GithubHelp home page GithubHelp logo

alibaba.alicloud's Introduction

Alibaba Cloud Collection

The Ansible Alibaba Cloud collection includes a variety of Ansible content to help automate the management of Alibaba Cloud instances. This collection is maintained by the Alibaba Cloud team.

Python version compatibility

This collection requires Python 3.6 or greater.

Installing this collection

You can install the Alibaba Cloud collection with the Ansible Galaxy CLI:

  1. create a requirements.txt file with the following:
    collections:
      - name: https://github.com/alibaba/alibaba.alicloud.git
        type: git
        branch: master
  2. running the commond to install alibaba.alicloud using requirements.txt file:
    ansible-galaxy collection install -r requirements.txt

Using this collection

You can either call modules by their Fully Qualified Collection Namespace (FQCN), such as alibaba.alicloud.ali_vpc, or you can call modules by their short name if you list the alibaba.alicloud collection in the playbook's collections keyword:

---
- name: Using module alibaba.alicloud.ali_vpc
  hosts: localhost
  remote_user: root

  vars:
    name: "ansible-testacc-ali_vpc-module"
    vpc_cidr: "172.16.0.0/12"
    vpc_description: "Create a new VPC resource via Ansible example alicloud-ecs-vpc."

  roles:
    - vpc

  tasks:
    - name: Create a new vpc with user_cidrs
      alibaba.alicloud.ali_vpc:
        cidr_block: '{{ vpc_cidr }}'
        vpc_name: '{{ name }}-user_cidrs'
        description: '{{ vpc_description }}'
        user_cidrs:
          - 172.16.100.0/24
          - 172.16.101.0/24

plugins/modules

There are several files in the module directory, and these files describe some function that can operate alicloud products.

  • ali_instance.py: Create, Start, Stop, Restart or Terminate an Instance in ECS. Add or Remove Instance to/from a Security Group
  • ali_disk.py: Create, Attach, Detach or Delete a disk in ECS
  • ali_security_group.py: Create or Delete a Security Group
  • ali_vpc.py: Create or Delete a Vpc.
  • ali_vswitch.py: Create or Delete a VSwitch.
  • ali_route_entry.py: Create or Delete a route entry.
  • ali_slb_lb.py: Create or Delete a Load balancer.
  • ali_slb_listener.py: Create or Delete a listener for one Load balancer.
  • ali_slb_server.py: Add or Remove backend server to/from Load balancer.
  • ali_ess_group.py: Create or Delete a scaling group.
  • ali_ess_configuration.py: Create or Delete a scaling configuration.
  • ali_ess_instance.py: Add or Remove ECS instnaces in a specified scaling group.
  • ali_ess_task.py: Create or Delete a scheduled task for scaling activity.
  • ali_ess_rule.py: Create or Delete a scaling rule.
  • ali_eni.py: Create or Delete a network interface.
  • ali_bucket.py: Create or Delete an OSS bucket.
  • ali_bucket_object.py: Upload or Download an object to/from an OSS bucket.

lib/ansible/module_utils

In the module utils directory, the file alicloud_ecs.py identifies and gains playbook params, and provides this params to modules/*.py. In addition, this file implements connection between ansible and Alicloud API via footmark.

examples

There are some playbooks to create some alicloud resource or build infrastructure architecture.

Execute playbook

  • Input your alicloud access key in the playbook or set environment variable:ALICLOUD_ACCESS_KEY and ALICLOUD_SECRET_KEY).

  • Input others resource params in the playbook.

  • execute ansible-playbook command as follows:

    $ ansible-playbook xxx.yml
    

Refrence

Ansible Document: https://docs.ansible.com/ansible/latest/

Ansible Alicloud: Docs Details

alibaba.alicloud's People

Contributors

atodorov avatar baichenxu3 avatar demonwy avatar itssajan avatar kang735830805 avatar liuyangc3 avatar lixue323 avatar q383656225 avatar savasw avatar schrht avatar shrutikamendhe avatar shuwei-yin avatar wibud avatar xiaozhu36 avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

alibaba.alicloud's Issues

Inventory 文件tag_name 会创建出=, ansible 无法识别。

在 inventory file里面 : https://github.com/alibaba/ansible-provider/blob/master/contrib/inventory/alicloud.py#L394

key += "=" + v 这个会创建出下面的 key ,里面有=号, 而EC2 有一个 叫 to_safe 的 function
https://github.com/ansible/ansible/blob/devel/contrib/inventory/ec2.py#L1689 会把 这些 符号给 标准化, 我们也应该这样, 不然 ansible 没有办法识别,这是个很严重的bug,这样的话,最基本的 找ecs instance 都找不出来,就完全没办法用 ansible dynamic inventory 去部署。 请fix. @xiaozhu36

"tag_Name=4datom_dev": {
    "children": [
      "106.15.94.227"
    ]
}

Ansible Dynamics 查询超时 版本使用的是1.10.0

#168 (comment)

