服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Ansible:如何find连接到子网的路由ID
Intereting Posts
如何创build自动从networking加载kickstart的RHEL / CentOS启动媒体? 清漆configuration规则来caching大的MP3和PDF文件? Apache:我如何与两个不同的域共享一组文件? Ruby或Python中的论坛解决scheme ShadowProtect SBS如何备份到交替的外部驱动器? PFSense IPSEC VPN VLAN varnish不会caching任何东西:varnishstat总是与0比例 Windows Server 2012 R2 – 索引服务问题 AD用户收到发送到通讯组列表的任何电子邮件的重复电子邮件 针对特定本地盒子的多个外部IP 如何禁止通过接口转发数据包到私有networking地址 AWS自己的电子邮件域和一些通用的问题 使用Cisco VPN Client连接到VPN时不能访问互联网5 不在办公室外的协助 如何仅限制PHP5 / Apache发送邮件给本地用户

Ansible:如何find连接到子网的路由ID

我有一些VPC与一些路由和子网。 我希望能够使用它,但我不能看到一种方式来链接子网路由表ID。 我已经使用了ec2_vpc_route_table_facts,ec2_vpc_subnet_facts和ec2_vpc_net_facts模块,但是除非我错过了一些东西,否则它们都不会告诉我哪个子网与哪个路由表相关联。 

TASK [ec2_vpc_route_table_facts] *********************************************** ok: [localhost] TASK [display routes] ********************************************************** ok: [localhost] => { "msg": { "changed": false, "route_tables": [ { "id": "rtb-83fd25e7", "routes": [ { "destination_cidr_block": "172.31.0.0/16", "gateway_id": "local", "instance_id": null, "interface_id": null, "origin": "CreateRouteTable", "state": "active", "vpc_peering_connection_id": null }, { "destination_cidr_block": "0.0.0.0/0", "gateway_id": "igw-6f792c0a", "instance_id": null, "interface_id": null, "origin": "CreateRoute", "state": "active", "vpc_peering_connection_id": null } ], "tags": {}, "vpc_id": "vpc-e749a683" }, { "id": "rtb-abf02bcf", "routes": [ { "destination_cidr_block": "172.31.0.0/16", "gateway_id": "local", "instance_id": null, "interface_id": null, "origin": "CreateRouteTable", "state": "active", "vpc_peering_connection_id": null } ], "tags": {}, "vpc_id": "vpc-e749a683" } ] } } TASK [ec2_vpc_subnet_facts] **************************************************** ok: [localhost] TASK [display subnets] ********************************************************* ok: [localhost] => { "msg": { "changed": false, "subnets": [ { "availability_zone": "eu-west-1b", "available_ip_address_count": 4091, "cidr_block": "172.31.16.0/20", "default_for_az": "true", "id": "subnet-3ac33c4c", "map_public_ip_on_launch": "true", "state": "available", "tags": {}, "vpc_id": "vpc-e749a683" }, { "availability_zone": "eu-west-1c", "available_ip_address_count": 4091, "cidr_block": "172.31.32.0/20", "default_for_az": "true", "id": "subnet-4efbef17", "map_public_ip_on_launch": "true", "state": "available", "tags": {}, "vpc_id": "vpc-e749a683" }, { "availability_zone": "eu-west-1a", "available_ip_address_count": 4091, "cidr_block": "172.31.0.0/20", "default_for_az": "true", "id": "subnet-9a3deafe", "map_public_ip_on_launch": "true", "state": "available", "tags": {}, "vpc_id": "vpc-e749a683" } ] } }

我能看到做这个工作的唯一方法是在路线上包含一个合理值的标签(如子网ID)。 但是,这仍然需要有人手动保持它最新,没有办法从Ansible自动化,是吗?

我认为一个很好的filter插件可以帮助你在这种情况下。 例如,如果您知道路由表ID,则可以编写一个简单的Python函数来检索与路由表ID相关联的子网ID列表。 你会把这个filter放在你的安全目录的根目录下。

下面的示例…. filter_plugins / example.py 

 def get_all_subnet_ids_in_route_table(route_table_id, region=None): """ Args: route_table_id (str): The route table id you are retrieving subnets for. Kwargs: region (str): The aws region in which the route table exists. Basic Usage: >>> get_all_subnet_ids_in_route_table("rtb-1234567", "us-west-2") ['subnet-1234567', 'subnet-7654321'] Returns: List of subnet ids """ subnet_ids = list() client = boto3.client('ec2', region_name=region) params = { 'RouteTableIds': [route_table_id] } routes = client.describe_route_tables(**params) if routes: for route in routes['RouteTables']: for association in route['Associations']: if association.get('SubnetId', None): subnet_ids.append(association['SubnetId']) return subnet_ids else: raise errors.AnsibleFilterError( "No subnets were found for {0}".format(route_table_id) ) class FilterModule(object): ''' Ansible core jinja2 filters ''' def filters(self): return { 'get_all_subnet_ids_in_route_table': get_all_subnet_ids_in_route_table }

如果你想使用这个filter,这将是如下简单的.. 

 route_table_id: rtb-1234567 aws_region: eu-west-1 subnet_ids_for_example_rt: "{{ route_table_id | get_all_subnet_ids_in_route_table(aws_region) }}"

看起来这是Ansible 2.3的固定版本( https://github.com/ansible/ansible/commit/90002e06ae0ab255d71e6976d7e5d23e93850cd3 )。

现在,当您调用ec2_vpc_route_table_facts ,除了routes列表之外,每个返回的路由表还有一个associations列表,其中包含任何关联的subnet_id(s) 

 { "associations": [ { "id": "rtbassoc-02cf4c00", "main": false, "route_table_id": "rtb-7051d400", "subnet_id": "subnet-3099da00" } ], "id": "rtb-7051d400", "routes": [ { "destination_cidr_block": "52.123.123.123/32", "gateway_id": "igw-96298400", "instance_id": null, "interface_id": null, "state": "active", "vpc_peering_connection_id": null }, { "destination_cidr_block": "52.123.123.124/32", "gateway_id": "igw-96298400", "instance_id": null, "interface_id": null, "state": "active", "vpc_peering_connection_id": null }, { "destination_cidr_block": "10.69.123.0/24", "gateway_id": "local", "instance_id": null, "interface_id": null, "state": "active", "vpc_peering_connection_id": null } ], "tags": { "Name": "test-gmd-b-routes" }, "vpc_id": "vpc-c5439a00" }