-
Notifications
You must be signed in to change notification settings - Fork 23.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added cloud/Amazon module for SSM #19868
Conversation
This module allows you to interface with Amazon Simple Systems Manager (SSM) to manage the configuration of your Amazon EC2 instances. Specifically this module allows you to use the Run Command functionality to run system commands against your hosts. E.g. you can run PowerShell commands against Windows hosts or bash commands against a Linux host. The specific advantage is that you do not need to log into those hosts as the SSM service takes care of the execution. For more information see http://docs.aws.amazon.com/ssm/latest/APIReference/Welcome.html
Migrated from ansible/ansible-modules-extras#3294 |
Rackspace has been teasing a connection plugin they wrote that uses SSM as well- I've reached out to see if we should expect it anytime soon. I'm not opposed to overlapping functionality here either, but a connection plugin really is the "ansible-y" way to do this sort of thing... |
@mmochan @michaeljs1990 @wimnat @erydo @jarv @steynovich @ryansydnor @simplesteph @Java1Guy @rmorlok @pwnall @naslanidis @pjodouin @willthames @RickMendes @amir343 @linuxdynasty @timmahoney @tedder @jsdalton @jmenga @tastychutney @scottanderson42 @mjschultz @bpennypacker @zimbatm @brandond @joelthompson @alachaum @TomBamford @jjshoe @j-carl @fiunchinho @Etherdaemon @bekelchik @minichate @MichaelBaydoun @loia @akazakov @Zeekin @silviud @whiter As a maintainer of a module in the same namespace this new module has been submitted to, your vote counts for shipits. Please review this module and add |
sample: Success | ||
''' | ||
|
||
# import base64 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remove these if not required
if not HAS_BOTO3: | ||
module.fail_json(msg='Python module "boto3" is missing, please install it') | ||
|
||
if not (document_name and instance_ids): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why aren't these required in the argument_spec?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is still unanswered
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These parameters are set to required=True however I found that if you specify the parameter in a playbook but leave it blank, it still gets past that check. I put this in as a more friendly way of handling the exception than letting the exception generated by the the boto call to bubble up. If there is a more "Ansible-y" way of handling this, let me know. Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, that makes sense, was just curious why it was required.
module.exit_json(changed=True, result=results) | ||
|
||
# import module snippets | ||
from ansible.module_utils.basic import * |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Need to use new style module imports
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ec2 import boto3_conn, ec2_argument_spec, get_aws_connection_info
preferably at the top of the file to avoid flake8 complaints.
short_description: Execute commands through Simple System Manager (SSM) a.k.a. Run Command | ||
description: | ||
- This module allows you to execute commands through SSM/Run Command. | ||
version_added: "2.2" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This regressed back in your most recent commit
sample: Success | ||
''' | ||
|
||
from ansible.module_utils.basic import * |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just import AnsibleModule
here
!needs_revision |
shipit |
@nitzmahone the SSM connection plugin does sound like it might be simpler for some use cases - guess it depends on what else you're doing in the rest of your playbook. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
needs_revision
- A comment about this particular invocation. | ||
required: false | ||
default: NONE | ||
instanceIds: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would change this to ansible preferred snake_case. instance_ids
def main(): | ||
argument_spec = ec2_argument_spec() | ||
argument_spec.update(dict( | ||
name = dict(required=True), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You should try to follow pep8. Therefore, the spacing here isn't required. Also, applies to the rest of the dict
supports_check_mode=False | ||
) | ||
|
||
document_name = module.params.get('name') # Needs to be an existing SSM document name |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Again, pep8 means no spaces here
"the document name is correct and your profile has " | ||
"permissions to execute SSM.", | ||
exception=traceback.format_exc(ce)) | ||
module.fail_json(msg="Client-side error when invoking SSM, check inputs and specific error", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would follow the guidelines here for boto3 exception handling https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/cloud/amazon/GUIDELINES.md#boto3-2
module.fail_json(msg="Client-side error when invoking SSM, check inputs and specific error", | ||
exception=traceback.format_exc(ce)) | ||
except botocore.exceptions.ParamValidationError as ve: | ||
module.fail_json(msg="Parameters to `invoke` failed to validate", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
while checking: | ||
try: | ||
invoke_response = client.list_command_invocations(**list_params) | ||
except Exception as e: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Only capture the specific exception type here and handle appropriately https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/cloud/amazon/GUIDELINES.md#boto3-2
Discussed offline with the author of the SSM connection plugin, and decided that both would be good to have. Once everyone's happy with implementation on this one, I'm good to merge. |
@woznij This PR contains |
@woznij can you please rebase this and change the "version_added" docs property? |
The test
The test
|
what is going on here? it has been a while since there was any progress? what can I do to help? |
@destroy-everything It HAS been a while! I got pulled away on assignment at work and have not had time to come back to this. It has turned into a bit of a black hole it seems. I fix one thing and another thing is found, lots of small differentiating changes. With my workload as of recent it has made it difficult to keep up. This is really my first contribution to a large public repo so following the rules is a bit of a learning curve too, and it seems the rules have changed a few times since I started this. All that is just an excuse really and I really should just sit down and do it. Other than time, my blockers are reading up on how to "rebase" properly, read up on what "ANSIBLE_METADATA" is, read up on "RETURN.status.returned" should be. The other outstanding things like PEP8 tweaks should be pretty easy. I will note that a good chunk of this code was reused from another approved and merged module so some of the things that were caught must be because of new checks that are being performed. |
@woznij it is a bit of a moving target I'm afraid but a slow moving one that we're trying to better document. Some of it is that the project's coding standards are improving so we can do more checking of the obvious stuff, some of it is just evolution in action. We should also just document a 'perfect' module skeleton that people can just copy and paste the relevant sections from into their work. |
just means that in your |
This PR has been inactive for over half a year now. Any activities going on? I have written the same module for internal use with the same functionality. Should we try to fix this PR or should I open a fresh PR with my changes? |
ISSUE TYPE
COMPONENT NAME
ssm_send_command
ANSIBLE VERSION
SUMMARY
This module allows you to interface with Amazon Simple Systems Manager (SSM) to manage the configuration of your Amazon EC2 instances. Specifically this module allows you to use the Run Command functionality to run system commands against your hosts. E.g. you can run PowerShell commands against Windows hosts or bash commands against a Linux host. The specific advantage is that you do not need to log into those hosts as the SSM service takes care of the execution. For more information see http://docs.aws.amazon.com/ssm/latest/APIReference/Welcome.html