b9a7352e0a
Allow security tokens and profiles to be used as arguments to the 'common' ec2 modules Mostly refactoring to provide two new methods, `get_aws_connection_info`, which results in a dict that can be passed through to the boto `connect_to_region` calls, and `connect_to_aws` that can pass that dict through to the `connect_to_region` method of the appropriate module. Tidied up some variable names Works around boto/boto#2100 profiles don't work with boto < 2.24, but this detects for that and fails with an appropriate message. It is designed to work if profile is not passed but boto < 2.24 is installed. Modifications to allow empty aws auth variables to be passed (this is useful if wanting to have the keys as an optional parameter in ec2 calls - if set, use this value, if not set, use boto config or env variables) Reworked validate_certs improvements to work with refactoring Added documentation for profile and security_token to affected modules
267 lines
8.7 KiB
Python
267 lines
8.7 KiB
Python
#!/usr/bin/python
|
|
# This file is part of Ansible
|
|
#
|
|
# Ansible is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# Ansible is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
DOCUMENTATION = '''
|
|
---
|
|
module: ec2_vol
|
|
short_description: create and attach a volume, return volume id and device map
|
|
description:
|
|
- creates an EBS volume and optionally attaches it to an instance. If both an instance ID and a device name is given and the instance has a device at the device name, then no volume is created and no attachment is made. This module has a dependency on python-boto.
|
|
version_added: "1.1"
|
|
options:
|
|
aws_secret_key:
|
|
description:
|
|
- AWS secret key. If not set then the value of the AWS_SECRET_KEY environment variable is used.
|
|
required: false
|
|
default: None
|
|
aliases: ['ec2_secret_key', 'secret_key' ]
|
|
aws_access_key:
|
|
description:
|
|
- AWS access key. If not set then the value of the AWS_ACCESS_KEY environment variable is used.
|
|
required: false
|
|
default: None
|
|
aliases: ['ec2_access_key', 'access_key' ]
|
|
ec2_url:
|
|
description:
|
|
- Url to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Must be specified if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used
|
|
required: false
|
|
default: null
|
|
aliases: []
|
|
instance:
|
|
description:
|
|
- instance ID if you wish to attach the volume.
|
|
required: false
|
|
default: null
|
|
aliases: []
|
|
volume_size:
|
|
description:
|
|
- size of volume (in GB) to create.
|
|
required: true
|
|
default: null
|
|
aliases: []
|
|
iops:
|
|
description:
|
|
- the provisioned IOPs you want to associate with this volume (integer).
|
|
required: false
|
|
default: 100
|
|
aliases: []
|
|
version_added: "1.3"
|
|
device_name:
|
|
description:
|
|
- device id to override device mapping. Assumes /dev/sdf for Linux/UNIX and /dev/xvdf for Windows.
|
|
required: false
|
|
default: null
|
|
aliases: []
|
|
region:
|
|
description:
|
|
- The AWS region to use. If not specified then the value of the EC2_REGION environment variable, if any, is used.
|
|
required: false
|
|
default: null
|
|
aliases: ['aws_region', 'ec2_region']
|
|
zone:
|
|
description:
|
|
- zone in which to create the volume, if unset uses the zone the instance is in (if set)
|
|
required: false
|
|
default: null
|
|
aliases: ['aws_zone', 'ec2_zone']
|
|
snapshot:
|
|
description:
|
|
- snapshot ID on which to base the volume
|
|
required: false
|
|
default: null
|
|
validate_certs:
|
|
description:
|
|
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
|
|
required: false
|
|
default: "yes"
|
|
choices: ["yes", "no"]
|
|
aliases: []
|
|
version_added: "1.5"
|
|
profile:
|
|
description:
|
|
- uses a boto profile. Only works with boto >= 2.24.0
|
|
required: false
|
|
default: null
|
|
aliases: []
|
|
version_added: "1.5"
|
|
security_token:
|
|
description:
|
|
- security token to authenticate against AWS
|
|
required: false
|
|
default: null
|
|
aliases: []
|
|
version_added: "1.5"
|
|
|
|
requirements: [ "boto" ]
|
|
author: Lester Wade
|
|
'''
|
|
|
|
EXAMPLES = '''
|
|
# Simple attachment action
|
|
- local_action:
|
|
module: ec2_vol
|
|
instance: XXXXXX
|
|
volume_size: 5
|
|
device_name: sdd
|
|
|
|
# Example using custom iops params
|
|
- local_action:
|
|
module: ec2_vol
|
|
instance: XXXXXX
|
|
volume_size: 5
|
|
iops: 200
|
|
device_name: sdd
|
|
|
|
# Example using snapshot id
|
|
- local_action:
|
|
module: ec2_vol
|
|
instance: XXXXXX
|
|
snapshot: "{{ snapshot }}"
|
|
|
|
# Playbook example combined with instance launch
|
|
- local_action:
|
|
module: ec2
|
|
keypair: "{{ keypair }}"
|
|
image: "{{ image }}"
|
|
wait: yes
|
|
count: 3
|
|
register: ec2
|
|
- local_action:
|
|
module: ec2_vol
|
|
instance: "{{ item.id }} "
|
|
volume_size: 5
|
|
with_items: ec2.instances
|
|
register: ec2_vol
|
|
'''
