Add support for volume encryption to ec2_vol

Fixes #7775
This commit is contained in:
Peter Fry 2014-08-25 16:10:00 -05:00 committed by James Cammarata
parent 17b7023e64
commit 35745aff22

View file

@ -55,6 +55,11 @@ options:
default: 100
aliases: []
version_added: "1.3"
encrypted:
description:
- Enable encryption at rest for this volume.
default: false
version_added: "1.8"
device_name:
description:
- device id to override device mapping. Assumes /dev/sdf for Linux/UNIX and /dev/xvdf for Windows.
@ -178,6 +183,8 @@ EXAMPLES = '''
import sys
import time
from distutils.version import LooseVersion
try:
import boto.ec2
except ImportError:
@ -230,12 +237,21 @@ def delete_volume(module, ec2):
ec2.delete_volume(vol.id)
module.exit_json(changed=True)
def boto_supports_volume_encryption():
"""
Check if Boto library supports encryption of EBS volumes (added in 2.29.0)
Returns:
True if boto library has the named param as an argument on the request_spot_instances method, else False
"""
return hasattr(boto, 'Version') and LooseVersion(boto.Version) >= LooseVersion('2.29.0')
def create_volume(module, ec2, zone):
name = module.params.get('name')
id = module.params.get('id')
instance = module.params.get('instance')
iops = module.params.get('iops')
encrypted = module.params.get('encrypted')
volume_size = module.params.get('volume_size')
snapshot = module.params.get('snapshot')
# If custom iops is defined we use volume_type "io1" rather than the default of "standard"
@ -265,7 +281,11 @@ def create_volume(module, ec2, zone):
changed=False)
else:
try:
volume = ec2.create_volume(volume_size, zone, snapshot, volume_type, iops)
if boto_supports_volume_encryption():
volume = ec2.create_volume(volume_size, zone, snapshot, volume_type, iops, encrypted)
else:
volume = ec2.create_volume(volume_size, zone, snapshot, volume_type, iops)
while volume.status != 'available':
time.sleep(3)
volume.update()
@ -319,6 +339,7 @@ def main():
name = dict(),
volume_size = dict(),
iops = dict(),
encrypted = dict(),
device_name = dict(),
zone = dict(aliases=['availability_zone', 'aws_zone', 'ec2_zone']),
snapshot = dict(),
@ -332,6 +353,7 @@ def main():
instance = module.params.get('instance')
volume_size = module.params.get('volume_size')
iops = module.params.get('iops')
encrypted = module.params.get('encrypted')
device_name = module.params.get('device_name')
zone = module.params.get('zone')
snapshot = module.params.get('snapshot')
@ -367,6 +389,9 @@ def main():
if id and name:
module.fail_json(msg="Both id and name cannot be specified")
if encrypted and not boto_supports_volume_encryption():
module.fail_json(msg="You must use boto >= v2.29.0 to use encrypted volumes")
# Here we need to get the zone info for the instance. This covers situation where
# instance is specified but zone isn't.
# Useful for playbooks chaining instance launch with volume create + attach and where the