Merge pull request #5997 from jonasi/elasticache_vpc_security_groups

Elasticache vpc security groups
This commit is contained in:
Michael DeHaan 2014-03-11 10:42:13 -05:00
commit 2e10e1e0d6
2 changed files with 41 additions and 5 deletions

View file

@ -51,6 +51,11 @@ options:
- Purge existing availability zones on ELB that are not found in zones - Purge existing availability zones on ELB that are not found in zones
required: false required: false
default: false default: false
security_group_ids:
description:
- A list of security groups to apply to the elb
require: false
default: None
health_check: health_check:
description: description:
- An associative array of health check configuration settigs (see example) - An associative array of health check configuration settigs (see example)
@ -183,7 +188,7 @@ class ElbManager(object):
"""Handles ELB creation and destruction""" """Handles ELB creation and destruction"""
def __init__(self, module, name, listeners=None, purge_listeners=None, def __init__(self, module, name, listeners=None, purge_listeners=None,
zones=None, purge_zones=None, health_check=None, zones=None, purge_zones=None, security_group_ids=None, health_check=None,
aws_access_key=None, aws_secret_key=None, region=None): aws_access_key=None, aws_secret_key=None, region=None):
self.module = module self.module = module
self.name = name self.name = name
@ -191,6 +196,7 @@ class ElbManager(object):
self.purge_listeners = purge_listeners self.purge_listeners = purge_listeners
self.zones = zones self.zones = zones
self.purge_zones = purge_zones self.purge_zones = purge_zones
self.security_group_ids = security_group_ids
self.health_check = health_check self.health_check = health_check
self.aws_access_key = aws_access_key self.aws_access_key = aws_access_key
@ -209,6 +215,7 @@ class ElbManager(object):
self._create_elb() self._create_elb()
else: else:
self._set_zones() self._set_zones()
self._set_security_groups()
self._set_elb_listeners() self._set_elb_listeners()
self._set_health_check() self._set_health_check()
@ -228,6 +235,7 @@ class ElbManager(object):
'name': self.elb.name, 'name': self.elb.name,
'dns_name': self.elb.dns_name, 'dns_name': self.elb.dns_name,
'zones': self.elb.availability_zones, 'zones': self.elb.availability_zones,
'security_group_ids': self.elb.security_groups,
'status': self.status 'status': self.status
} }
@ -281,6 +289,7 @@ class ElbManager(object):
listeners = [self._listener_as_tuple(l) for l in self.listeners] listeners = [self._listener_as_tuple(l) for l in self.listeners]
self.elb = self.elb_conn.create_load_balancer(name=self.name, self.elb = self.elb_conn.create_load_balancer(name=self.name,
zones=self.zones, zones=self.zones,
security_groups=self.security_group_ids,
complex_listeners=listeners) complex_listeners=listeners)
if self.elb: if self.elb:
self.changed = True self.changed = True
@ -405,6 +414,11 @@ class ElbManager(object):
if zones_to_disable: if zones_to_disable:
self._disable_zones(zones_to_disable) self._disable_zones(zones_to_disable)
def _set_security_groups(self):
if self.security_group_ids != None and set(self.elb.security_groups) != set(self.security_group_ids):
self.elb_conn.apply_security_groups_to_lb(self.name, self.security_group_ids)
self.Changed = True
def _set_health_check(self): def _set_health_check(self):
"""Set health check values on ELB as needed""" """Set health check values on ELB as needed"""
if self.health_check: if self.health_check:
@ -457,6 +471,7 @@ def main():
zones={'default': None, 'required': False, 'type': 'list'}, zones={'default': None, 'required': False, 'type': 'list'},
purge_zones={'default': False, 'required': False, purge_zones={'default': False, 'required': False,
'choices': BOOLEANS, 'type': 'bool'}, 'choices': BOOLEANS, 'type': 'bool'},
security_group_ids={'default': None, 'required': False, 'type': 'list'},
health_check={'default': None, 'required': False, 'type': 'dict'}, health_check={'default': None, 'required': False, 'type': 'dict'},
) )
) )
@ -475,6 +490,7 @@ def main():
purge_listeners = module.params['purge_listeners'] purge_listeners = module.params['purge_listeners']
zones = module.params['zones'] zones = module.params['zones']
purge_zones = module.params['purge_zones'] purge_zones = module.params['purge_zones']
security_group_ids = module.params['security_group_ids']
health_check = module.params['health_check'] health_check = module.params['health_check']
if state == 'present' and not listeners: if state == 'present' and not listeners:
@ -484,7 +500,7 @@ def main():
module.fail_json(msg="At least one availability zone is required for ELB creation") module.fail_json(msg="At least one availability zone is required for ELB creation")
elb_man = ElbManager(module, name, listeners, purge_listeners, zones, elb_man = ElbManager(module, name, listeners, purge_listeners, zones,
purge_zones, health_check, aws_access_key, purge_zones, security_group_ids, health_check, aws_access_key,
aws_secret_key, region=region) aws_secret_key, region=region)
if state == 'present': if state == 'present':