$ ./alicloud.py --refresh-cache

No handlers could be found for logger "footmark"
Traceback (most recent call last):
  File "./alicloud.py", line 523, in <module>
    EcsInventory()
  File "./alicloud.py", line 95, in __init__
    self.do_api_calls_update_cache()
  File "./alicloud.py", line 266, in do_api_calls_update_cache
    self.get_instances_by_region(region)
  File "./alicloud.py", line 279, in get_instances_by_region
    insts = conn.describe_instances(**self.ecs_instance_filters)
  File "/usr/lib/python2.7/site-packages/footmark/ecs/connection.py", line 290, in describe_instances
    return self.get_list_new(self.build_request_params(self.format_request_kwargs(**kwargs)), ['Instances', Instance])
  File "/usr/lib/python2.7/site-packages/footmark/connection.py", line 410, in get_list_new
    raise e
aliyunsdkcore.acs_exception.exceptions.ClientException: SDK.ServerUnreachable Unable to connect server: timed out

挂在数据盘的问题

如果在创建实例的时候挂在数据盘?
如果不能同步操作, 比如 先创建实例,再创建数据盘,再执行挂载会失败,因为 实例的状态是启动中,根本没办法执行挂载。

cannot create security group

using the following code, I cannot succesfully create a new security group. It simply returns an existing group with a different name in that region.

# basic provisioning example vpc network
- name: basic aliyun
  hosts: localhost
  connection: local
  vars:
    aliyun_access_key: xxxxxxxxx
    aliyun_secret_key: xxxxxxxxx
    aliyun_region: cn-hongkong
    aliyun_security_group: hello
    aliyun_ssh_key: aliyun_xps
    nginx_port: 80

  tasks:
    - name: create and authorize security grp
      alicloud_security_group:
        alicloud_access_key: '{{ aliyun_access_key }}'
        alicloud_secret_key: '{{ aliyun_secret_key }}'
        group_name: 'abc5612'
        description: 'an example ECS group'
        alicloud_region: '{{ aliyun_region }}'
        rules:
          - ip_protocol: tcp
            port_range: 1/122
            source_cidr_ip: '0.0.0.0/0'
      register: test_security_group

    - debug: var=test_security_group

this returns:

ok: [localhost] => {
    "test_security_group": {
        "changed": true,
        "failed": false,
        "group": {
            "description": "System created security group.", <---- note this is the wrong group description
            "id": "sg-j6ch0l2i5hzrvkj9476t",
            "name": "Manual-Streisand", <--- note this the wrong group name
            "region_id": "cn-hongkong",
            "rules": [
                { . . . 

nested_group 这个选项完全不 work

举个例子吧 https://github.com/alibaba/ansible-provider/blob/master/contrib/inventory/alicloud.py#L396

self.push_group(self.inventory, key, hostname)
if self.nested_groups:
  self.push_group(self.inventory, 'tags', "tag_" + k)
  if v:
    self.push_group(self.inventory, "tag_" + k, key)

第一个 push_group, 不应该是 push_group,而应该是 push,不然的话,及时nested_group 被set成False,也会依然是 被当成True 一样的对待。

这只是一个例子而已,整个file,基本所有的地方 都有同样的问题。这个文件 我觉得 问题非常大, 需要仔细test,忽略了很多 ec2 inventory 文件对细节的处理。 @xiaozhu36 谢谢。

Add the drive encryption option

Hi,

I'm using ansible alicloud modules to handle my cloud resource in aliyun recently, but I found there are several problems in module ali_disk:
if I specify the Encrypted and KMSKeyId in the module, but this options not work.
I remember that alicould SDK actually support it.

Best regards.

ERROR while installing ansible-alicloud

I create a new virtualenv with python2 interpreter.
I activate the virtualenv.
I pip install ansible-alicloud
This is the error I get...

ERROR: aliyun-python-sdk-ess 2.3.0 has requirement aliyun-python-sdk-core>=2.11.5, but you'll have aliyun-python-sdk-core 2.9.5 which is incompatible.
ERROR: aliyun-python-sdk-kms 2.7.1 has requirement aliyun-python-sdk-core>=2.11.5, but you'll have aliyun-python-sdk-core 2.9.5 which is incompatible.
ERROR: aliyun-python-sdk-rds 2.3.9 has requirement aliyun-python-sdk-core>=2.11.5, but you'll have aliyun-python-sdk-core 2.9.5 which is incompatible.

It looks like this error is coming from footmark library dependencies. This is from the pip install command...

Collecting aliyun-python-sdk-ecs<4.11.1,>=4.11.0 (from footmark>=1.12.0->ansible-alicloud)
Collecting oss2>=2.3.3 (from footmark>=1.12.0->ansible-alicloud)
Collecting aliyun-python-sdk-vpc<3.0.3,>=3.0.2 (from footmark>=1.12.0->ansible-alicloud)
Collecting aliyun-python-sdk-core<2.9.6,>=2.9.5 (from footmark>=1.12.0->ansible-alicloud)
Collecting aliyun-python-sdk-ess>=2.1.3 (from footmark>=1.12.0->ansible-alicloud)
Collecting aliyun-python-sdk-rds>=2.1.0 (from footmark>=1.12.0->ansible-alicloud)
Collecting aliyun-python-sdk-slb<3.2.8,>=2.0.21 (from footmark>=1.12.0->ansible-alicloud)

Feature request: Add support for alidns module

Please provide a module for aliyun alidns commands, such as DeleteSubDomainRecords, DescribeDomainRecords, etc.

For example:

- name: alidns module format example
  ali_dns:
    alicloud_access_key: "{{alicloud_access_key}}"
    alicloud_secret_key: "{{alicloud_secret_key}}"
    region: "cn-hangzhou"
    domain_name: "{{ domain_name }}"
    state: present # or absent for deleting
    rr:
      - "first.example"
      - "second.example"
      - "third.example"
  register: describe_domain_records

Not able to add backend server to existing SLB

Description:

We are trying to add the new ECS instance to the existing SLB with Ansible.

