diff --git a/CHANGELOG.md b/CHANGELOG.md index 21eb57269f3..332224d7420 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,7 @@ Major features/changes: * acl module now handles 'default' and allows for either shorthand entry or specific fields per entry section * play_hosts is a new magic variable to provide a list of hosts in scope for the current play. * ec2 module now accepts 'exact_count' and 'count_tag' as a way to enforce a running number of nodes by tags. +* all ec2 modules that work with Eucalyptus also now support a 'validate_certs' option, which can be set to 'off' for installations using self-signed certs. New modules: diff --git a/lib/ansible/module_utils/ec2.py b/lib/ansible/module_utils/ec2.py index bbcd30be213..2bdfe35afee 100644 --- a/lib/ansible/module_utils/ec2.py +++ b/lib/ansible/module_utils/ec2.py @@ -1,3 +1,9 @@ +try: + from distutils.version import LooseVersion + HAS_LOOSE_VERSION = True +except: + HAS_LOOSE_VERSION = False + AWS_REGIONS = ['ap-northeast-1', 'ap-southeast-1', 'ap-southeast-2', @@ -14,6 +20,7 @@ def ec2_argument_spec(): ec2_url=dict(), ec2_secret_key=dict(aliases=['aws_secret_key', 'secret_key'], no_log=True), ec2_access_key=dict(aliases=['aws_access_key', 'access_key']), + validate_certs=dict(default=True, type='bool'), ) @@ -62,17 +69,24 @@ def ec2_connect(module): """ Return an ec2 connection""" ec2_url, aws_access_key, aws_secret_key, region = get_ec2_creds(module) + validate_certs = module.get('validate_certs', True) # If we have a region specified, connect to its endpoint. if region: try: - ec2 = boto.ec2.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key) + if HAS_LOOSE_VERSION and LooseVersion(boto.Version) >= LooseVersion("2.6.0"): + ec2 = boto.ec2.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key, validate_certs=validate_certs) + else: + ec2 = boto.ec2.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key) except boto.exception.NoAuthHandlerFound, e: module.fail_json(msg = str(e)) # Otherwise, no region so we fallback to the old connection method elif ec2_url: try: - ec2 = boto.connect_ec2_endpoint(ec2_url, aws_access_key, aws_secret_key) + if HAS_LOOSE_VERSION and LooseVersion(boto.Version) >= LooseVersion("2.6.0"): + ec2 = boto.connect_ec2_endpoint(ec2_url, aws_access_key, aws_secret_key, validate_certs=validate_certs) + else: + ec2 = boto.connect_ec2_endpoint(ec2_url, aws_access_key, aws_secret_key) except boto.exception.NoAuthHandlerFound, e: module.fail_json(msg = str(e)) else: diff --git a/library/cloud/ec2 b/library/cloud/ec2 index 1b22496c8eb..e590b40fbdc 100644 --- a/library/cloud/ec2 +++ b/library/cloud/ec2 @@ -212,7 +212,14 @@ options: required: false default: null aliases: [] - + validate_certs: + description: + - When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0. + required: false + default: "yes" + choices: ["yes", "no"] + aliases: [] + version_added: "1.5" requirements: [ "boto" ] author: Seth Vidal, Tim Gerla, Lester Wade diff --git a/library/cloud/ec2_ami b/library/cloud/ec2_ami index a6e449cbce9..ae2eca4fa4e 100644 --- a/library/cloud/ec2_ami +++ b/library/cloud/ec2_ami @@ -101,6 +101,14 @@ options: required: false default: null aliases: [] + validate_certs: + description: + - When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0. + required: false + default: "yes" + choices: ["yes", "no"] + aliases: [] + version_added: "1.5" requirements: [ "boto" ] author: Evan Duffield diff --git a/library/cloud/ec2_eip b/library/cloud/ec2_eip index ab6056ae4ad..de041f42227 100644 --- a/library/cloud/ec2_eip +++ b/library/cloud/ec2_eip @@ -53,6 +53,15 @@ options: required: false default: false