Amazon ec2 Ansible AWS EC2安全组未更新
我有一本创建VPC安全组的剧本。Amazon ec2 Ansible AWS EC2安全组未更新,amazon-ec2,ansible,Amazon Ec2,Ansible,我有一本创建VPC安全组的剧本。 它工作正常,但有很多次,并且没有应用对现有安全组的更新(主要是添加或删除端口)(Ansible未检测到) 原始代码: - name: create sg_riemann_elb rules local_action: module: ec2_group region: "{{ region }}" vpc_id: "{{ vpc.vpc.id }}" name: "sg_riemann_elb" description
它工作正常,但有很多次,并且没有应用对现有安全组的更新(主要是添加或删除端口)(Ansible未检测到) 原始代码:
- name: create sg_riemann_elb rules
local_action:
module: ec2_group
region: "{{ region }}"
vpc_id: "{{ vpc.vpc.id }}"
name: "sg_riemann_elb"
description: security group for Riemann elb
rules:
- proto: tcp
from_port: 5555
to_port: 5556
group_name: "{{ realm }}_sg_base_server"
group_desc: security group for all servers
rules_egress:
- proto: tcp
from_port: 5555
to_port: 5556
group_name: "{{ realm }}_sg_riemann_server"
group_desc: security group for Riemann servers
- name: create sg_riemann_elb rules
local_action:
module: ec2_group
region: "{{ region }}"
vpc_id: "{{ vpc.vpc.id }}"
name: "sg_riemann_elb"
description: security group for Riemann elb
rules:
- proto: tcp
from_port: 4567
to_port: 4567
group_name: "{{ realm }}_sg_base_server"
group_desc: security group for all servers
rules:
- proto: tcp
from_port: 5555
to_port: 5556
group_name: "{{ realm }}_sg_base_server"
group_desc: security group for all servers
rules_egress:
- proto: tcp
from_port: 5555
to_port: 5556
group_name: "{{ realm }}_sg_riemann_server"
group_desc: security group for Riemann servers
TASK [vpc : create sg_riemann_server rules] ************************************
ok: [localhost -> localhost] => {"changed": false, "group_id": "sg-ce89bcaa"}
新代码:(添加端口4567)
Ansible运行的输出为:
- name: create sg_riemann_elb rules
local_action:
module: ec2_group
region: "{{ region }}"
vpc_id: "{{ vpc.vpc.id }}"
name: "sg_riemann_elb"
description: security group for Riemann elb
rules:
- proto: tcp
from_port: 5555
to_port: 5556
group_name: "{{ realm }}_sg_base_server"
group_desc: security group for all servers
rules_egress:
- proto: tcp
from_port: 5555
to_port: 5556
group_name: "{{ realm }}_sg_riemann_server"
group_desc: security group for Riemann servers
- name: create sg_riemann_elb rules
local_action:
module: ec2_group
region: "{{ region }}"
vpc_id: "{{ vpc.vpc.id }}"
name: "sg_riemann_elb"
description: security group for Riemann elb
rules:
- proto: tcp
from_port: 4567
to_port: 4567
group_name: "{{ realm }}_sg_base_server"
group_desc: security group for all servers
rules:
- proto: tcp
from_port: 5555
to_port: 5556
group_name: "{{ realm }}_sg_base_server"
group_desc: security group for all servers
rules_egress:
- proto: tcp
from_port: 5555
to_port: 5556
group_name: "{{ realm }}_sg_riemann_server"
group_desc: security group for Riemann servers
TASK [vpc : create sg_riemann_server rules] ************************************
ok: [localhost -> localhost] => {"changed": false, "group_id": "sg-ce89bcaa"}
知道为什么没有用新端口(4567)更新它吗?在任务
创建sg_riemann_elb rules
中有两项带有键rules
,其中一项正在覆盖另一项。修复方法是使用安全组规则列表仅定义一个规则键,如下所示:
...
description: security group for Riemann elb
rules:
- proto: tcp
from_port: 4567
to_port: 4567
group_name: "{{ realm }}_sg_base_server"
group_desc: security group for all servers
- proto: tcp
from_port: 5555
to_port: 5556
group_name: "{{ realm }}_sg_base_server"
group_desc: security group for all servers
rules_egress:
...
抢手货这就是为什么这个网站这么好的原因。我还认为Ansible应该警告这些配置错误。。。