  1. The same playbook for the Hong Kong region is working as well.
  2. The same playbook for the Tokyo region is not working.
  3. As per documentation the environment variables are not respecting by ali_slb_server module:

https://www.diewufeiyang.com/ansible/en/modules/ali_slb_server_module.html

ALICLOUD_REGION or ALICLOUD_REGION_ID can be typically be used to specify the ALICLOUD region, when required, but this can also be configured in the footmark config file

The issue:

The specified LoadBalancerId does not exist.

The output:

raise exception\naliyunsdkcore.acs_exception.exceptions.ServerException: HTTP Status: 404 Error:InvalidLoadBalancerId.NotFound The specified LoadBalancerId does not exist. RequestID: FF49FF87-09FA-41EE-8444-154C53E6E619\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1

The code:

playbooks/slb_update.yml

- name: Add ECS instances to SLB
  hosts: localhost
  vars:
    alicloud_access_key: '{{ ALICLOUD_ACCESS_KEY }}'
    alicloud_secret_key: '{{ ALICLOUD_SECRET_KEY }}'
    alicloud_region: 'ap-northeast-1'
  tasks:
    - name: SLB update
      ali_slb_server:
        alicloud_access_key: '{{ alicloud_access_key }}'
        alicloud_secret_key: '{{ alicloud_secret_key }}'
        load_balancer_id: lb-foo
        backend_servers:
          - server_id: i-bar
            weight: 100

Similar issue:
#143

The solution:

I found the issue in the Python script:
https://github.com/alibaba/alibaba.alicloud/blob/aa6b0eaab7150abe294bca4e29e9239f0c843831/lib/ansible/modules/cloud/alicloud/ali_slb_server.py

    # handling region parameter which is required by common utils file to login but not required by this module
    module.params['alicloud_region'] = 'cn-hangzhou

The HK region is hardcoded.

Suggestion:

The region should be specified by the user and the HK should be used by default.

{"changed": false, "msg": "Unsupported parameters for (ali_slb_server) module: alicloud_region Supported parameters include: 

alicloud_access_key, alicloud_assume_role, alicloud_assume_role_arn, alicloud_assume_role_session_expiration, alicloud_assume_role_session_name, alicloud_secret_key, alicloud_security_token, backend_servers, ecs_role_name, load_balancer_id, profile, shared_credentials_file, state"}

alicloud_region should be possible to define in ali_slb_server section in Ansible playbook
or
the region environment should be respected.

Temporary solution:

Please go to the Ansible modules directory.

ansible-playbook --version
ansible-playbook 2.9.13
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.6/site-packages/ansible
  executable location = /usr/local/bin/ansible-playbook

cd /usr/local/lib/python3.6/site-packages/ansible/modules/cloud/alicloud

find the ali_slb_server.py file and go to the 386 line to change the region variable.

Regions IDs:
https://www.alibabacloud.com/help/doc-detail/40654.ht

Ansible Dynamics Inventory 查询超时 timeout

有关 ansible provider for Alibaba Cloud. Tokopedia看了以下两篇文章后,

https://yq.aliyun.com/articles/173622 

https://www.alibabacloud.com/blog/managing-ecs-instances-with-ansible-dynamic-inventory_594718

也用了Ansible provider来DevOps我们的ECS实例, 通过tag作为过滤条件,开始在雅加达数据中心,那边只有50多台ECS,脚本跑的很顺利。但是我们尝试了同样的脚本在新加坡数据中心后,4000+ ECS实例,就发生了time out,每次都是timeout。

Traceback (most recent call last):
  File "./alicloud.py", line 523, in
    EcsInventory()
  File "./alicloud.py", line 95, in init
    self.do_api_calls_update_cache()
  File "./alicloud.py", line 266, in do_api_calls_update_cache
    self.get_instances_by_region(region)
  File "./alicloud.py", line 279, in get_instances_by_region
    insts = conn.describe_instances(**self.ecs_instance_filters)
  File "/home/william/new-ansible/venv/local/lib/python2.7/site-packages/footmark/ecs/connection.py", line 291, in describe_instances
    for inst in self.get_list_new(self.build_request_params(self.format_request_kwargs(**kwargs)), ['Instances', Instance]):
  File "/home/william/new-ansible/venv/local/lib/python2.7/site-packages/footmark/connection.py", line 410, in get_list_new
    raise e
aliyunsdkcore.acs_exception.exceptions.ClientException: SDK.ServerUnreachable Unable to connect server: timed out

bug: cannot create ecs instance

Create new instances got an error: 'NoneType' object has no attribute 'group'

related code:
lib/ansible/modules/cloud/alicloud/ali_instance.py

  try:
                    if re.search("-\[\d+,\d+\]-", host_name).group():
                        module.fail_json(msg='Ordered hostname is not supported, If you want to add an ordered suffix to the hostname, you can set unique_suffix to True')
                    new_instances = run_instance(module, ecs, count - len(instances))
                    if new_instances:
                        changed = True
                        instances.extend(new_instances)
                except Exception as e:
                    module.fail_json(msg="Create new instances got an error: {0}".format(e))

