sourced to set them. Although in a playbook it's entirely
expected that variables should be used to pass in system settings
like api passwords, for ad-hoc command line usage, needing to pass
in five parameters which are almost certainly in the environment
already reduces the utility.
Grab the environment variables and inject them as default. Special care
is taken to ensure that in the case where the values are not found, the
behavior of which parameters are required is not altered.
The floating-ip extension, while pretty ubiquitous, is not a
foregone conclusion. Specifically, Rackspace, while also
served by the rax module, is a valid OpenStack cloud and can
be interacted with directly via nova interfaces.
Add support for determining public and private IPs for
OpenStack clouds that don't use floating ips by reading
the public and private keys from the addresses dict.
If the region name is specified in the config, we need to pass it
in to the nova client constructor. Since key_name is similarly optional,
go ahead and handle both parameters the same.
The desires around getting a floating ip associated with a pool and
getting a floating ip not associated with a pool is just different
enough that following it as one set of nested ifs is tricky. Split
the function into two, one for the pool and one for the non-pool logic.
Several azure fixes/improvements, including:
* Improve failure message when python-azure is not installed
* Improve required argument handling
* Fixes a traceback on instance termination when the variable
'deployment' was not set.
* Fixes a traceback (#8298) when creating instances using the newer SDK
otherwise the module will return the info about the instance that it got prior to the action taken
So if you had a task to start an instance:
ec2:
instance_ids: ...
state: running
register: ec2_info
the registered data would have empty public_dns_name, public_ip, private_dns_name, private_ip
The current (hard-coded) retry interval of 500 seconds can cause ansible to have excessive run-times in the case of many domains. `retry_interval` provides a way to customize the wait between retries of calls to route53.
Some environments that utilize an SSL terminator with a self-signed
certificate can use the publicURL without getting certificate
verify errors. This allows using the internalURL with in my case
is HTTP and not HTTPS.
Closes issue: #8057
The following patch adds a missing 'msg=' syntax. An exception is raised
in ansible if this block is reached during the execution of the module
TypeError: fail_json() takes exactly 1 argument (2 given)
With the 'msg=' added, you get a more informative error. For example
msg: No settings provided to update_domain().
Catch any InvalidInstanceID.NotFound errors coming from the boto library
when trying to find the newly created instance. When this happens We should
just wait and try again.
Default is set to 300 seconds, which is AWS default.
This PR fixes a bug (#7898) where instances created within an autoscaling group using the `ec2_asg` module gets immediately terminated because the `health_check_period` is set to 0, which causes the instance to be checked without having the time to actually boot.
Adding `health_check_type` is needed because you may want to check your instance health against an ELB instead of just EC2 default cloudwatch.
Tagging recently created instances can result in
InvalidInstanceID.NotFound errors.
By delaying the tagging until the last part of instance creation,
we should be typically more fortunate (avoiding all such race
conditions might need more work)
- Added a more verbose response
- includes its settable attributes and a list of its instances.
- allows setting of tags, changes upon which mark the task changed
- allow getting of information from asg module, not just setting
- doesn't mark changed if the parameter wasn't specified
- Availability Zones are pulled from the region
For networks that have both a v4 and a v6 subnet, the floating IP plugin
currently has two problems:
* When determining the subnet for the provided `internal_network_name`, it
assumes that the first item in the list of subnets is the one you want.
Instead, it should pick the first v4 subnet.
* When multiple fixed IP's exist for a given port (as is the case in a network
a v4 and a v6 subnet), neutron needs a hint as to which fixed IP to associate
to the floating IP address (the v4 one).
* Fixed error messages to be more descriptive
* Removed direct use of subprocess module and replaced it with calls
to module.run_command
* Changed AZURE_MANAGEMENT_CERT_PATH to be just AZURE_CERT_PATH, which
matches what is expected by the inventory script
fixes error "failed to parse: <attribute 'message' of 'exceptions.BaseException' objects>
TypeError: <attribute 'message' of 'exceptions.BaseException' objects> is not JSON serializable"
Since 0.11 Docker supports different networking modes (see docker run
--net). This commit add support for that to the ansible docker module.
This depends on
2d58351164
Split the error check into two error checks and delay the
checks so that listing existing volumes works more nicely.
The error check should check that:
* One and only one of volume_size id or name is set
This fix adds the 'only one' part of that check and provides
more useful error messages.
If `get_all_instances` returns multiple reservations, the old wait loop only
dealt with the first reservation. Thus, the wait loop may end before all
instances get to be running/stopped.
Also clean up the code a little.
`decoded_name` was created twice, each from `rset.name`
So, the second call to `.replace(r'\100', '@')` overwrites decoded_name, discarding the result of the call to `.replace(r'\052', '*')`
I had a problem with wildcard domains that was fixed by this patch.
Upon a second run, the default egress rule will be removed when a
vpc is specified but no other egress rules were set. This patch
corrects that behavior by removing the default egress rule from the
list of unmatched outbound rules.
