I ask, because as far as I can tell from looking at the source code, we do
not check that the cidr_ip may be a list of IPs rather than a single item.
That means for things like this (where ip is the cidr_ip from the parsed
rule data structure):
ruleId = "%s-%s-%s-%s-%s-%s" % ('out', rule['proto'], rule['from_port'],
rule['to_port'], group_id, ip)
The ruleId would seemingly be invalid, and the lookups/creation would not
work as expected.
Alternatively to the template/include idea, 1.8 has added the params
purge_rules and purge_rules_egrees, which when set to "no" means you should
be able to add the rules in a loop without removing old rules.
On Fri, Sep 5, 2014 at 10:38 AM, Aaron Mills <[email protected]> wrote:
> It's valid. When you run a playbook that passes a list of IPs, it'll
> generate a rule for each IP in the list. However, when you run the playbook
> a second time, AWS throw's an error that those SG entries already exist.
>
> I was cribbing from Michael DeHaan's solution here
> <https://groups.google.com/forum/#!searchin/ansible-project/ec2_group/ansible-project/5wvplmni_-A/bSqml4aNx0YJ>.
> Looks like others have solved this with a template
> <https://groups.google.com/forum/#!searchin/ansible-project/ec2_group$20template/ansible-project/a8y1v2-R8Zw/DJY1J4XaZpAJ>
> .
>
>
> On Thursday, September 4, 2014 9:30:50 PM UTC-6, James Cammarata wrote:
>>
>> Hi Aaron, is it valid to specify a list of IPs for the cidr_ip value in
>> the rules (or was this a cut/paste mistake)?
>>
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To post to this group, send email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/81de221d-ee22-41f3-b22c-91e9db3b961a%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/81de221d-ee22-41f3-b22c-91e9db3b961a%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAMFyvFhcX22jwCqKx3MaBob9ygUFqw-0s5QUru6Xq3%3DT0zmkqg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