python 3.6 安装报错

Collecting importlib
Downloading https://mirrors.aliyun.com/pypi/packages/31/77/3781f65cafe55480b56914def99022a5d2965a4bb269655c89ef2f1de3cd/importlib-1.0.4.zip (7.1 kB)
ERROR: Command errored out with exit status 1:
command: /usr/local/bin/python -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-li_iqyxa/importlib/setup.py'"'"'; file='"'"'/tmp/pip-install-li_iqyxa/importlib/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(file);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' egg_info --egg-base /tmp/pip-pip-egg-info-op221lle
cwd: /tmp/pip-install-li_iqyxa/importlib/
Complete output (11 lines):
Traceback (most recent call last):
File "", line 1, in
File "/usr/local/lib/python3.6/site-packages/setuptools/init.py", line 6, in
import distutils.core
File "/usr/local/lib/python3.6/distutils/core.py", line 16, in
from distutils.dist import Distribution
File "/usr/local/lib/python3.6/distutils/dist.py", line 19, in
from distutils.util import check_environ, strtobool, rfc822_escape
File "/usr/local/lib/python3.6/distutils/util.py", line 9, in
import importlib.util
ModuleNotFoundError: No module named 'importlib.util'
----------------------------------------
ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.

importlib从Python 3.1开始被导入到python内置函数中

unable to create prepaid instance

When i tried to create the instance using prepaid type it shows the following error

"msg": "Unable to create instance, error: HTTP Status: 404 Error:InvalidInstanceChargeType.NotFound The InstanceChargeType does not exist in our records RequestID: 8A58B146-95A2-4180-BF73-53C9E930C933"

But if i change the instance type to postpaid, the instance is created.

attribute descriptions is required in ali_eni.py

Could you please check the module named: ali_eni.py
It seems that the attribute description is required when I wanted to create a new elastic IP and bind to some instance.

tasks:
- name: Find specific instances in the specified region
ali_eni:
alicloud_access_key: '{{ ansible_env.ALICLOUD_ACCESS_KEY }}'
alicloud_secret_key: '{{ ansible_env.ALICLOUD_SECRET_KEY }}'
alicloud_region: cn-shanghai
instance_id:xxxxxxxxx
vswitch_id: '{{ vswitch_id }}'
description: elastic NIC
security_groups: '{{ security_groups }}'
state: present
attached: True
register: eni
- debug: var=eni

Otherwise, the task will occur the wrong message:
fatal: [localhost]: FAILED! => {
"msg": "Object NetworkInterface:eni-uf6bvn3cjkeqgjfv6d6e does not have attribute description"

BR
BrunoJu.

SDK Timeout while creating instance

Hi,

I am using this modules to create a couple of instances and have a problem when creating an instance. The playbook stops with error:

TASK [ecs_instance : Creating an ECS instance] ********************************************************************************************************************************************************************************************** fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "Unable to create instance, error: SDK.ServerUnreachable Unable to connect server: timed out"}

The instance is in ECS Management though. When I run the playbook again the task is skipped and disks are created without any problems. As I want to deploy 12 instances I have to call the playbook 13 times until everything is up and running.

cant deploy instance to ap-southeast-5 region

TASK [ecs_instance : Creating an ECS instance] **************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Unable to create instance, error: HTTP Status: 403 Error:InvalidResourceType.NotSupported This resource type is not supported; please try other resource types. RequestID: 54F62C31-6B70-47CB-83A2-2D912E26C20B"}

delete instance has error in ansible alicloud

Hi,

I met a problem when I use ali_instance to delete an instance in aliyun, it can delete the specified instance actually, but normally report the error in the ansible execution like:

13:49:02 TASK [aliyun : delete build-analytic from aliyun] ******************************
13:49:02 fatal: [aliyun-host]: FAILED! => {"changed": false, "msg": "Delete instance got an error: the JSON object must be str, not 'bytes'"}

it really impact my ansible execution process, please help to check if there is problem.

My ansible version is 2.9.2, and version for alicloud SDK and its ansible mouldes as below:

aliyun-python-sdk-alidns (2.6.18)
aliyun-python-sdk-core (2.13.25)
aliyun-python-sdk-core-v3 (2.13.11)
aliyun-python-sdk-ecs (4.19.10)
aliyun-python-sdk-ess (2.3.2)
aliyun-python-sdk-kms (2.11.0)
aliyun-python-sdk-market (2.0.24)
aliyun-python-sdk-oos (1.2.0)
aliyun-python-sdk-ram (3.2.0)
aliyun-python-sdk-rds (2.5.1)
aliyun-python-sdk-ros (3.2.0)
aliyun-python-sdk-slb (3.2.18)
aliyun-python-sdk-sts (3.0.2)
aliyun-python-sdk-vpc (3.0.10)
ansible-alicloud (1.19.0)
ansible-alicloud-module-utils (1.5.0)

best regards.

ansible文档怎么找不到aliyun的module了

readme中的ansible文档跳转都失效了?这是为什么?关于ansible_alicloud模块在ansible官方的文档已经找不到了。是不打算维护并更新了吗?如果会继续维护,我该在哪看详细的文档。

Multiple security groups are not created

I want to create multiple security groups, however, the script results in 1 security group and all the security rules are bundled into it. The task code is:
- name: Creating security group for all instances
alicloud_security_group:
alicloud_region: '{{ alicloud_region }}'
state: 'present'
name: '{{ group_name }}'
description: '{{ group_description }}'
vpc_id: '{{ vpc_id }}'
rules: '{{ group_inboundRules }}'
rules_egress: '{{ group_outboundRules }}'
register: group_details

