diff --git a/lib/ansible/modules/cloud/openstack/os_server.py b/lib/ansible/modules/cloud/openstack/os_server.py index 9d794182cc..e6298fa979 100644 --- a/lib/ansible/modules/cloud/openstack/os_server.py +++ b/lib/ansible/modules/cloud/openstack/os_server.py @@ -620,6 +620,33 @@ def _check_floating_ips(module, cloud, server): return (changed, server) +def _check_security_groups(module, cloud, server): + changed = False + + # server security groups were added to shade in 1.19. Until then this + # module simply ignored trying to update security groups and only set them + # on newly created hosts. + if not (hasattr(cloud, 'add_server_security_groups') and + hasattr(cloud, 'remove_server_security_groups')): + return changed, server + + module_security_groups = set(module.params['security_groups']) + server_security_groups = set(sg.name for sg in server.security_groups) + + add_sgs = module_security_groups - server_security_groups + remove_sgs = server_security_groups - module_security_groups + + if add_sgs: + cloud.add_server_security_groups(server, list(add_sgs)) + changed = True + + if remove_sgs: + cloud.remove_server_security_groups(server, list(remove_sgs)) + changed = True + + return (changed, server) + + def _get_server_state(module, cloud): state = module.params['state'] server = cloud.get_server(module.params['name']) @@ -629,8 +656,10 @@ def _get_server_state(module, cloud): msg="The instance is available but not Active state: " + server.status) (ip_changed, server) = _check_floating_ips(module, cloud, server) + (sg_changed, server) = _check_security_groups(module, cloud, server) (server_changed, server) = _update_server(module, cloud, server) - _exit_hostvars(module, cloud, server, ip_changed or server_changed) + _exit_hostvars(module, cloud, server, + ip_changed or sg_changed or server_changed) if server and state == 'absent': return True if state == 'absent':