Added cloud/Amazon module for SSM #19868
Conversation
This module allows you to interface with Amazon Simple Systems Manager (SSM) to manage the configuration of your Amazon EC2 instances. Specifically this module allows you to use the Run Command functionality to run system commands against your hosts. E.g. you can run PowerShell commands against Windows hosts or bash commands against a Linux host. The specific advantage is that you do not need to log into those hosts as the SSM service takes care of the execution. For more information see http://docs.aws.amazon.com/ssm/latest/APIReference/Welcome.html
|
Migrated from ansible/ansible-modules-extras#3294 |
ansibot
added
affects_2.3
ansibot
added
needs_revision
nitzmahone
removed
the
needs_triage
|
Rackspace has been teasing a connection plugin they wrote that uses SSM as well- I've reached out to see if we should expect it anytime soon. I'm not opposed to overlapping functionality here either, but a connection plugin really is the "ansible-y" way to do this sort of thing... |
ansibot
added
the
community_review
|
@mmochan @michaeljs1990 @wimnat @erydo @jarv @steynovich @ryansydnor @simplesteph @Java1Guy @rmorlok @pwnall @naslanidis @pjodouin @willthames @RickMendes @amir343 @linuxdynasty @timmahoney @tedder @jsdalton @jmenga @tastychutney @scottanderson42 @mjschultz @bpennypacker @zimbatm @brandond @joelthompson @alachaum @TomBamford @jjshoe @j-carl @fiunchinho @Etherdaemon @bekelchik @minichate @MichaelBaydoun @loia @akazakov @Zeekin @silviud @whiter As a maintainer of a module in the same namespace this new module has been submitted to, your vote counts for shipits. Please review this module and add |
| sample: Success | ||
| ''' | ||
|
|
||
| # import base64 |
There was a problem hiding this comment.
remove these if not required
| if not HAS_BOTO3: | ||
| module.fail_json(msg='Python module "boto3" is missing, please install it') | ||
|
|
||
| if not (document_name and instance_ids): |
There was a problem hiding this comment.
why aren't these required in the argument_spec?
There was a problem hiding this comment.
This is still unanswered
There was a problem hiding this comment.
These parameters are set to required=True however I found that if you specify the parameter in a playbook but leave it blank, it still gets past that check. I put this in as a more friendly way of handling the exception than letting the exception generated by the the boto call to bubble up. If there is a more "Ansible-y" way of handling this, let me know. Thanks!
There was a problem hiding this comment.
Ok, that makes sense, was just curious why it was required.
| module.exit_json(changed=True, result=results) | ||
|
|
||
| # import module snippets | ||
| from ansible.module_utils.basic import * |
There was a problem hiding this comment.
Need to use new style module imports
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ec2 import boto3_conn, ec2_argument_spec, get_aws_connection_info
preferably at the top of the file to avoid flake8 complaints.
| short_description: Execute commands through Simple System Manager (SSM) a.k.a. Run Command | ||
| description: | ||
| - This module allows you to execute commands through SSM/Run Command. | ||
| version_added: "2.2" |
There was a problem hiding this comment.
This regressed back in your most recent commit
| sample: Success | ||
| ''' | ||
|
|
||
| from ansible.module_utils.basic import * |
There was a problem hiding this comment.
just import AnsibleModule here
ansibot
added
needs_revision
|
!needs_revision |
|
shipit |
|
@nitzmahone the SSM connection plugin does sound like it might be simpler for some use cases - guess it depends on what else you're doing in the rest of your playbook. |
| - A comment about this particular invocation. | ||
| required: false | ||
| default: NONE | ||
| instanceIds: |
There was a problem hiding this comment.
I would change this to ansible preferred snake_case. instance_ids
| def main(): | ||
| argument_spec = ec2_argument_spec() | ||
| argument_spec.update(dict( | ||
| name = dict(required=True), |
There was a problem hiding this comment.
You should try to follow pep8. Therefore, the spacing here isn't required. Also, applies to the rest of the dict
| supports_check_mode=False | ||
| ) | ||
|
|
||
| document_name = module.params.get('name') # Needs to be an existing SSM document name |
There was a problem hiding this comment.
Again, pep8 means no spaces here
| "the document name is correct and your profile has " | ||
| "permissions to execute SSM.", | ||
| exception=traceback.format_exc(ce)) | ||
| module.fail_json(msg="Client-side error when invoking SSM, check inputs and specific error", |
There was a problem hiding this comment.
I would follow the guidelines here for boto3 exception handling https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/cloud/amazon/GUIDELINES.md#boto3-2
| module.fail_json(msg="Client-side error when invoking SSM, check inputs and specific error", | ||
| exception=traceback.format_exc(ce)) | ||
| except botocore.exceptions.ParamValidationError as ve: | ||
| module.fail_json(msg="Parameters to `invoke` failed to validate", |
There was a problem hiding this comment.
| while checking: | ||
| try: | ||
| invoke_response = client.list_command_invocations(**list_params) | ||
| except Exception as e: |
There was a problem hiding this comment.
Only capture the specific exception type here and handle appropriately https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/cloud/amazon/GUIDELINES.md#boto3-2
|
Discussed offline with the author of the SSM connection plugin, and decided that both would be good to have. Once everyone's happy with implementation on this one, I'm good to merge. |
|
@woznij This PR contains |
ansibot
added
the
stale_ci
|
@woznij can you please rebase this and change the "version_added" docs property? |
|
The test The test |
ansibot
removed
the
stale_ci
mattclay
added
the
ci_verified
ansibot
added
stale_ci
|
what is going on here? it has been a while since there was any progress? what can I do to help? |
|
@destroy-everything It HAS been a while! I got pulled away on assignment at work and have not had time to come back to this. It has turned into a bit of a black hole it seems. I fix one thing and another thing is found, lots of small differentiating changes. With my workload as of recent it has made it difficult to keep up. This is really my first contribution to a large public repo so following the rules is a bit of a learning curve too, and it seems the rules have changed a few times since I started this. All that is just an excuse really and I really should just sit down and do it. Other than time, my blockers are reading up on how to "rebase" properly, read up on what "ANSIBLE_METADATA" is, read up on "RETURN.status.returned" should be. The other outstanding things like PEP8 tweaks should be pretty easy. I will note that a good chunk of this code was reused from another approved and merged module so some of the things that were caught must be because of new checks that are being performed. |
|
@woznij it is a bit of a moving target I'm afraid but a slow moving one that we're trying to better document. Some of it is that the project's coding standards are improving so we can do more checking of the obvious stuff, some of it is just evolution in action. We should also just document a 'perfect' module skeleton that people can just copy and paste the relevant sections from into their work. |
just means that in your |
ansibot
added
the
new_contributor
ansibot
removed
the
new_contributor
ansibot
added
the
new_contributor
|
This PR has been inactive for over half a year now. Any activities going on? I have written the same module for internal use with the same functionality. Should we try to fix this PR or should I open a fresh PR with my changes? |
ISSUE TYPE
COMPONENT NAME
ssm_send_command
ANSIBLE VERSION
SUMMARY
This module allows you to interface with Amazon Simple Systems Manager (SSM) to manage the configuration of your Amazon EC2 instances. Specifically this module allows you to use the Run Command functionality to run system commands against your hosts. E.g. you can run PowerShell commands against Windows hosts or bash commands against a Linux host. The specific advantage is that you do not need to log into those hosts as the SSM service takes care of the execution. For more information see http://docs.aws.amazon.com/ssm/latest/APIReference/Welcome.html