    - name: Print security group details
       debug:
           msg: "{{ group_details}}"

    - name: Creating security group for Jenkins
       alicloud_security_group:
         alicloud_region: '{{ alicloud_region }}'
         state: 'present'
         name: '{{ jenkins_group_name }}'
         description: '{{ jenkins_group_description }}'
         vpc_id: '{{ vpc_id }}'
         rules: '{{ jenkins_group_inboundRules }}'
         rules_egress: '{{ jenkins_group_outboundRules }}'
      register: jenkins_group_details

   - name: Print security group details Jenkins
      debug:
         msg: "{{ jenkins_group_details }}"

The variables used are as follows:

    # create security group for all instances parameters
       group_name: "SSH"
       group_description: "Allow SSH,HTTP,HTTPS and ALLTCP access"
       group_inboundRules:
           - proto: tcp
              port_range: 22/22
              cidr_ip: 192.123.0.0/16
              priority: 1
           - proto: tcp
              port_range: 80/80
              cidr_ip: 0.0.0.0/0
              priority: 1
           - proto: tcp
              port_range: 443/443
              cidr_ip: 0.0.0.0/0
              priority: 1
           - proto: tcp
              port_range: 1/65535
              cidr_ip: "{{ vpc_cidr }}"
               priority: 1
               nic_type: intranet  
       group_outboundRules:
            - proto: tcp
               port_range: 1/65535
               cidr_ip: 0.0.0.0/0
               priority: 1


# create security group for Jenkins only parameters
jenkins_group_name: "Jenkins"
jenkins_group_description: "Allow restricted HTTP, HTTPS and SSH access"
jenkins_group_inboundRules:
   - proto: tcp
      port_range: 80/80
      cidr_ip: 192.123.1.1/32
      priority: 1
  - proto: tcp
     port_range: 443/443
     cidr_ip: 192.123.12.5/32
     priority: 1 
  - proto: tcp
     port_range: 22/22
     cidr_ip: 192.123.0.0/16
     priority: 1   
  - proto: tcp
     port_range: 1/65535
     cidr_ip: "{{ vpc_cidr }}"
     priority: 1
     nic_type: intranet
jenkins_group_outboundRules:
  - proto: tcp
     port_range: 1/65535
     cidr_ip: 0.0.0.0/0
     priority: 1

However, when I run the same tasks and change the state to absent for both of them, the first one will remove the security group and the second one throws the following error:

    "msg": "Please specify a security group by using 'group_id' or 'group_name' and 'vpc_id', and 
     expected group ids: []"

Can't provision RDS

TASK [rds : Creating RDS instance resource] ***************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Unsupported parameters for (ali_rds_instance) module: instance_class Supported parameters include: alicloud_access_key, alicloud_region, alicloud_secret_key, alicloud_security_token, alicloud_zone, auto_renew, auto_renew_period, connection_mode, current_connection_string, description, dest_connection_string_prefix, dest_port, engine, engine_version, instance_charge_type, instance_id, instance_net_type, instance_storage, instance_type, page_number, page_size, period, private_connection_string_prefix, private_ip_address, private_port, public_connection_string_prefix, public_port, security_ips, state, tags, vpc_id, vswitch_id"}

文档地址打不开

47.95.33.19:8080/ansible_alicloud/latest/list_of_all_modules.html 这个地址打不开

IP 地址,点被转变成下划线,导致Could not resolve hostname

在 alicloud.ini里, 我comment掉了:
# hostname_variable = instance_id

然后 我想部署:
ansible-playbook -i /etc/ansible/alicloud.py --private-key=/path/to/test.pem xxxx.yml
得到了报错:

TASK [Gathering Facts] *******************************************************************************************************************************************
fatal: [39_97_123_56]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname 39_97_123_56: nodename nor servname provided, or not known\r\n", "unreachable": true}
	to retry, use: --limit @/xxxx/xxxxx/xxxxx/ansible/xxxxx.retry

PLAY RECAP *******************************************************************************************************************************************************
39_97_123_56               : ok=0    changed=0    unreachable=1    failed=0 

然后 我自己把alicloud.py 里的 to_safe function, hadrcode了一下 强行返回 39.97.123.56 之后,就work了,得到:

TASK [Gathering Facts] *******************************************************************************************************************************************
ok: [39.97.123.56]

TASK [system_setup : Create xxxx directory structure.] ********************************************************************************************************
changed: [39.97.123.56] => (item={u'd': u'/srv/xxxx'})
changed: [39.97.123.56] => (item={u'd': u'/srv/xxxx/private'})
changed: [39.97.123.56] => (item={u'd': u'/srv/xxxx/private/xxxx'})
....

如果我用 AWS,ec2.py 作为 inventory file的话:你会发现, ip地址是 没有变成下划线的。
./ec2.py --list

 "key_TagName_XXXX": [
    "34.216.206.68"
  ], 

但是 alicloud.py 会 返回

 "key_TagName_XXXX": [
    "34_216_206_68"
  ], 

这样 ansible 就没有办法用了。我debug了下
主要原因在这:
https://github.com/alibaba/ansible-provider/blob/master/contrib/inventory/alicloud.py#L327
这一行, 不应该无脑 都转换成下划线。

请问有什么办法 可以fix这个。Please fix.

