[英]Ansible amazon.aws.ec2 module cannot reference group when creating new instance
I have the below playbook.我有以下剧本。 It correctly creates a security group in step.
它一步一步正确地创建了一个安全组。 I can check via the AWS console that this really happens and the security group looks exactly as expected and has the ID sg-0dcf7ca7899835648.
我可以通过 AWS 控制台检查这确实发生了,安全组看起来完全符合预期,并且 ID 为 sg-0dcf7ca7899835648。
But in step 2 I get the below error message which essentially states that the just created security group does not exist: "The security group 'sg-0dcf7ca7899835648' does not exist."但在第 2 步中,我收到以下错误消息,基本上表明刚刚创建的安全组不存在:“安全组 'sg-0dcf7ca7899835648' 不存在。”
The same happens when I manually create SGs or manually insert the ID.当我手动创建 SG 或手动插入 ID 时,也会发生同样的情况。 The same happens with the group name.
组名也是如此。
How can I use the just created security group when launching a new EC2 instance?启动新的 EC2 实例时如何使用刚刚创建的安全组?
The playbook:剧本:
---
- name: Create AWS EC2 instances and start them
hosts: localhost
gather_facts: false
vars:
instances_count: 1
tasks:
- name: Setup test security group
amazon.aws.ec2_group:
name: sg_conzone_test_01
description: "ConZone security group with access to several local ports. DONT USE FOR PRODUCTION!!!"
vpc_id: vpc-6a3ebe00
region: eu-central-1
profile: conzone_root
rules:
- proto: tcp
from_port: 3000
to_port: 3000
cidr_ip: 0.0.0.0/0
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
- proto: tcp
from_port: 8000
to_port: 8000
- proto: tcp
from_port: 8983
to_port: 8983
register: security_group
- name: Create AWS EC2 instance
amazon.aws.ec2:
profile: conzone_root
region: eu-central-1
key_name: ConZone-Testserver-Key01
instance_type: t2.large
image: ami-05f7491af5eef733a
wait: yes
group_id: "{{ security_group.group_id }}"
count: "{{ instances_count }}"
# vpc_subnet_id: vpc-6a3ebe00
assign_public_ip: yes
instance_tags:
Environment: test
os: ubuntu
ansible_user: ubuntu
db: postgres
solr: yes
register: ec2
The error message:错误信息:
TASK [Create AWS EC2 instance] *************************************************************************************
task path: /Users/tkx/devel/conzone/conzone-config/playbooks/create_ec2.yml:32
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: <Response><Errors><Error><Code>InvalidGroup.NotFound</Code><Message>The security group 'sg-0dcf7ca7899835648' does not exist</Message></Error></Errors><RequestID>8241e3ea-5a59-4383-a5ac-f3a568f91960</RequestID></Response>
fatal: [localhost]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"<stdin>\", line 100, in <module>\n File \"<stdin>\", line 92, in _ansiballz_main\n File \"<stdin>\", line 40, in invoke_module\n File \"/usr/local/Caskroom/miniconda/base/lib/python3.9/runpy.py\", line 210, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File \"/usr/local/Caskroom/miniconda/base/lib/python3.9/runpy.py\", line 97, in _run_module_code\n _run_code(code, mod_globals, init_globals,\n File \"/usr/local/Caskroom/miniconda/base/lib/python3.9/runpy.py\", line 87, in _run_code\n exec(code, run_globals)\n File \"/var/folders/2w/g4gydjx960qbfxyvmbd3_sl00000gn/T/ansible_amazon.aws.ec2_payload_lpsz83a1/ansible_amazon.aws.ec2_payload.zip/ansible_collections/amazon/aws/plugins/modules/ec2.py\", line 1740, in <module>\n File \"/var/folders/2w/g4gydjx960qbfxyvmbd3_sl00000gn/T/ansible_amazon.aws.ec2_payload_lpsz83a1/ansible_amazon.aws.ec2_payload.zip/ansible_collections/amazon/aws/plugins/modules/ec2.py\", line 1724, in main\n File \"/var/folders/2w/g4gydjx960qbfxyvmbd3_sl00000gn/T/ansible_amazon.aws.ec2_payload_lpsz83a1/ansible_amazon.aws.ec2_payload.zip/ansible_collections/amazon/aws/plugins/modules/ec2.py\", line 1042, in create_instances\n File \"/usr/local/Caskroom/miniconda/base/lib/python3.9/site-packages/boto/ec2/connection.py\", line 2983, in get_all_security_groups\n return self.get_list('DescribeSecurityGroups', params,\n File \"/usr/local/Caskroom/miniconda/base/lib/python3.9/site-packages/boto/connection.py\", line 1186, in get_list\n raise self.ResponseError(response.status, response.reason, body)\nboto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Response><Errors><Error><Code>InvalidGroup.NotFound</Code><Message>The security group 'sg-0dcf7ca7899835648' does not exist</Message></Error></Errors><RequestID>8241e3ea-5a59-4383-a5ac-f3a568f91960</RequestID></Response>\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
It's because (as your commented code indicates) one needs to specify vpc_subnet_id:
otherwise AWS will use the "default" VPC which is evidently not the vpc-6a3ebe00
in which you created the SG这是因为(如您的注释代码所示)需要指定
vpc_subnet_id:
否则 AWS 将使用“默认”VPC ,这显然不是您在其中创建 SG 的vpc-6a3ebe00
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.