Append newly-created security group to existing SG list in EC2 creation?

I have a set of (VPC) security group IDs, and I want to create a new (VPC) security group, then apply the existing an newly-created group to a new EC2 instance at creation time. I can create the SG, show its ID, but I cannot determine the syntax to append it to the list of already-defined SGs.

vars:

…
ec2_security_ids: [‘sg-31d7155e’, ‘sg-f49c4d9b’, ‘sg-fa9c4d95’]

tasks:

• name: Create Security Group for HQTS marker interface (no rules, just right)

local_action:
module: ec2_group
name: ‘{{hqts_name}}’
region: ‘{{region}}’

vpc_id: ‘{{vpc_id}}’
register: hqts_sg

• name: Show SG ID
  local_action: command echo {{ hqts_sg.group_id }}

• name: Launch instance HQTS
  local_action:
  module: ec2
  keypair: ‘{{keypair}}’

group_id: ‘{{ ec2_security_ids + [hqts_sg.group_id] }}’
instance_type: m1.small
image: ami-a25415cb
region: ${region}
vpc_subnet_id: ${vpc_1b_web.id}
wait: yes

register: hqts_ec2

The SG is created and shown, but the group_id appears to get turned into a string instead of a list and breaks the request:

TASK: [Show SG ID] ************************************************************
<127.0.0.1> REMOTE_MODULE command echo sg-b1fb5ade
changed: [127.0.0.1] => {“changed”: true, “cmd”: [“echo”, “sg-b1fb5ade”], “delta”: “0:00:00.002632”, “end”: “2013-09-11 18:57:30.033285”, “rc”: 0, “start”: “2013-09-11 18:57:30.030653”, “stderr”: “”, “stdout”: “sg-b1fb5ade”}

TASK: [Launch instance HQTS] **************************************************
<127.0.0.1> REMOTE_MODULE ec2 group_id=‘[’“'”‘sg-31d7155e’“'”‘, ‘"’“‘sg-f49c4d9b’”’“', '”‘“‘sg-fa9c4d95’”’“‘, u’”‘“‘sg-b1fb5ade’”’"‘]’ instance_tags=‘{“Name”: “hqts-dev”, “site”: “hqts.hq”, “op_env”: “dev”, “Description”: “to7sandbox”, “Owner”: “shentonfreude”}’ region=us-east-1 keypair=wpizvs-cshenton instance_type=m1.small vpc_subnet_id=subnet-a7cfd8cb image=ami-a25415cb
failed: [127.0.0.1] => {“failed”: true, “parsed”: false}
[…]
File “/Users/chris/Projects/wp/ansiprime/lib/python2.7/site-packages/boto/ec2/connection.py”, line 2393, in get_all_security_groups
[(‘item’, SecurityGroup)], verb=‘POST’)
File “/Users/chris/Projects/wp/ansiprime/lib/python2.7/site-packages/boto/connection.py”, line 1076, in get_list
raise self.ResponseError(response.status, response.reason, body)
boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request

InvalidGroupId.MalformedInvalid id: “[‘sg-31d7155e’, ‘sg-f49c4d9b’, ‘sg-fa9c4d95’, u’sg-b1fb5ade’]” (expecting “sg-…”)043eabdd-3b3e-45a3-b394-d16f914b2a7e

Is there a way to do this inline, or set some variable to the SG list with the new SG appended, then reference it so it gets treated as a list instead of a string containing a list?

Thanks.

The security groups module should take a comma seperated list.

Perhaps I’m being dense or unclear: the ‘ec2_group’ module part runs fine. But what I’m having trouble with is referencing it and adding it to the ‘ec2’ module’s group_id list – here:

vars:

ec2_security_ids: [‘sg-31d7155e’, ‘sg-f49c4d9b’, ‘sg-fa9c4d95’]

module: ec2
group_id: ‘{{ ec2_security_ids + [hqts_sg.group_id] }}’

Am I being stupid about the syntax for the list variable, and how to append the new SG ID to it?

Thanks again.

Rather than using the group_id field, could you use the group field instead and try this?

ec2: group=“{{ “,”.join(ec2_security_names + [hqts_sg.group_name]) }}”

It appears to be a bug in the code that you can’t do something similar with the group_id field, so if you could also open a github issue for that we’d appreciate it.

Rather than using the group_id field, could you use the group field instead and try this?

ec2: group=“{{ “,”.join(ec2_security_names + [hqts_sg.group_name]) }}”

I’m in a VPC so don’t have access to the SG names, only their IDs.

It appears to be a bug in the code that you can’t do something similar with the group_id field, so if you could also open a github issue for that we’d appreciate it.

Will do, thanks.
And thanks for tracking this down!