|
|
|
|
# Note: this module needs to be made idempotent. Possible solution is to use resource tags with the volumes.
|
|
# if state=present and it doesn't exist, create, tag and attach.
|
|
# Check for state by looking for volume attachment with tag (and against block device mapping?).
|
|
# Would personally like to revisit this in May when Eucalyptus also has tagging support (3.3).
|
|
|
|
import sys
|
|
import time
|
|
|
|
try:
|
|
import boto.ec2
|
|
except ImportError:
|
|
print "failed=True msg='boto required for this module'"
|
|
sys.exit(1)
|
|
|
|
def main():
|
|
argument_spec = ec2_argument_spec()
|
|
argument_spec.update(dict(
|
|
instance = dict(),
|
|
volume_size = dict(required=True),
|
|
iops = dict(),
|
|
device_name = dict(),
|
|
zone = dict(aliases=['availability_zone', 'aws_zone', 'ec2_zone']),
|
|
snapshot = dict(),
|
|
)
|
|
)
|
|
module = AnsibleModule(argument_spec=argument_spec)
|
|
|
|
instance = module.params.get('instance')
|
|
volume_size = module.params.get('volume_size')
|
|
iops = module.params.get('iops')
|
|
device_name = module.params.get('device_name')
|
|
zone = module.params.get('zone')
|
|
snapshot = module.params.get('snapshot')
|
|
|
|
ec2 = ec2_connect(module)
|
|
|
|
# Here we need to get the zone info for the instance. This covers situation where
|
|
# instance is specified but zone isn't.
|
|
# Useful for playbooks chaining instance launch with volume create + attach and where the
|
|
# zone doesn't matter to the user.
|
|
|
|
if instance:
|
|
reservation = ec2.get_all_instances(instance_ids=instance)
|
|
inst = reservation[0].instances[0]
|
|
zone = inst.placement
|
|
|
|
# Check if there is a volume already mounted there.
|
|
if device_name:
|
|
if device_name in inst.block_device_mapping:
|
|
module.exit_json(msg="Volume mapping for %s already exists on instance %s" % (device_name, instance),
|
|
volume_id=inst.block_device_mapping[device_name].volume_id,
|
|
device=device_name,
|
|
changed=False)
|
|
|
|
# If custom iops is defined we use volume_type "io1" rather than the default of "standard"
|
|
|
|
if iops:
|
|
volume_type = 'io1'
|
|
else:
|
|
volume_type = 'standard'
|
|
|
|
# If no instance supplied, try volume creation based on module parameters.
|
|
|
|
try:
|
|
volume = ec2.create_volume(volume_size, zone, snapshot, volume_type, iops)
|
|
while volume.status != 'available':
|
|
time.sleep(3)
|
|
volume.update()
|
|
except boto.exception.BotoServerError, e:
|
|
module.fail_json(msg = "%s: %s" % (e.error_code, e.error_message))
|
|
|
|
# Attach the created volume.
|
|
|
|
if device_name and instance:
|
|
try:
|
|
attach = volume.attach(inst.id, device_name)
|
|
while volume.attachment_state() != 'attached':
|
|
time.sleep(3)
|
|
volume.update()
|
|
except boto.exception.BotoServerError, e:
|
|
module.fail_json(msg = "%s: %s" % (e.error_code, e.error_message))
|
|
|
|
# If device_name isn't set, make a choice based on best practices here:
|
|
# http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html
|
|
|
|
# In future this needs to be more dynamic but combining block device mapping best practices
|
|
# (bounds for devices, as above) with instance.block_device_mapping data would be tricky. For me ;)
|
|
|
|
# Use password data attribute to tell whether the instance is Windows or Linux
|
|
|
|
if device_name is None and instance:
|
|
try:
|
|
if not ec2.get_password_data(inst.id):
|
|
device_name = '/dev/sdf'
|
|
attach = volume.attach(inst.id, device_name)
|
|
while volume.attachment_state() != 'attached':
|
|
time.sleep(3)
|
|
volume.update()
|
|
else:
|
|
device_name = '/dev/xvdf'
|
|
attach = volume.attach(inst.id, device_name)
|
|
while volume.attachment_state() != 'attached':
|
|
time.sleep(3)
|
|
volume.update()
|
|
except boto.exception.BotoServerError, e:
|
|
module.fail_json(msg = "%s: %s" % (e.error_code, e.error_message))
|
|
|
|
print json.dumps({
|
|
"volume_id": volume.id,
|
|
"device": device_name
|
|
})
|
|
sys.exit(0)
|
|
|
|
# import module snippets
|
|
from ansible.module_utils.basic import *
|
|
from ansible.module_utils.ec2 import *
|
|
|
|
main()
|