Can't add backend server to existing Load Balancer

Been trying to add an ECS instance to an existing LB
Using this task:

- name: set backend server
      ali_slb_server:
        alicloud_access_key: '{{ alicloud_access_key }}'
        alicloud_secret_key: '{{ alicloud_secret_key }}'
        load_balancer_id: '{{ load_balancer_id }}'
        backend_servers:
          - server_id: '{{ instance_id }}'
            weight: 100

All i get is this huge error

fatal: [localhost]: FAILED! => {"changed": false, "module_stderr": "No handlers could be found for logger \"footmark\"\nTraceback (most recent call last):\n  File \"/home/kavach/.ansible/tmp/ansible-tmp-15
45898022.28-2372019141370/AnsiballZ_ali_slb_server.py\", line 113, in <module>\n    _ansiballz_main()\n  File \"/home/kavach/.ansible/tmp/ansible-tmp-1545898022.28-2372019141370/AnsiballZ_ali_slb_server.py
\", line 105, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/home/kavach/.ansible/tmp/ansible-tmp-1545898022.28-2372019141370/AnsiballZ_ali_slb_server.py\", line
48, in invoke_module\n    imp.load_module('__main__', mod, module, MOD_DESC)\n  File \"/tmp/ansible_ali_slb_server_payload_DyCSp9/__main__.py\", line 436, in <module>\n  File \"/tmp/ansible_ali_slb_server_
payload_DyCSp9/__main__.py\", line 396, in main\n  File \"/tmp/ansible_ali_slb_server_payload_DyCSp9/__main__.py\", line 193, in add_set_backend_servers\n  File \"/home/kavach/.virtualenvs/ansible/local/li
b/python2.7/site-packages/footmark/slb/connection.py\", line 1006, in describe_load_balancer_attribute\n    return self.get_object('DescribeLoadBalancerAttribute', params, LoadBalancer)\n  File \"/home/kav
ach/.virtualenvs/ansible/local/lib/python2.7/site-packages/footmark/connection.py\", line 269, in get_object\n    raise e\naliyunsdkcore.acs_exception.exceptions.ServerException: HTTP Status: 404 Error:Inv
alidLoadBalancerId.NotFound The specified LoadBalancerId does not exist. RequestID: 6797EB12-80F0-4A32-9BA6-15D532158CD7\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact err
or", "rc": 1}

This InvalidLoadBalancerId.NotFound makes no sense because the LB exists and the id is valid.

Tried gathering slb server facts with the same LB ID and it doesn't throw any error, proving that the LB exists.

- name: Find all backend server health status in specified region
      ali_slb_server_facts:
        alicloud_access_key: '{{ alicloud_access_key }}'
        alicloud_secret_key: '{{ alicloud_secret_key }}'
        alicloud_region: '{{ alicloud_region }}'
        load_balancer_id: '{{ load_balancer_id }}'
      register: all_backend_server
    - debug: var=all_backend_server

[Warning]: Found both group and host with same name

When executed ansible to ping all host with alicloud.py, I got this:

> ansible -i alicloud.py all -m ping -u root
 [WARNING]: Found both group and host with same name: i_j6cgu5l5nhep9wim2xly

i_j6cgu5l5nhep9wim2xly | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname i_j6cgu5l5nhep9wim2xly: nodename nor servname provided, or not known\r\n",
    "unreachable": true
}
47.52.225.249 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

My alicloud.ini is:

# Ansible Alibaba Cloud(Alicloud) ECS dynamic inventory script settings
#

[ecs]

# Alicloud regions to make calls to. Set this to 'all' to make request to all regions
# in Alicloud and then merge the results together. Alternatively, set this to a comma
# separated list of regions. For example, regions = cn-beijing,eu-central-1,ap-southeast-1,us-east-1
#regions = all
regions = cn-hongkong

# In addition, set 'regions_exclude' to a comma separated list of regions to filter 'all' regions.
#regions_exclude = us-west-1,ap-northeast-1


# When generating inventory, Ansible needs to know how to address a ECS instance.
# Each ECS instance has server ip address variables associated with it.
# This destination_variable is used as the address of a server, and it support
# following value:
#   - public_ip_address: return the public IP address of the ECS server
#   - eip_address: return the elastic IP address of the ECS server
#   - private_ip_address: return the inner or private IP address of the ECS server
# WARNING: For instances in a private subnet, this should be set to 'private_ip_address',
#           and Ansible must be run from within the subnet.
destination_variable = public_ip_address


# This allows you to override the inventory_name with an ecs server attribute,
# instead of using the destination_variable above. Addressing (aka ansible_ssh_host)
# will still use destination_variable.
# WARNING: ECS server attribute 'tags' should be written as 'tag_TAGNAME',
#           E.g. hostname_variable = tag_my-ansible
hostname_variable = instance_id


# By default, only ECS instances in the 'running' status are returned.
# Set 'all_instances' to True to return instances in all status.
# Set instance_states to return as a comma-separated list. This
# option will be overriden when 'all_instances' is True.
all_instances = True
# instance_states = pending, running, starting, stopping, stopped


# In order to avoiding calling Alicloud API frequently, we cache the results of an API call.
# Set this to the path you want cache files to be written to. Two files
# will be written to this directory:
#   - ansible-alicloud.cache
#   - ansible-alicloud.index
cache_path = ~/.ansible/tmp

