cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add launch type to ecs task (#49081)

Browse source 
* adds fargate launch_type to ecs_task module

* White space changes

* fix documentation for running ecs task on fargate

* remove extraneous example from ecs_task

* White space changes

* Adds changelog fragment

* Pluralize minor_changes in changelog fragment

* Add Stop and Start task permissions
This commit is contained in:
Tad Merchant 2019-03-06 07:40:32 -05:00 committed by Will Thames
parent 539cab89e1
commit b979b26a74
5 changed files with 84 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
changelogs/fragments/49081-add-launch-type-to-ecs-task.yml Normal file
View file

@ -0,0 +1,2 @@
minor_changes:
- adds launch type to ecs task to support fargate launch type.

2
hacking/aws_config/testing_policies/container-policy.json
View file

@ -41,6 +41,8 @@
"ecs:List*",
"ecs:RegisterTaskDefinition",
"ecs:RunTask",
"ecs:StartTask",
"ecs:StopTask",
"ecs:UpdateService",
"elasticloadbalancing:Describe*",
"iam:AttachRolePolicy",

51
lib/ansible/modules/cloud/amazon/ecs_task.py
View file

@ -60,6 +60,12 @@ options:
- I(network_configuration) has two keys, I(subnets), a list of subnet IDs to which the task is attached and I(security_groups),
a list of group names or group IDs for the task
version_added: 2.6
launch_type:
description:
- The launch type on which to run your service
required: false
version_added: 2.8
choices: ["EC2", "FARGATE"]
extends_documentation_fragment:
- aws
- ec2
@ -95,6 +101,22 @@ EXAMPLES = '''
- my_security_group
register: task_output
- name: RUN a task on Fargate
ecs_task:
operation: run
cluster: console-sample-app-static-cluster
task_definition: console-sample-app-static-taskdef
task: "arn:aws:ecs:us-west-2:172139249013:task/3f8353d1-29a8-4689-bbf6-ad79937ffe8a"
started_by: ansible_user
launch_type: FARGATE
network_configuration:
subnets:
- subnet-abcd1234
security_groups:
- sg-aaaa1111
- my_security_group
register: task_output
- name: Stop a task
ecs_task:
operation: stop
@ -160,6 +182,10 @@ task:
description: The timestamp of when the task was stopped.
returned: only when details is true
type: str
launchType:
description: The launch type on which to run your task.
returned: always
type: str
'''
from ansible.module_utils.aws.core import AnsibleAWSModule
@ -208,13 +234,15 @@ class EcsExecManager:
return c
return None
def run_task(self, cluster, task_definition, overrides, count, startedBy):
def run_task(self, cluster, task_definition, overrides, count, startedBy, launch_type):
if overrides is None:
overrides = dict()
params = dict(cluster=cluster, taskDefinition=task_definition,
overrides=overrides, count=count, startedBy=startedBy)
if self.module.params['network_configuration']:
params['networkConfiguration'] = self.format_network_configuration(self.module.params['network_configuration'])
if launch_type:
params['launchType'] = launch_type
try:
response = self.ecs.run_task(**params)
except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e:
@ -247,6 +275,13 @@ class EcsExecManager:
response = self.ecs.stop_task(cluster=cluster, task=task)
return response['task']
def ecs_api_handles_launch_type(self):
from distutils.version import LooseVersion
# There doesn't seem to be a nice way to inspect botocore to look
# for attributes (and networkConfiguration is not an explicit argument
# to e.g. ecs.run_task, it's just passed as a keyword argument)
return LooseVersion(botocore.__version__) >= LooseVersion('1.8.4')
def ecs_api_handles_network_configuration(self):
from distutils.version import LooseVersion
# There doesn't seem to be a nice way to inspect botocore to look
@ -266,10 +301,12 @@ def main():
task=dict(required=False, type='str'), # P*
container_instances=dict(required=False, type='list'), # S*
started_by=dict(required=False, type='str'), # R S
network_configuration=dict(required=False, type='dict')
network_configuration=dict(required=False, type='dict'),
launch_type=dict(required=False, choices=['EC2', 'FARGATE'])
))
module = AnsibleAWSModule(argument_spec=argument_spec, supports_check_mode=True)
module = AnsibleAWSModule(argument_spec=argument_spec, supports_check_mode=True,
required_if=[('launch_type', 'FARGATE', ['network_configuration'])])
# Validate Inputs
if module.params['operation'] == 'run':
@ -295,8 +332,13 @@ def main():
status_type = "STOPPED"
service_mgr = EcsExecManager(module)
if module.params['network_configuration'] and not service_mgr.ecs_api_handles_network_configuration():
module.fail_json(msg='botocore needs to be version 1.7.44 or higher to use network configuration')
if module.params['launch_type'] and not service_mgr.ecs_api_handles_launch_type():
module.fail_json(msg='botocore needs to be version 1.8.4 or higher to use launch type')
existing = service_mgr.list_tasks(module.params['cluster'], task_to_list, status_type)
results = dict(changed=False)
@ -311,7 +353,8 @@ def main():
module.params['task_definition'],
module.params['overrides'],
module.params['count'],
module.params['started_by'])
module.params['started_by'],
module.params['launch_type'])
results['changed'] = True
elif module.params['operation'] == 'start':