version_added: "1.4" + validate_certs: + description: + - When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0. + required: false + default: "yes" + choices: ["yes", "no"] + aliases: [] + version_added: "1.5" + requirements: [ "boto" ] author: Lorin Hochstein notes: diff --git a/library/cloud/ec2_elb b/library/cloud/ec2_elb index 1927d6c3a7a..c6f4a72b0e1 100644 --- a/library/cloud/ec2_elb +++ b/library/cloud/ec2_elb @@ -74,6 +74,14 @@ options: required: false default: yes choices: [ "yes", "no" ] + validate_certs: + description: + - When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0. + required: false + default: "yes" + choices: ["yes", "no"] + aliases: [] + version_added: "1.5" """ diff --git a/library/cloud/ec2_elb_lb b/library/cloud/ec2_elb_lb index 5e4db144c87..f7d23631bc0 100644 --- a/library/cloud/ec2_elb_lb +++ b/library/cloud/ec2_elb_lb @@ -73,6 +73,14 @@ options: - The AWS region to use. If not specified then the value of the EC2_REGION environment variable, if any, is used. required: false aliases: ['aws_region', 'ec2_region'] + validate_certs: + description: + - When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0. + required: false + default: "yes" + choices: ["yes", "no"] + aliases: [] + version_added: "1.5" """ diff --git a/library/cloud/ec2_group b/library/cloud/ec2_group index 552f6a503e0..34d9b161244 100644 --- a/library/cloud/ec2_group +++ b/library/cloud/ec2_group @@ -57,6 +57,14 @@ options: required: false default: 'present' aliases: [] + validate_certs: + description: + - When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0. + required: false + default: "yes" + choices: ["yes", "no"] + aliases: [] + version_added: "1.5" requirements: [ "boto" ] ''' diff --git a/library/cloud/ec2_key b/library/cloud/ec2_key index e3bcbec50c7..5e6950d2c8b 100644 --- a/library/cloud/ec2_key +++ b/library/cloud/ec2_key @@ -48,6 +48,14 @@ options: required: false default: 'present' aliases: [] + validate_certs: + description: + - When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0. + required: false + default: "yes" + choices: ["yes", "no"] + aliases: [] + version_added: "1.5" requirements: [ "boto" ] author: Vincent Viallet diff --git a/library/cloud/ec2_tag b/library/cloud/ec2_tag index 1bdcd404f57..ca5a337646f 100644 --- a/library/cloud/ec2_tag +++ b/library/cloud/ec2_tag @@ -59,6 +59,15 @@ options: required: false default: null aliases: [] + validate_certs: + description: + - When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0. + required: false + default: "yes" + choices: ["yes", "no"] + aliases: [] + version_added: "1.5" + requirements: [ "boto" ] author: Lester Wade ''' diff --git a/library/cloud/ec2_vol b/library/cloud/ec2_vol index 815460f5e65..bdd2eae3822 100644 --- a/library/cloud/ec2_vol +++ b/library/cloud/ec2_vol @@ -82,6 +82,15 @@ options: - snapshot ID on which to base the volume required: false default: null + validate_certs: + description: + - When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0. + required: false + default: "yes" + choices: ["yes", "no"] + aliases: [] + version_added: "1.5" + requirements: [ "boto" ] author: Lester Wade ''' diff --git a/library/cloud/ec2_vpc b/library/cloud/ec2_vpc index d50bed4bcba..7671e6314fa 100644 --- a/library/cloud/ec2_vpc +++ b/library/cloud/ec2_vpc @@ -99,6 +99,15 @@ options: required: false default: None aliases: ['ec2_access_key', 'access_key' ] + validate_certs: + description: + - When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0. + required: false + default: "yes" + choices: ["yes", "no"] + aliases: [] + version_added: "1.5" + requirements: [ "boto" ] author: Carson Gee '''