Cannot get with_Items working with ec2group

Archives Ansible Project
1

Ansible 1.7

I am trying to use either with_items or with_nested (if including a list of ports as well) to traverse a list of cidr addresses and create sec group rules from that …

Basically, this is failing repeatedly … and I guess its down to confusion around the correct scope to apply the with_items keyword …

I have something like this …

`

  • name: Create security group
    ec2_group:
    name: “some-name”
    description: “some description”
    vpc_id: “vpc-blahblah”
    region: “eu-north-4”
    rules:
  • proto: tcp
    from_port: 443
    to_port: 443
    cidr_ip: “{{ item }}”
    with_items:
  • addr1/32
  • addr2/32
  • etc/32
    `

In the above scope of usage, ansible is not able to see the variable … it’s exactly the same below when the with_items is nested in-line with and the following also does not work …

`

  • name: Create security group
    ec2_group:
    name: “some-name”
    description: “some description”
    vpc_id: “vpc-blahblah”
    region: “eu-north-4”
    rules:
  • proto: tcp
    from_port: 443
    to_port: 443
    cidr_ip: “{{ item }}”
    with_items:
  • addr1/32
  • addr2/32
  • etc/32
    `

The only variant that works is when it’s aligned with the ec2group line (see immediately below) … but it does not iterate and create several security groups … it iteratively, replaces a single entry with the latest value in the loop …
`

  • name: Create security group
    ec2_group:
    name: “some-name”
    description: “some description”
    vpc_id: “vpc-blahblah”
    region: “eu-north-4”
    rules:
  • proto: tcp
    from_port: 443
    to_port: 443
    cidr_ip: “{{ item }}”
    with_items:
  • addr1/32
  • addr2/32
  • etc/32
    `

I have looked at the docs for both ec2group and with_items, and it’s not obvious how this is supposed to be used … I suspect I may be making some basic mistake/omission … Any suggestions? thanks in advance.

2

You have an indentation error here for starters:

  • name: Create security group
    ec2_group:
    name: “some-name”
    description: “some description”
    vpc_id: “vpc-blahblah”
    region: “eu-north-4”
    rules:
  • proto: tcp
    from_port: 443
    to_port: 443
    cidr_ip: “{{ item }}”
    with_items:
  • addr1/32
  • addr2/32
  • etc/32

with_items should be at the same level as “ec2_group”.

3

Thanks for the response … much appreciated.

And yes, I have seen that’s the only way it works , I do ponder what I have to do to have it create a security group per item element(s) … or is this an incorrect usage?

Thanks again …

4

Try to give the groups different names.
You can use:

with_items:

  • ip: addr1/32
    name: group1

And then access that data with {{ item.ip }} and {{ item.name }}.

Chuzzy chuxuzoeto@gmail.com napisał:

5

Thanks, Tomasz …

But this will result in my creating a huge number of security groups … the intention is to create a list of rules for a security group …

the ideal solution would be to have the loop work on a ‘rule’ level … and not at the SG level, so that each iteration points to a new rule instead of a new SG …

Without such a change, using with_items or any other loop for managing rules is not really useful …

6

You may wish to just define the list as a variable and do

attribute: “{{ listvar }}”

To plug in the list from your variable file