View file

@ -58,6 +58,11 @@ options:
- The port number on which each of the cache nodes will accept connections - The port number on which each of the cache nodes will accept connections
required: false required: false
default: 11211 default: 11211
security_group_ids:
description:
- A list of vpc security group names to associate with this cache cluster. Only use if inside a vpc
required: false
default: ['default']
cache_security_groups: cache_security_groups:
description: description:
- A list of cache security group names to associate with this cache cluster - A list of cache security group names to associate with this cache cluster
@ -152,7 +157,7 @@ class ElastiCacheManager(object):
EXIST_STATUSES = ['available', 'creating', 'rebooting', 'modifying'] EXIST_STATUSES = ['available', 'creating', 'rebooting', 'modifying']
def __init__(self, module, name, engine, cache_engine_version, node_type, def __init__(self, module, name, engine, cache_engine_version, node_type,
num_nodes, cache_port, cache_security_groups, zone, wait, num_nodes, cache_port, cache_security_groups, security_group_ids, zone, wait,
hard_modify, aws_access_key, aws_secret_key, region): hard_modify, aws_access_key, aws_secret_key, region):
self.module = module self.module = module
self.name = name self.name = name
@ -162,6 +167,7 @@ class ElastiCacheManager(object):
self.num_nodes = num_nodes self.num_nodes = num_nodes
self.cache_port = cache_port self.cache_port = cache_port
self.cache_security_groups = cache_security_groups self.cache_security_groups = cache_security_groups
self.security_group_ids = security_group_ids
self.zone = zone self.zone = zone
self.wait = wait self.wait = wait
self.hard_modify = hard_modify self.hard_modify = hard_modify
@ -217,6 +223,7 @@ class ElastiCacheManager(object):
engine=self.engine, engine=self.engine,
engine_version=self.cache_engine_version, engine_version=self.cache_engine_version,
cache_security_group_names=self.cache_security_groups, cache_security_group_names=self.cache_security_groups,
security_group_ids=self.security_group_ids,
preferred_availability_zone=self.zone, preferred_availability_zone=self.zone,
port=self.cache_port) port=self.cache_port)
except boto.exception.BotoServerError, e: except boto.exception.BotoServerError, e:
@ -291,6 +298,7 @@ class ElastiCacheManager(object):
num_cache_nodes=self.num_nodes, num_cache_nodes=self.num_nodes,
cache_node_ids_to_remove=nodes_to_remove, cache_node_ids_to_remove=nodes_to_remove,
cache_security_group_names=self.cache_security_groups, cache_security_group_names=self.cache_security_groups,
security_group_ids=self.security_group_ids,
apply_immediately=True, apply_immediately=True,
engine_version=self.cache_engine_version) engine_version=self.cache_engine_version)
except boto.exception.BotoServerError, e: except boto.exception.BotoServerError, e:
@ -377,12 +385,20 @@ class ElastiCacheManager(object):
if self.data[key] != value: if self.data[key] != value:
return True return True
# Check security groups # Check cache security groups
cache_security_groups = [] cache_security_groups = []
for sg in self.data['CacheSecurityGroups']: for sg in self.data['CacheSecurityGroups']:
cache_security_groups.append(sg['CacheSecurityGroupName']) cache_security_groups.append(sg['CacheSecurityGroupName'])
if set(cache_security_groups) - set(self.cache_security_groups): if set(cache_security_groups) - set(self.cache_security_groups):
return True return True
# check vpc security groups
vpc_security_groups = []
for sg in self.data['SecurityGroups']:
vpc_security_groups.append(sg['SecurityGroupId'])
if set(vpc_security_groups) - set(self.security_group_ids):
return True
return False return False
def _requires_destroy_and_create(self): def _requires_destroy_and_create(self):
@ -469,6 +485,8 @@ def main():
cache_port={'required': False, 'default': 11211, 'type': 'int'}, cache_port={'required': False, 'default': 11211, 'type': 'int'},
cache_security_groups={'required': False, 'default': ['default'], cache_security_groups={'required': False, 'default': ['default'],
'type': 'list'}, 'type': 'list'},
security_group_ids={'required': False, 'default': [],
'type': 'list'},
zone={'required': False, 'default': None}, zone={'required': False, 'default': None},
wait={'required': False, 'choices': BOOLEANS, 'default': True}, wait={'required': False, 'choices': BOOLEANS, 'default': True},
hard_modify={'required': False, 'choices': BOOLEANS, 'default': False} hard_modify={'required': False, 'choices': BOOLEANS, 'default': False}
@ -489,6 +507,7 @@ def main():
num_nodes = module.params['num_nodes'] num_nodes = module.params['num_nodes']
cache_port = module.params['cache_port'] cache_port = module.params['cache_port']
cache_security_groups = module.params['cache_security_groups'] cache_security_groups = module.params['cache_security_groups']
security_group_ids = module.params['security_group_ids']
zone = module.params['zone'] zone = module.params['zone']
wait = module.params['wait'] wait = module.params['wait']
hard_modify = module.params['hard_modify'] hard_modify = module.params['hard_modify']
@ -502,7 +521,8 @@ def main():
elasticache_manager = ElastiCacheManager(module, name, engine, elasticache_manager = ElastiCacheManager(module, name, engine,
cache_engine_version, node_type, cache_engine_version, node_type,
num_nodes, cache_port, num_nodes, cache_port,
cache_security_groups, zone, wait, cache_security_groups,
security_group_ids, zone, wait,
hard_modify, aws_access_key, hard_modify, aws_access_key,
aws_secret_key, region) aws_secret_key, region)