Alex Lo Engineering Blog

Updates from January, 2017 Toggle Comment Threads | Keyboard Shortcuts

• 

  @alexlo03 21:15 on 2017/01/02 Permalink | Reply  

  Steps for making a change to the Ansible AWS Security Group Module 

  (On OSX)

  1) fork & clone ansible repo

  commentary: ansible has sensibly merged back ansible-modules and ansible-modules-extra rather than continue using submodules. IF you had cloned in the submodules, go ahead and `rm -rf extras` and `core` from ansible/lib/ansible/modules or your global finds will be very confusing!

  2) get `ansible-playbook` to use your repo (rather than your brew or python installed official release of ansible)

  ansible/ $ . hacking/env-setup
  ansible/ $ make

  note that now `ansible-playbook –version` should print info about your current githash/branch

  3) Try to get integration tests working locally
  3A) setup AWS IAM for cloud integration tests.

  a) set up an IAM user (“tester”) with ec2 full control managed policy attached and keep the key around
  https://console.aws.amazon.com/iam/home?region=us-east-1#/policies/arn:aws:iam::aws:policy/AmazonEC2FullAccess
  b) get your own aws credentials out of the way `mv ~/.aws/credentials ~/.aws/credentials.hide`
  c) EC2_ACCESS_KEY=xxx
  EC2_SECRET_KEY=yyy
  EC2_REGION=us-east-1

  3B) setup credentials.yml
  copy credentials.template into credentials.yml, fill in the AWS related credentials

  3C) strip down amazon.yml to the tests i care about

  - hosts: amazon
    gather_facts: true
    roles:
      - role: test_ec2_group

  3D) run `ansible/test/integration $ make amazon`

  OPTIONAL: have it fail due to boto

  fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "boto required for this module"}

  Remediation:

  1) verify boto in your global python env

  pip freeze | grep boto

  if not `pip install boto`

  2) if the integation tests still fail – there may be a difference between the site-packages (pip packages) between SYSTEM python (/usr/bin/python) and BREW python (/usr/local/bin/python)
  Ansible uses SYSTEM python whereas you mostly use BREW python

  useful diagnostic line: `which -a python`
  should show the local version first if your path is setup correctly.

  Fix from homebrew issue

  ==> Caveats
  If you need Python to find the installed site-packages:
  mkdir -p ~/Library/Python/2.7/lib/python/site-packages
  echo ‘/usr/local/lib/python2.7/site-packages’ > ~/Library/Python/2.7/lib/python/site-packages/homebrew.pth

  OPTIONAL: fix integration tests or module not working in integration tests

  4) add breaking integration test
  5) fix module
  6) PR
  7) remove “tester” IAM user
  8) DONE

  other useful tools:
  audit what your test suite is doing in cloudtrail (must be enabled)
   

  Reply Cancel reply

  Required fields are marked *

  Name *

  Email *

  Website

  Notify me of new comments via email.

  Notify me of new posts via email.

  Δ