1. 首页
  2. 问答
  3. Ansible AWS EC2安全组未更新

Ansible AWS EC2安全组未更新

2016-03-16 35 views
2

我有一本创建VPC安全组的游戏手册。
它运行良好,但很多次,并且更新到现有安全组(主要是添加或删除端口)未应用(未由Ansible检测到)。Ansible AWS EC2安全组未更新

原始代码:

- name: create sg_riemann_elb rules 
    local_action: 
    module: ec2_group 
    region: "{{ region }}" 
    vpc_id: "{{ vpc.vpc.id }}" 
    name: "sg_riemann_elb" 
    description: security group for Riemann elb 
    rules: 
     - proto: tcp 
     from_port: 5555 
     to_port: 5556 
     group_name: "{{ realm }}_sg_base_server" 
     group_desc: security group for all servers 
    rules_egress: 
     - proto: tcp 
     from_port: 5555 
     to_port: 5556 
     group_name: "{{ realm }}_sg_riemann_server" 
     group_desc: security group for Riemann servers

新的代码:(加入端口)

- name: create sg_riemann_elb rules 
    local_action: 
    module: ec2_group 
    region: "{{ region }}" 
    vpc_id: "{{ vpc.vpc.id }}" 
    name: "sg_riemann_elb" 
    description: security group for Riemann elb 
    rules: 
     - proto: tcp 
     from_port: 4567 
     to_port: 4567 
     group_name: "{{ realm }}_sg_base_server" 
     group_desc: security group for all servers 
    rules: 
     - proto: tcp 
     from_port: 5555 
     to_port: 5556 
     group_name: "{{ realm }}_sg_base_server" 
     group_desc: security group for all servers 
    rules_egress: 
     - proto: tcp 
     from_port: 5555 
     to_port: 5556 
     group_name: "{{ realm }}_sg_riemann_server" 
     group_desc: security group for Riemann servers

从Ansible运行的输出是:

TASK [vpc : create sg_riemann_server rules] ************************************ 
ok: [localhost -> localhost] => {"changed": false, "group_id": "sg-ce89bcaa"}

任何想法为什么它不更新与新端口(4567)?

来源

2016-03-16 Eldad AK

回答

3

在任务create sg_riemann_elb rules中有两个项目,其中一个项目rules正在覆盖另一项。修复是只定义一个带有安全组规则列表的rules密钥,如下所示:

... 
    description: security group for Riemann elb 
    rules: 
     - proto: tcp 
     from_port: 4567 
     to_port: 4567 
     group_name: "{{ realm }}_sg_base_server" 
     group_desc: security group for all servers 
     - proto: tcp 
     from_port: 5555 
     to_port: 5556 
     group_name: "{{ realm }}_sg_base_server" 
     group_desc: security group for all servers 
    rules_egress: 
    ...

来源

2016-03-16 09:03:46

+0

好抓!这正是为什么这个网站太好了。我也认为Ansible应该警告这样的配置错误...... –

相关问题

 相关问题