2
我有一本创建VPC安全组的游戏手册。
它运行良好,但很多次,并且更新到现有安全组(主要是添加或删除端口)未应用(未由Ansible检测到)。Ansible AWS EC2安全组未更新
原始代码:
- name: create sg_riemann_elb rules
local_action:
module: ec2_group
region: "{{ region }}"
vpc_id: "{{ vpc.vpc.id }}"
name: "sg_riemann_elb"
description: security group for Riemann elb
rules:
- proto: tcp
from_port: 5555
to_port: 5556
group_name: "{{ realm }}_sg_base_server"
group_desc: security group for all servers
rules_egress:
- proto: tcp
from_port: 5555
to_port: 5556
group_name: "{{ realm }}_sg_riemann_server"
group_desc: security group for Riemann servers
新的代码:(加入端口)
- name: create sg_riemann_elb rules
local_action:
module: ec2_group
region: "{{ region }}"
vpc_id: "{{ vpc.vpc.id }}"
name: "sg_riemann_elb"
description: security group for Riemann elb
rules:
- proto: tcp
from_port: 4567
to_port: 4567
group_name: "{{ realm }}_sg_base_server"
group_desc: security group for all servers
rules:
- proto: tcp
from_port: 5555
to_port: 5556
group_name: "{{ realm }}_sg_base_server"
group_desc: security group for all servers
rules_egress:
- proto: tcp
from_port: 5555
to_port: 5556
group_name: "{{ realm }}_sg_riemann_server"
group_desc: security group for Riemann servers
从Ansible运行的输出是:
TASK [vpc : create sg_riemann_server rules] ************************************
ok: [localhost -> localhost] => {"changed": false, "group_id": "sg-ce89bcaa"}
任何想法为什么它不更新与新端口(4567)?
好抓!这正是为什么这个网站太好了。我也认为Ansible应该警告这样的配置错误...... –