resmo / ansible-cloudstack Goto Github PK

@resmo VPC support seen in the wild at:
https://github.com/SafeSwissCloud/ansible-cloudstack-vpc/blob/master/patches/cs_ip_address.py

Hi @resmo looks like we can't specify disk size on exoscale:

this:

  - name: Start head-node VM
    local_action:
      module: cloudstack_vm
      name: head-node1
      template: Linux Ubuntu 14.04 LTS 64-bit 10G Disk (2014-10-28-3b8b26) 
      service_offering: Tiny

Gives an unknown template error. But I I use Linux Ubuntu 14.04 LTS 64-bit and

disk_size: 10

It has no effect.

that's due to the naming convention of the exoscale template, which hard codes the disk sizes.

Any chance to check that ?

I'm hitting the error More than one rule having name lb_group_worker-http. Please pass 'ip_address' as well., even though I'm already passing the IP address and there is only a single rule with this name.
There is a second loadbalancer rule with a similar name, however: lb_group_worker-https

Other rules with more unique names (like lb_group_master) work fine.

It looks like the CloudStack API does not match rule names exactly, as it should.

Hi @resmo any chance you could add the usersecuritygrouplist variable in the cloudstack_sg_rule file.
It allows to create a rule where the source is another security group (without passing a cidr as source).

its very helpful for exoscale.

thanks

TASK: [cs_staticnat] **********************************************************
failed: [127.0.0.1 -> 127.0.0.1] => {"failed": true, "parsed": false}
Traceback (most recent call last):
File "/home/milamber/.ansible/tmp/ansible-tmp-1440009370.83-101564793180131/cs_staticnat", line 2280, in
main()
File "/home/milamber/.ansible/tmp/ansible-tmp-1440009370.83-101564793180131/cs_staticnat", line 657, in main
acs_static_nat = AnsibleCloudStackStaticNat(module)
File "/home/milamber/.ansible/tmp/ansible-tmp-1440009370.83-101564793180131/cs_staticnat", line 525, in init
super(AnsibleCloudStackPortforwarding, self).init(module)
NameError: global name 'AnsibleCloudStackPortforwarding' is not defined

It only check the name currently. Given we know the public key during runtime, we should be able to generate the finger print and use that in the query other than the name. Not sure how easy was it to do it in Python though.

Best,

Dong

When we create VM's on CloudStack we want to specify the ipaddresses. We have multihomed machine spreading datacenters and need to separate networks as well.

The api is more extensive than the cloudstack_vm implements:
http://cloudstack.apache.org/docs/api/apidocs-4.2/user/deployVirtualMachine.html

being able to specify ipaddress would be an improvement, addnictovirtualmachine even better and also iptonetworklist.

Great work, thanks a lot for this.

Where do I put this if I have my own ansible installation (meaning I install ansible from source) ?

thanks

Hi @resmo any chance you could add the usersecuritygrouplist variable in the cloudstack_sg_rule file.
It allows to create a rule where the source is another security group (without passing a cidr as source).

its very helpful for exoscale.

thanks

@resmo me again, trolling…:)

Would love to see tag support. So we can tag VMs.

In the API those:

createEgressFirewallRule (A)
deleteEgressFirewallRule (A)
listEgressFirewallRules
updateEgressFirewallRule (A)

were listed under Firewall, so not sure should this be a separate module or part of the firewall one you already done.

Best,

Dong

Did you ever try register ISO with a URL?

I got an error like this:

TASK: [test] ****************************************************************** 
failed: [localhost -> 127.0.0.1] => {"failed": true}
msg: CloudStackException: ('HTTP 431 response from CloudStack', <Response [431]>, {u'errorcode': 431, u'uuidList': [], u'cserrorcode': 9999, u'errortext': u'Unsupported scheme for url: http%3A%2F%2Fstable.release.core-os.net%2Famd64-usr%2Fcurrent%2Fcoreos_production_iso_image.iso'})

I did try cloudmonkey and it works. Seems the endpoint doesn't like this kind of encoding?