# Set the number of seconds to consider the cache file is valid. After the valid
# seconds, a new API call will be made, and the cache file will be updated.
# To disable the cache, set this value to 0
cache_max_age = 0


# Organize groups into a nested/hierarchy instead of a flat namespace.
nested_groups = False

# Replace - tags when creating groups to avoid issues with ansible
replace_dash_in_groups = True


# If set this to true, any tag of the form "a,b,c" will be expanded into a list
# and the results are used to create additional tag_* inventory groups.
expand_csv_tags = False


# This supports to classify and manage ECS inventory by configuring several groups.
group_by_instance_id = True
group_by_region = True
group_by_availability_zone = True
group_by_image_id = True
group_by_instance_type = True
group_by_vpc_id = True
group_by_vswitch_id = True
group_by_security_group = True
group_by_tag_keys = True
group_by_tag_none = True


# If you only want to include hosts that match a certain regular expression
# pattern_include = myhost-*

# If you want to exclude any hosts that match a certain regular expression
# pattern_exclude = myhost-*


# Set this can be used to retrieve specified ECS instances for inventory.
# For the full list of possible filters, please read the ECS API
# docs: https://www.alibabacloud.com/help/doc-detail/25506.htm?spm=a3c0i.o54244zh.b99.175.1106d719NDxcYR
# The filters are key/value pairs separated by '=', to list multiple filters use
# a list separated by commas. See examples below.

# Retrieve only instances with (key=value) tool=ansible tag
# instance_filters = tag:tool=ansible
# Retrieve ecs.n4.small instances AND instances with tag tool=ansible
# instance_filters = instance_type=ecs.n4.small, tag:tool=ansible

[credentials]

# The Alicloud credentials can optionally be specified here. Credentials specified
# here will be ignored if the environment variable ALICLOUD_ACCESS_KEY(or ALICLOUD_ACCESS_KEY_ID)
# and ALICLOUD_SECRET_KEY(or ALICLOUD_SECRET_ACCESS_KEY) are set.
#
# Supplying Alicloud credentials here is not recommended, as it introduces
# non-trivial security concerns. It is strongly recommended using environment variable.
#
# alicloud_access_key = Abcd1234
# alicloud_secret_key = Abcd2345

Got error if not config assume role in alicloud.ini

./alicloud.py --list
Traceback (most recent call last):
  File "./alicloud.py", line 559, in <module>
    EcsInventory()
  File "./alicloud.py", line 87, in __init__
    self.read_settings()
  File "./alicloud.py", line 164, in read_settings
    role_arn = assume_role.get('role_arn')

Get no region with configuration of all regions

I had set the regions = all in alicloud.ini:

[ecs]

# Alicloud regions to make calls to. Set this to 'all' to make request to all regions
# in Alicloud and then merge the results together. Alternatively, set this to a comma
# separated list of regions. For example, regions = cn-beijing,eu-central-1,ap-southeast-1,us-east-1
regions = all
# regions = cn-beijing

and executed command:

./alicloud.py --list

then, no region came out.

But, I do have one ECS instance in cn-hongkong region, and it will come out when region would be cn-hongkong.

Cannot modify an instance name

Way to reproduce it:

- name: set instance name
  alicloud_instance:
    alicloud_access_key: "{{ alicloud_access_key }}"
    alicloud_secret_key: "{{ alicloud_secret_key }}"
    alicloud_region: "{{ region }}"
    instance_name: "{{ new_name }}"
    host_name: "{{ new_name }}"
    instance_ids: "{{ instance_id }}"

when running with this task, it will throw an error like

 "Modify instance attribute i-hidden_id_XXXX got an error: local variable 'name' referenced before assignment"

After dig into the source I think name should be set after this line, likename = instance_name

无法使用ansible的ali_instance_facts获取ecs信息

playbook的yml文件如下:

- name: fetch instances details example
  hosts: localhost
  vars:
    alicloud_access_key: xxxxxxxx
    alicloud_secret_key: xxxxxxxxx
    alicloud_region: cn-shenzhen
    availability_zone: cn-shenzhen-c

  tasks:
    - name: Find all instances in the specified region
      ali_instance_facts:
        alicloud_access_key: '{{ alicloud_access_key }}'
        alicloud_secret_key: '{{ alicloud_secret_key }}'
        alicloud_region: '{{ alicloud_region }}'
        instance_ids:
          - "i-wz98diszrt8loypkf4aa"
      register: instances_by_ids
      #register: all_instances

报错信息如下:

PLAY [fetch instances details example] *************************************************************************************************

TASK [Gathering Facts] *****************************************************************************************************************
ok: [localhost]

