Merge pull request #5997 from jonasi/elasticache_vpc_security_groups
Elasticache vpc security groups
This commit is contained in:
Michael DeHaan
commit
2e10e1e0d6
2 changed files with 41 additions and 5 deletions
|
|
@ -51,6 +51,11 @@ options:
|
||||||
- Purge existing availability zones on ELB that are not found in zones
|
- Purge existing availability zones on ELB that are not found in zones
|
||||||
required: false
|
required: false
|
||||||
default: false
|
default: false
|
||||||
|
security_group_ids:
|
||||||
|
description:
|
||||||
|
- A list of security groups to apply to the elb
|
||||||
|
require: false
|
||||||
|
default: None
|
||||||
health_check:
|
health_check:
|
||||||
description:
|
description:
|
||||||
- An associative array of health check configuration settigs (see example)
|
- An associative array of health check configuration settigs (see example)
|
||||||
|
|
@ -183,7 +188,7 @@ class ElbManager(object):
|
||||||
"""Handles ELB creation and destruction"""
|
"""Handles ELB creation and destruction"""
|
||||||
|
|
||||||
def __init__(self, module, name, listeners=None, purge_listeners=None,
|
def __init__(self, module, name, listeners=None, purge_listeners=None,
|
||||||
zones=None, purge_zones=None, health_check=None,
|
zones=None, purge_zones=None, security_group_ids=None, health_check=None,
|
||||||
aws_access_key=None, aws_secret_key=None, region=None):
|
aws_access_key=None, aws_secret_key=None, region=None):
|
||||||
self.module = module
|
self.module = module
|
||||||
self.name = name
|
self.name = name
|
||||||
|
|
@ -191,6 +196,7 @@ class ElbManager(object):
|
||||||
self.purge_listeners = purge_listeners
|
self.purge_listeners = purge_listeners
|
||||||
self.zones = zones
|
self.zones = zones
|
||||||
self.purge_zones = purge_zones
|
self.purge_zones = purge_zones
|
||||||
|
self.security_group_ids = security_group_ids
|
||||||
self.health_check = health_check
|
self.health_check = health_check
|
||||||
|
|
||||||
self.aws_access_key = aws_access_key
|
self.aws_access_key = aws_access_key
|
||||||
|
|
@ -209,6 +215,7 @@ class ElbManager(object):
|
||||||
self._create_elb()
|
self._create_elb()
|
||||||
else:
|
else:
|
||||||
self._set_zones()
|
self._set_zones()
|
||||||
|
self._set_security_groups()
|
||||||
self._set_elb_listeners()
|
self._set_elb_listeners()
|
||||||
self._set_health_check()
|
self._set_health_check()
|
||||||
|
|
||||||
|
|
@ -228,6 +235,7 @@ class ElbManager(object):
|
||||||
'name': self.elb.name,
|
'name': self.elb.name,
|
||||||
'dns_name': self.elb.dns_name,
|
'dns_name': self.elb.dns_name,
|
||||||
'zones': self.elb.availability_zones,
|
'zones': self.elb.availability_zones,
|
||||||
|
'security_group_ids': self.elb.security_groups,
|
||||||
'status': self.status
|
'status': self.status
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -281,6 +289,7 @@ class ElbManager(object):
|
||||||
listeners = [self._listener_as_tuple(l) for l in self.listeners]
|
listeners = [self._listener_as_tuple(l) for l in self.listeners]
|
||||||
self.elb = self.elb_conn.create_load_balancer(name=self.name,
|
self.elb = self.elb_conn.create_load_balancer(name=self.name,
|
||||||
zones=self.zones,
|
zones=self.zones,
|
||||||
|
security_groups=self.security_group_ids,
|
||||||
complex_listeners=listeners)
|
complex_listeners=listeners)
|
||||||
if self.elb:
|
if self.elb:
|
||||||
self.changed = True
|
self.changed = True
|
||||||
|
|
@ -405,6 +414,11 @@ class ElbManager(object):
|
||||||
if zones_to_disable:
|
if zones_to_disable:
|
||||||
self._disable_zones(zones_to_disable)
|
self._disable_zones(zones_to_disable)
|
||||||
|
|
||||||
|
def _set_security_groups(self):
|
||||||
|
if self.security_group_ids != None and set(self.elb.security_groups) != set(self.security_group_ids):
|
||||||
|
self.elb_conn.apply_security_groups_to_lb(self.name, self.security_group_ids)
|
||||||
|
self.Changed = True
|
||||||
|
|
||||||
def _set_health_check(self):
|
def _set_health_check(self):
|
||||||
"""Set health check values on ELB as needed"""
|
"""Set health check values on ELB as needed"""
|
||||||
if self.health_check:
|
if self.health_check:
|
||||||
|
|
@ -457,6 +471,7 @@ def main():
|
||||||
