salt.states.boto_elb¶
Manage ELBs
New in version 2014.7.0.
Create and destroy ELBs. Be aware that this interacts with Amazon's services, and so may incur charges.
This module uses boto, which can be installed via package, or pip.
This module accepts explicit elb credentials but can also utilize IAM roles assigned to the instance through Instance Profiles. Dynamic credentials are then automatically obtained from AWS API and no further configuration is necessary. More information available here.
If IAM roles are not used you need to specify them either in a pillar file or in the minion's config file:
elb.keyid: GKTADJGHEIQSXMKKRBJ08H
elb.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
It's also possible to specify key, keyid and region via a profile, either
passed in as a dict, or as a string to pull from pillars or minion config:
myprofile:
keyid: GKTADJGHEIQSXMKKRBJ08H
key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
region: us-east-1
Ensure myelb ELB exists:
boto_elb.present:
- name: myelb
- region: us-east-1
- availability_zones:
- us-east-1a
- us-east-1c
- us-east-1d
- keyid: GKTADJGHEIQSXMKKRBJ08H
- key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
- listeners:
- elb_port: 443
instance_port: 80
elb_protocol: HTTPS
instance_protocol: HTTP
certificate: 'arn:aws:iam::1111111:server-certificate/mycert'
- elb_port: 8210
instance_port: 8210
elb_protocol: TCP
- health_check:
target: 'HTTP:80/'
- attributes:
cross_zone_load_balancing:
enabled: true
access_log:
enabled: true
s3_bucket_name: 'mybucket'
s3_bucket_prefix: 'my-logs'
emit_interval: 5
connecting_settings:
idle_timeout: 60
- cnames:
- name: mycname.example.com.
zone: example.com.
ttl: 60
- name: myothercname.example.com.
zone: example.com.
- security_groups:
- my-security-group
# Using a profile from pillars
Ensure myelb ELB exists:
boto_elb.present:
- name: myelb
- region: us-east-1
- profile: myelbprofile
# Passing in a profile
Ensure myelb ELB exists:
boto_elb.present:
- name: myelb
- region: us-east-1
- profile:
keyid: GKTADJGHEIQSXMKKRBJ08H
key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
It's possible to specify attributes from pillars by specifying a pillar. You can override the values defined in the pillard by setting the attributes on the resource. The module will use the default pillar key 'boto_elb_attributes', which allows you to set default attributes for all ELB resources.
Setting the attributes pillar:
my_elb_attributes:
cross_zone_load_balancing:
enabled: true
connection_draining:
enabled: true
timeout: 20
access_log:
enabled: true
s3_bucket_name: 'mybucket'
s3_bucket_prefix: 'my-logs'
emit_interval: 5
Overriding the attribute values on the resource:
Ensure myelb ELB exists:
boto_elb.present:
- name: myelb
- region: us-east-1
- attributes_from_pillar: my_elb_attributes
# override cross_zone_load_balancing:enabled
- attributes:
cross_zone_load_balancing:
enabled: false
- profile: myelbprofile
It's possible to specify cloudwatch alarms that will be setup along with the ELB. Note the alarm name will be defined by the name attribute provided, plus the ELB resource name.
Ensure myelb ELB exists:
boto_elb.present:
- name: myelb
- region: us-east-1
- profile: myelbprofile
- alarms:
UnHealthyHostCount:
name: 'ELB UnHealthyHostCount **MANAGED BY SALT**'
attributes:
metric: UnHealthyHostCount
namespace: AWS/ELB
statistic: Average
comparison: '>='
threshold: 1.0
period: 600
evaluation_periods: 6
unit: null
description: ELB UnHealthyHostCount
alarm_actions: ['arn:aws:sns:us-east-1:12345:myalarm']
insufficient_data_actions: []
ok_actions: ['arn:aws:sns:us-east-1:12345:myalarm']
You can also use alarms from pillars, and override values from the pillar alarms by setting overrides on the resource. Note that 'boto_elb_alarms' will be used as a default value for all resources, if defined and can be used to ensure alarms are always set for a resource.