5
test/integration/targets/ecs_cluster/playbooks/roles/ecs_cluster/files/ecs-trust-policy.json
View file

@ -5,7 +5,10 @@
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "ecs.amazonaws.com"
"Service": [
"ecs.amazonaws.com",
"ecs-tasks.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}

33
test/integration/targets/ecs_cluster/playbooks/roles/ecs_cluster/tasks/main.yml
View file

@ -664,7 +664,7 @@
assert:
that:
- ecs_fargate_task_definition_bridged_with_host_port is failed
- 'ecs_fargate_task_definition_bridged_with_host_port.msg == "To use FARGATE launch type, network_mode must be awsvpc"'
- 'ecs_fargate_task_definition_bridged_with_host_port.msg == "To use FARGATE launch type, network_mode must be awsvpc"'
- name: create Fargate VPC-networked task definition without CPU or Memory (expected to Fail)
ecs_taskdefinition:
@ -681,7 +681,7 @@
assert:
that:
- ecs_fargate_task_definition_vpc_no_mem is failed
- 'ecs_fargate_task_definition_vpc_no_mem.msg == "launch_type is FARGATE but all of the following are missing: cpu, memory"'
- 'ecs_fargate_task_definition_vpc_no_mem.msg == "launch_type is FARGATE but all of the following are missing: cpu, memory"'
- name: create Fargate VPC-networked task definition with CPU or Memory and execution role
ecs_taskdefinition:
@ -715,13 +715,13 @@
<<: *aws_connection_info
register: ecs_fargate_service_network_without_awsvpc
ignore_errors: yes
- name: assert that using Fargate ECS service fails
assert:
that:
- ecs_fargate_service_network_without_awsvpc is failed
- name: create fargate ECS service with network config
- name: create fargate ECS service with network config
ecs_service:
state: present
name: "{{ ecs_service_name }}4"
@ -738,6 +738,22 @@
<<: *aws_connection_info
register: ecs_fargate_service_network_with_awsvpc
- name: create fargate ECS task with run task
ecs_task:
operation: run
cluster: "{{ ecs_cluster_name }}"
task_definition: "{{ ecs_task_name }}-vpc"
launch_type: FARGATE
count: 1
network_configuration:
subnets: "{{ setup_subnet.results | json_query('[].subnet.id') }}"
security_groups:
- '{{ setup_sg.group_id }}'
assign_public_ip: true
started_by: ansible_user
<<: *aws_connection_info
register: fargate_run_task_output
- name: assert that public IP assignment is enabled
assert:
that:
@ -879,6 +895,15 @@
ignore_errors: yes
register: ecs_service_scale_down
- name: stop Fargate ECS task
ecs_task:
task: "{{ fargate_run_task_output.task[0].taskArn }}"
task_definition: "{{ ecs_task_name }}-vpc"
operation: stop
cluster: "{{ ecs_cluster_name }}"
<<: *aws_connection_info
ignore_errors: yes
- name: pause to allow services to scale down
pause:
seconds: 60