Re: [ansible-project] Re: Nested loops with subelements

[Ananda Debnath]

Thanks for looking Michael,

I was looking for an intuitive way for expressing nested variables in this 
use case.

In my group vars, I specify 3 ec2 region/ami specs:
ec2_specs:
  - { region: "us-east-1", ami: "ami-b66ed3de", count: 1, type: "t2.micro" }
  - { region: "us-west-1", ami: "ami-b56e64f0", count: 2, type: "t2.micro" }
  - { region: "sa-east-1", ami: "ami-9337828e", count: 1, type: "t2.micro" }

I want to spin up *count* instances of each ami. In *each* of them I want 
to setup N separate processes that run on different ports:
process_ports:
  - { name: "Process_A", hostport: "1443" }
  - { name: "Process_B", hostport: "2974" }
  - { name: "Process_C", hostport: "3555" }

To make sure these ports are accessible from the outside world I need to 
set up ec2 security groups for these instances. *How can I express this by 
using my group vars rather than hard coding them as I have done below?*

- name: Setup AWS EC2 Security group
  ec2_group:
    name: microserver_security_group
    description: "Security group for microservices"
    region: "{{ item.region }}"
    rules:
      - proto: tcp
        from_port: 22
        to_port: 22
        cidr_ip: 0.0.0.0/0
      - proto: tcp


*        from_port: 1443        to_port: 1443*        cidr_ip: 0.0.0.0/0
      - proto: tcp


*        from_port: 2754        to_port: 2754*        cidr_ip: 0.0.0.0/0
      - proto: tcp


*        from_port: 3555        to_port: 3555*        cidr_ip: 0.0.0.0/0
    rules_egress:
      - proto: all
        cidr_ip: 0.0.0.0/0
  with_items: *ec2_specs*

Using nesting variables trivially doesn't work:

- name: Setup AWS EC2 Security group
  ec2_group:
    name: microserver_security_group
    description: "Security group for microservices"
    region: "{{ item[0].region }}"
    rules:
      - proto: tcp
        from_port: 22
        to_port: 22
        cidr_ip: 0.0.0.0/0
      - proto: tcp

*        from_port: "{{ item[1].hostport }}"        to_port: *
*"{{ item[1].hostport }}"*        cidr_ip: 0.0.0.0/0
    rules_egress:
      - proto: all
        cidr_ip: 0.0.0.0/0
  with_nested:
*    - ec2_specs*
*    - process_ports*

This simply causes 3 separate runs of the same ec2_group command and I end 
up with a single security group in each region where only the last hostport 
is exposed (each run overwriting the previous run).

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a799ca42-1fc0-433e-affa-2df73a14f9fd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.