TASK [Find all instances in the specified region] **************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: UnicodeDecodeError: 'ascii' codec can't decode byte 0xe6 in position 0: ordinal not in range(128)
fatal: [localhost]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n  File \"/root/.ansible/tmp/ansible-tmp-1572316666.62-173569628691791/AnsiballZ_ali_instance_facts.py\", line 114, in <module>\n    _ansiballz_main()\n  File \"/root/.ansible/tmp/ansible-tmp-1572316666.62-173569628691791/AnsiballZ_ali_instance_facts.py\", line 106, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/root/.ansible/tmp/ansible-tmp-1572316666.62-173569628691791/AnsiballZ_ali_instance_facts.py\", line 49, in invoke_module\n    imp.load_module('__main__', mod, module, MOD_DESC)\n  File \"/tmp/ansible_ali_instance_facts_payload_9CvOfL/__main__.py\", line 354, in <module>\n  File \"/tmp/ansible_ali_instance_facts_payload_9CvOfL/ansible_ali_instance_facts_payload.zip/ansible/module_utils/alicloud_ecs.py\", line 33, in <module>\n  File \"/usr/lib/python2.7/site-packages/footmark/ecs/__init__.py\", line 4, in <module>\n    from footmark.ecs.connection import ECSConnection\n  File \"/usr/lib/python2.7/site-packages/footmark/ecs/connection.py\", line 29, in <module>\n    class ECSConnection(ACSQueryConnection):\n  File \"/usr/lib/python2.7/site-packages/footmark/ecs/connection.py\", line 32, in ECSConnection\n    DefaultRegionName = '杭州'.encode(\"UTF-8\")\nUnicodeDecodeError: 'ascii' codec can't decode byte 0xe6 in position 0: ordinal not in range(128)\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

PLAY RECAP *****************************************************************************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   

设置有序主机名报错

设置 hostname 为 name[1,2],实例数量是 3
实际创建的实例是正确的:name01, name02, name03
报错信息:

TASK [ecs : Creating ECS instance for Control Node] ***************************************************************************************************************************************************************
task path: /home/shell/kolla-openstack/ansible/roles/ecs/tasks/main.yml:37

Using module file /usr/local/lib/python3.6/dist-packages/ansible/modules/cloud/alicloud/ali_instance.py
<127.0.0.1> PUT /home/shell/.ansible/tmp/ansible-local-18089_au_hwf/tmptedfbvbz TO /home/shell/.ansible/tmp/ansible-tmp-1577511780.2581673-154736340755706/AnsiballZ_ali_instance.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /home/shell/.ansible/tmp/ansible-tmp-1577511780.2581673-154736340755706/ /home/shell/.ansible/tmp/ansible-tmp-1577511780.2581673-154736340755706/AnsiballZ_ali_instance.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python3 /home/shell/.ansible/tmp/ansible-tmp-1577511780.2581673-154736340755706/AnsiballZ_ali_instance.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/shell/.ansible/tmp/ansible-tmp-1577511780.2581673-154736340755706/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
  File "/tmp/ansible_ali_instance_payload_2hcodzwf/__main__.py", line 663, in modify_instance
    return instance.modify(name=name, description=description, host_name=host_name, password=password, user_data=user_data)
  File "/usr/local/lib/python3.6/dist-packages/footmark/ecs/instance.py", line 150, in modify
    return self.connection.modify_instance_attribute(**params)
  File "/usr/local/lib/python3.6/dist-packages/footmark/ecs/connection.py", line 603, in modify_instance_attribute
    return self.get_status_new(self.build_request_params(self.format_request_kwargs(**kwargs)))
  File "/usr/local/lib/python3.6/dist-packages/footmark/connection.py", line 429, in get_status_new
    raise e
  File "/usr/local/lib/python3.6/dist-packages/footmark/connection.py", line 421, in get_status_new
    body = self.make_request_new(params)
  File "/usr/local/lib/python3.6/dist-packages/footmark/connection.py", line 326, in make_request_new
    raise e
  File "/usr/local/lib/python3.6/dist-packages/footmark/connection.py", line 318, in make_request_new
    return conn.do_action_with_exception(request)
  File "/usr/local/lib/python3.6/dist-packages/aliyunsdkcore/client.py", line 467, in do_action_with_exception
    raise exception

fatal: [localhost]: FAILED! => {
    "changed": false,
    "invocation": {

    "msg": "Modify instance i-uf6er6f6shmrk8t2lnl3 attribute got an error: HTTP Status: 400 Error:InvalidHostName.Malformed The specified parameter \"HostName\" is not valid. RequestID: 2D58B705-E185-4EDA-9E83-2A60622AC41C"
}

Cannot create security group

When I tried to use Ansible module to create security group, it through an error
An exception occurred during task execution. Tosee the full traceback, use -vvv. The error was: TypeError: get_all_security_groups() got an unexpected keyword argument 'vpc_id' fatal: [localhost]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent calllast):\n File \"/var/folders/ph/c549sdy55qndkj1w9zd02rwh0000gp/T/ansible_jyy0rs/ansible_module_alicloud_security_group.py\", line 618, in <module>\n main()\n File \"/var/folders/ph/c549sdy55qndkj1w9zd02rwh0000gp/T/ansible_jyy0rs/ansible_module_alicloud_security_group.py\", line 563, in main\n security_groups = ecs.get_all_security_groups(vpc_id=vpc_id, name=group_name)\nTypeError: get_all_security_groups() got an unexpected keyword argument 'vpc_id'\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 1}

So, I go to line 563 in _alicloud_security_group.py.
image
However, the signature of the method should be a filter (dict), instead of two strings.
image

ali_image_info has several problems

Hi,

I'm using ansible alicloud modules to handle my cloud resource in aliyun recently, but I found there are several problems in module ali_image_info:

  1. if I specify the image_names in the module, but the image I specified actually doesn't exist, then the execution will be stuck and never return the result(I waited almost half an hour)
  2. it seems it won't search the private images if image_names is specified, it only searched in the public images, please help to support it. I remember that alicould SDK actually support it.

best regards.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.