zones={'default': None, 'required': False, 'type': 'list'},
|
zones={'default': None, 'required': False, 'type': 'list'},
|
||||||
purge_zones={'default': False, 'required': False,
|
purge_zones={'default': False, 'required': False,
|
||||||
'choices': BOOLEANS, 'type': 'bool'},
|
'choices': BOOLEANS, 'type': 'bool'},
|
||||||
|
security_group_ids={'default': None, 'required': False, 'type': 'list'},
|
||||||
health_check={'default': None, 'required': False, 'type': 'dict'},
|
health_check={'default': None, 'required': False, 'type': 'dict'},
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
|
@ -475,6 +490,7 @@ def main():
|
||||||
purge_listeners = module.params['purge_listeners']
|
purge_listeners = module.params['purge_listeners']
|
||||||
zones = module.params['zones']
|
zones = module.params['zones']
|
||||||
purge_zones = module.params['purge_zones']
|
purge_zones = module.params['purge_zones']
|
||||||
|
security_group_ids = module.params['security_group_ids']
|
||||||
health_check = module.params['health_check']
|
health_check = module.params['health_check']
|
||||||
|
|
||||||
if state == 'present' and not listeners:
|
if state == 'present' and not listeners:
|
||||||
|
|
@ -484,7 +500,7 @@ def main():
|
||||||
module.fail_json(msg="At least one availability zone is required for ELB creation")
|
module.fail_json(msg="At least one availability zone is required for ELB creation")
|
||||||
|
|
||||||
elb_man = ElbManager(module, name, listeners, purge_listeners, zones,
|
elb_man = ElbManager(module, name, listeners, purge_listeners, zones,
|
||||||
purge_zones, health_check, aws_access_key,
|
purge_zones, security_group_ids, health_check, aws_access_key,
|
||||||
aws_secret_key, region=region)
|
aws_secret_key, region=region)
|
||||||
|
|
||||||
if state == 'present':
|
if state == 'present':
|
||||||
|
|
|
||||||
|
|
@ -58,6 +58,11 @@ options:
|
||||||
- The port number on which each of the cache nodes will accept connections
|
- The port number on which each of the cache nodes will accept connections
|
||||||
required: false
|
required: false
|
||||||
default: 11211
|
default: 11211
|
||||||
|
security_group_ids:
|
||||||
|
description:
|
||||||
|
- A list of vpc security group names to associate with this cache cluster. Only use if inside a vpc
|
||||||
|
required: false
|
||||||
|
default: ['default']
|
||||||
cache_security_groups:
|
cache_security_groups:
|
||||||
description:
|
description:
|
||||||
- A list of cache security group names to associate with this cache cluster
|
- A list of cache security group names to associate with this cache cluster
|
||||||
|
|
@ -152,7 +157,7 @@ class ElastiCacheManager(object):
|
||||||
EXIST_STATUSES = ['available', 'creating', 'rebooting', 'modifying']
|
EXIST_STATUSES = ['available', 'creating', 'rebooting', 'modifying']
|
||||||
|
|
||||||
def __init__(self, module, name, engine, cache_engine_version, node_type,
|
def __init__(self, module, name, engine, cache_engine_version, node_type,
|
||||||
num_nodes, cache_port, cache_security_groups, zone, wait,
|
num_nodes, cache_port, cache_security_groups, security_group_ids, zone, wait,
|
||||||
hard_modify, aws_access_key, aws_secret_key, region):
|
hard_modify, aws_access_key, aws_secret_key, region):
|
||||||
self.module = module
|
self.module = module
|
||||||
self.name = name
|
self.name = name
|
||||||
|
|
@ -162,6 +167,7 @@ class ElastiCacheManager(object):
|
||||||
self.num_nodes = num_nodes
|
self.num_nodes = num_nodes
|
||||||
self.cache_port = cache_port
|
self.cache_port = cache_port
|
||||||
self.cache_security_groups = cache_security_groups
|
self.cache_security_groups = cache_security_groups
|
||||||
|
self.security_group_ids = security_group_ids
|
||||||
self.zone = zone
|
self.zone = zone
|
||||||
self.wait = wait
|
self.wait = wait
|
||||||
self.hard_modify = hard_modify
|
self.hard_modify = hard_modify
|
||||||
|
|
@ -217,6 +223,7 @@ class ElastiCacheManager(object):
|
||||||
engine=self.engine,
|
engine=self.engine,
|
||||||
engine_version=self.cache_engine_version,
|
engine_version=self.cache_engine_version,
|
||||||
cache_security_group_names=self.cache_security_groups,
|
cache_security_group_names=self.cache_security_groups,
|
||||||
|
