No problem, feel free to open an issue on github for this too, as I'm pretty sure the module was not designed to work with a list of IPs natively like that (though maybe the AWS API will work the way we're stuffing those in there).
Thanks! On Fri, Sep 5, 2014 at 2:50 PM, Aaron Mills <[email protected]> wrote: > The purge functionality is actually quite nice for my use case, however. > I'm dynamically gathering a list of hosts with a particular tag, then > creating security group ingress rules to allow only those IPs (oh, the joys > of VPC / public cloud inter-networking). So if a host is stopped/started, I > need to get rid of the old IP and replace it with the new one when I run my > playbook. > > I solved this problem via the template method linked to previously. I'm > not sure if updated Ansible code to loop through a list and create > individual rules would be appropriate or not (I'm guessing not), so this > may be the best method anyway. > > Thanks for your help. > > -Aaron > > > On Friday, September 5, 2014 1:36:31 PM UTC-6, James Cammarata wrote: >> >> I ask, because as far as I can tell from looking at the source code, we >> do not check that the cidr_ip may be a list of IPs rather than a single >> item. That means for things like this (where ip is the cidr_ip from the >> parsed rule data structure): >> >> ruleId = "%s-%s-%s-%s-%s-%s" % ('out', rule['proto'], >> rule['from_port'], rule['to_port'], group_id, ip) >> >> The ruleId would seemingly be invalid, and the lookups/creation would not >> work as expected. >> >> Alternatively to the template/include idea, 1.8 has added the params >> purge_rules and purge_rules_egrees, which when set to "no" means you should >> be able to add the rules in a loop without removing old rules. >> >> >> On Fri, Sep 5, 2014 at 10:38 AM, Aaron Mills <[email protected]> wrote: >> >>> It's valid. When you run a playbook that passes a list of IPs, it'll >>> generate a rule for each IP in the list. However, when you run the playbook >>> a second time, AWS throw's an error that those SG entries already exist. >>> >>> I was cribbing from Michael DeHaan's solution here >>> <https://groups.google.com/forum/#!searchin/ansible-project/ec2_group/ansible-project/5wvplmni_-A/bSqml4aNx0YJ>. >>> Looks like others have solved this with a template >>> <https://groups.google.com/forum/#!searchin/ansible-project/ec2_group$20template/ansible-project/a8y1v2-R8Zw/DJY1J4XaZpAJ> >>> . >>> >>> >>> On Thursday, September 4, 2014 9:30:50 PM UTC-6, James Cammarata wrote: >>>> >>>> Hi Aaron, is it valid to specify a list of IPs for the cidr_ip value in >>>> the rules (or was this a cut/paste mistake)? >>>> >>>> >>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ansible Project" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> To view this discussion on the web visit https://groups.google.com/d/ >>> msgid/ansible-project/81de221d-ee22-41f3-b22c- >>> 91e9db3b961a%40googlegroups.com >>> <https://groups.google.com/d/msgid/ansible-project/81de221d-ee22-41f3-b22c-91e9db3b961a%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/e8213f29-1b4d-47f0-81bc-67daeb806a4d%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/e8213f29-1b4d-47f0-81bc-67daeb806a4d%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAMFyvFhb9yr3YBmF%3DLN9eay42Q9Ox_hHFYegbia14hcRCXQ-2w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