Best,

Dong

Seems you removed the following two lines:

    result = {}
    result['changed'] = False

before

    state = module.params.get('state')

Now we get errors like this:

File "/home/dong/.ansible/tmp/ansible-tmp-1426522421.37-197318843812041/cloudstack_sshkey", line 294, in get_result
    self.result['fingerprint'] = ssh_key['fingerprint']
AttributeError: AnsibleCloudStackSshKey instance has no attribute 'result'

@resmo thanks for your hard work on this. It's super useful
The sg, sg rules and cloudstack_vm works.

It would be great to add userdata support in the cloudstack_vm module. something like

- local_action:
  module: cloudstack_vm
  name: foobar
  userdata: /path/to/userdata

Hi René.
I can't find documentation on how to support multiple environments. It would be nice if we could use the inventory list with a list of "independent management servers", and have the module search the respective cloudstack.ini .... is it supported, or am I missing something?

Type back,
-NT

Cloudstack only stores a limited amount of grouping information.
For example, it is not possible to assign multiple host groups to a host.

This script can be used alongside cloudstack.py to generate additional groups based on hostname regex matches:

import sys
import json
import re

hosts = json.load(sys.stdin)

for host in hosts['all']['hosts']:
    for check in sys.argv[1:]:
        (group, sep, rex) = check.partition('=')
        #print >> sys.stderr, "{} ? {} -> {}".format(host, rex, group)
        if rex and re.search(rex, host):
            #print >> sys.stderr, "{} -> {}".format(host, group)
            if group not in hosts:
                hosts[group] = {
                    'hosts': []
                }
            hosts[group]['hosts'].append(host)

print(json.dumps(hosts, indent=2))

It would be nice to have this feature added to cloudstack.py, for example with a multi-option like --hostgroup <group_name>=<regex>

Thank you for using it.

How to get a module reference of the HTML?

@resmo in:
https://github.com/resmo/ansible-cloudstack/blob/master/cloudstack_vm.py#L423

res is not defined.

If zone A already has host named: host1

Then trying to deploy host1 into zone B won't work as the current code would think it already exists.

Best,

Dong

A simple question: currently it seems setting state to Expunged won't work, Ansible detected the change yet the VM is still happily living.

We will get this error msg if we try 'expunge' command from cs or cloudmonkey on a running VM:

Error 530, Please destroy vm with specified vmId before expunge

Does that mean in order to totally remove a VM, we need to have two tasks: first destroy then expunge?

At least in the API for command 'destroy virtualmachine' we can give a parameter 'expunge=true'. I understand this is purely a design issue. Not sure how would Ansible philosophy handle this.

On a cloudstack cloud with an advanced zone we see lots of HTTPS errors due to maximum connection retries reached.

While it might be a setup/limit issue on the cloud. Is there a way to configure Ansible to avoid those issues, increase the time during polls on the API ?

This error is seen with a simple play that starts a single instance. the instance actually starts but the play fails. So ansible has to be doing multiple cs polls. to get the status of the VM (async, job status poll).

Hi @resmo shouldn't ansible skip a task if it's already created (idempotent…).

When I create a security group that has already been created, I see the cloudstack error:

failed: [localhost -> 127.0.0.1] => {"failed": true}  
msg: CloudStackException: ('HTTP 431 response from CloudStack', <Response [431]>, {u'errorcode': 431, u'uuidList': [], u'cserrorcode': 4350, u'errortext': u'Unable to create security group, a group with name foobar already exisits.'})

FATAL: all hosts have already failed -- aborting

I am sure there is an easy way in ansible to skip through this ?

I try to create firewall rule, I always have this error : "No networks available" but the rule is created.

Here is my playbook :

- hosts: all
  sudo: no
  gather_facts: no
  connection: local
  tasks:
    - cs_firewall:
        ip_address: 178.170.72.99
        start_port: 1234
        end_port: 1234
        cidr: 17.0.0.0/8
        state: present

When using state: absent to remove an ISO image, cs_iso will always report a changed state, but it does not fail if the image can't be removed.

This can occur when the image is still attached to a virtual machine, for example.

My python-cs is version 0.8.2.

Hi @resmo I am still looking into it, but there seems to be a bug when you try to add rules to a sec group that are from different protocols.

Say you add a ssh rule and then an icmp rule….it won't work. or so it seems.
I am looking at the code right now.