Fixes#7309
* the current state of the ELB was not reflected properly when checking
the status after a change was made.
* invalid zones caused a traceback when enabling/disabling zones
ec2_snapshot got missed when moving to a common argument spec.
It could already make use of the capabilities (as it uses
ec2_connect) and the documentation suggested it supported the
common argument spec (thanks to the documentation fragment work)
so it was just a matter of fixing the argument spec.
Removed unnecessary documentation for profile and security_token
that is covered by documentation fragment
Also removed spurious documentation flags (default: null, aliases: [])
which aren't needed.
The JSON the Docker API returns includes the container's ENTRYPOINT value (if it has one) with the 'Command' value. So instead of checking if `container['Command'] == module.params['command']`, we just check that `container['Command'].endswith(module.params['command'])` so the entrypoint won't affect a container being properly classified as matching the module params or not.
Also I refactored a super-long `if` statement into some temporary variables - I did it to help me figure out what was going wrong, and then it makes the code more readable so I kept it.
As part of being updated for the 1.10 API, a couple of parameters were passed to the docker.client.start() command that it doesn't accept. This caused the module to error out if it tried to start any Docker containers. This removes those parameters so the module works again.
Uses the new get_aws_connection_info
and connect_to_aws common methods to reuse code
Now complains if region is not set in one of the
three possible methods
Also moved over to common documentation code so
this is actually based on #6913
Created common module doc fragment, and applied to all
modules that use ec2_connect or connect_to_aws as
they definitely share the common doc fragments
* Catch issues with invalid regions
* Ensure we send string only data as meta values in the rax module
* Add public_key/lookup example for rax_keypair
* Clean up import statements
While the [boto docs](https://github.com/boto/boto/blob/develop/boto/rds/__init__.py#L253) make it seem like the default value of `port` is changed depending on the engine chosen, AFAICT from looking at the code the default value is never changed from 3306.
I think the docs are intended to be read as "the default value used by <engine> is <port> so you should change `port` to that value".
If you don't specify the port value and chose the database engine as PostgreSQL you'll end up with a PostgreSQL instance running on port 3306.
Without the `subnet` parameter supplied there's an error `msg: Parameter vpc_security_groups invalid for create command`. (This might be a bug?)
If the VPC security group name rather than ID is supplied there's an error: `msg: Invalid security group , groupId= <some group name>, groupName=.` (Accepting a group name might be a feature enhancement.)
In my case I set the subnet as `default` and used `register` to get the result of the security group creation section and just referred to its `group_id` property.
Add extra_create_args and extra_client_args to rax module to support passing
advanced configuration options to client instantiation and server create calls.
When a group is created, an egress_rule ALLOW ALL to 0.0.0.0/0 is added
automatically but it's not reflected in the object returned by the AWS API
call. After creation we re-read the group for getting an updated object.
Suppose a pair of groups, A and B, depending on each other. One solution
for breaking the circular dependency at playbook level:
- declare group A without dependencies
- declare group B depending on A
- declare group A depending on B
This patch breaks the dependency at module level. Whenever a depended-on
group is missing it's first created. This approach requires only two tasks:
- declare group A depending on B (group B will be auto created)
- declare group B depending on A
When creating a group EC2 requires you to pass the group description. In
order to fullfil this, rules now accept the `group_desc` param. Note
that group description can't be changed once the group is created so
it's nice to keep descriptions in sync.
Concrete example:
- ec2_group:
name: mysql-client
description: MySQL Client
rules_egress:
- proto: tcp
from_port: 3306
to_port: 3306
group_name: mysql-server
group_desc: MySQL Server
- ec2_group:
name: mysql-server
description: MySQL Server
rules:
- proto: tcp
from_port: 3306
to_port: 3306
group_name: mysql-client
* Added desired_capacity and vpc_zone_identifier to ec2_asg
* Use ec2_argument_spec() method and then remove unnecessary
declarations from argument_spec
* Remove AWS_REGIONS declaration
* Rename block_device_mappings to volumes to be consistent with ec2
* Remove all pep8 warnings except line length and continuation indent
* Use updated module_utils/ec2.py to add profile and security_token
support
* Remove mandatory arguments for delete to make launchconfig deletion
work
* Handle existing launch configurations better
* Improve output information
* Improve documentation
Had to shoot the recently merged nova_group module in the head temporarily as it contained a dict comprehension, which means it can't work on all the platforms
and was also breaking docs builds on CentOS. Will engage with list about that shortly.
The new present state just makes sure that a container exists, not that
it's running, although it get started one creation.
This is very useful for data volumes. This also changes the old
present, now running (default) state to only create the container if
it's not found, otherwise it just get started.
See also discussion on mailinglist:
https://groups.google.com/forum/#!topic/ansible-devel/jB84gdhPzLQ
This closes#6395