Setting the alarms in a pillar:
my_elb_alarm:
UnHealthyHostCount:
name: 'ELB UnHealthyHostCount **MANAGED BY SALT**'
attributes:
metric: UnHealthyHostCount
namespace: AWS/ELB
statistic: Average
comparison: '>='
threshold: 1.0
period: 600
evaluation_periods: 6
unit: null
description: ELB UnHealthyHostCount
alarm_actions: ['arn:aws:sns:us-east-1:12345:myalarm']
insufficient_data_actions: []
ok_actions: ['arn:aws:sns:us-east-1:12345:myalarm']
Overriding the alarm values on the resource:
Ensure myelb ELB exists:
boto_elb.present:
- name: myelb
- region: us-east-1
- profile: myelbprofile
- alarms_from_pillar: my_elb_alarm
# override UnHealthyHostCount:attributes:threshold
- alarms:
UnHealthyHostCount:
attributes:
threshold: 2.0
-
salt.states.boto_elb.absent(name, region=None, key=None, keyid=None, profile=None)¶
-
salt.states.boto_elb.present(name, listeners, availability_zones=None, subnets=None, security_groups=None, scheme='internet-facing', health_check=None, attributes=None, attributes_from_pillar='boto_elb_attributes', cnames=None, alarms=None, alarms_from_pillar='boto_elb_alarms', region=None, key=None, keyid=None, profile=None, wait_for_sync=True)¶ Ensure the ELB exists.
- name
- Name of the ELB.
- availability_zones
- A list of availability zones for this ELB.
- listeners
A list of listener lists; example:
[ ['443', 'HTTPS', 'arn:aws:iam::1111111:server-certificate/mycert'], ['8443', '80', 'HTTPS', 'HTTP', 'arn:aws:iam::1111111:server-certificate/mycert'] ]
- subnets
- A list of subnet IDs in your VPC to attach to your LoadBalancer.
- security_groups
The security groups assigned to your LoadBalancer within your VPC. Must be passed either as a list or a comma-separated string.
For example, a list:
- security_groups: - secgroup-one - secgroup-two
Or as a comma-separated string:
- security_groups: secgroup-one,secgroup-two
- scheme
- The type of a LoadBalancer,
internet-facingorinternal. Once set, can not be modified. - health_check
- A dict defining the health check for this ELB.
- attributes
A dict defining the attributes to set on this ELB. Unknown keys will be silently ignored.
See the
salt.modules.boto_elb.set_attributesfunction for recognized attributes.- attributes_from_pillar
- name of pillar dict that contains attributes. Attributes defined for this specific state will override those from pillar.
- cnames
An optional list of cname dicts with attributes: name, zone, ttl, and identifier. If specified, a CNAME record will be created referencing this ELB's public FQDN.
See the
salt.states.boto_route53state for information about these attributes.- alarms:
a dictionary of name->boto_cloudwatch_alarm sections to be associated with this ELB. All attributes should be specified except for dimension which will be automatically set to this ELB.
See the
salt.states.boto_cloudwatch_alarmstate for information about these attributes.- alarms_from_pillar:
- name of pillar dict that contains alarm settings. Alarms defined for this specific state will override those from pillar.
- region
- Region to connect to.
- key
- Secret key to be used.
- keyid
- Access key to be used.
- profile
- A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.
- wait_for_sync
- Wait for an INSYNC change status from Route53.
-
salt.states.boto_elb.register_instances(name, instances, region=None, key=None, keyid=None, profile=None)¶ Add EC2 instance(s) to an Elastic Load Balancer. Removing an instance from the
instanceslist does not remove it from the ELB.- name
- The name of the Elastic Load Balancer to add EC2 instances to.
- instances
- A list of EC2 instance IDs that this Elastic Load Balancer should
distribute traffic to. This state will only ever append new instances
to the ELB. EC2 instances already associated with this ELB will not be
removed if they are not in the
instanceslist.
New in version 2015.8.0.
add-instances: boto_elb.register_instances: - name: myloadbalancer - instances: - instance-id1 - instance-id2