security_group_ids=self.security_group_ids,
|
||||||
preferred_availability_zone=self.zone,
|
preferred_availability_zone=self.zone,
|
||||||
port=self.cache_port)
|
port=self.cache_port)
|
||||||
except boto.exception.BotoServerError, e:
|
except boto.exception.BotoServerError, e:
|
||||||
|
|
@ -291,6 +298,7 @@ class ElastiCacheManager(object):
|
||||||
num_cache_nodes=self.num_nodes,
|
num_cache_nodes=self.num_nodes,
|
||||||
cache_node_ids_to_remove=nodes_to_remove,
|
cache_node_ids_to_remove=nodes_to_remove,
|
||||||
cache_security_group_names=self.cache_security_groups,
|
cache_security_group_names=self.cache_security_groups,
|
||||||
|
security_group_ids=self.security_group_ids,
|
||||||
apply_immediately=True,
|
apply_immediately=True,
|
||||||
engine_version=self.cache_engine_version)
|
engine_version=self.cache_engine_version)
|
||||||
except boto.exception.BotoServerError, e:
|
except boto.exception.BotoServerError, e:
|
||||||
|
|
@ -377,12 +385,20 @@ class ElastiCacheManager(object):
|
||||||
if self.data[key] != value:
|
if self.data[key] != value:
|
||||||
return True
|
return True
|
||||||
|
|
||||||
# Check security groups
|
# Check cache security groups
|
||||||
cache_security_groups = []
|
cache_security_groups = []
|
||||||
for sg in self.data['CacheSecurityGroups']:
|
for sg in self.data['CacheSecurityGroups']:
|
||||||
cache_security_groups.append(sg['CacheSecurityGroupName'])
|
cache_security_groups.append(sg['CacheSecurityGroupName'])
|
||||||
if set(cache_security_groups) - set(self.cache_security_groups):
|
if set(cache_security_groups) - set(self.cache_security_groups):
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
# check vpc security groups
|
||||||
|
vpc_security_groups = []
|
||||||
|
for sg in self.data['SecurityGroups']:
|
||||||
|
vpc_security_groups.append(sg['SecurityGroupId'])
|
||||||
|
if set(vpc_security_groups) - set(self.security_group_ids):
|
||||||
|
return True
|
||||||
|
|
||||||
return False
|
return False
|
||||||
|
|
||||||
def _requires_destroy_and_create(self):
|
def _requires_destroy_and_create(self):
|
||||||
|
|
@ -469,6 +485,8 @@ def main():
|
||||||
cache_port={'required': False, 'default': 11211, 'type': 'int'},
|
cache_port={'required': False, 'default': 11211, 'type': 'int'},
|
||||||
cache_security_groups={'required': False, 'default': ['default'],
|
cache_security_groups={'required': False, 'default': ['default'],
|
||||||
'type': 'list'},
|
'type': 'list'},
|
||||||
|
security_group_ids={'required': False, 'default': [],
|
||||||
|
'type': 'list'},
|
||||||
zone={'required': False, 'default': None},
|
zone={'required': False, 'default': None},
|
||||||
wait={'required': False, 'choices': BOOLEANS, 'default': True},
|
wait={'required': False, 'choices': BOOLEANS, 'default': True},
|
||||||
hard_modify={'required': False, 'choices': BOOLEANS, 'default': False}
|
hard_modify={'required': False, 'choices': BOOLEANS, 'default': False}
|
||||||
|
|
@ -489,6 +507,7 @@ def main():
|
||||||
num_nodes = module.params['num_nodes']
|
num_nodes = module.params['num_nodes']
|
||||||
cache_port = module.params['cache_port']
|
cache_port = module.params['cache_port']
|
||||||
cache_security_groups = module.params['cache_security_groups']
|
cache_security_groups = module.params['cache_security_groups']
|
||||||
|
security_group_ids = module.params['security_group_ids']
|
||||||
zone = module.params['zone']
|
zone = module.params['zone']
|
||||||
wait = module.params['wait']
|
wait = module.params['wait']
|
||||||
hard_modify = module.params['hard_modify']
|
hard_modify = module.params['hard_modify']
|
||||||
|
|
@ -502,7 +521,8 @@ def main():
|
||||||
elasticache_manager = ElastiCacheManager(module, name, engine,
|
elasticache_manager = ElastiCacheManager(module, name, engine,
|
||||||
cache_engine_version, node_type,
|
cache_engine_version, node_type,
|
||||||
num_nodes, cache_port,
|
num_nodes, cache_port,
|
||||||
cache_security_groups, zone, wait,
|
cache_security_groups,
|
||||||
|
security_group_ids, zone, wait,
|
||||||
hard_modify, aws_access_key,
|
hard_modify, aws_access_key,
|
||||||
aws_secret_key, region)
|
aws_secret_key, region)
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue