1

我正在尝试结合静态和动态(EC2)库存。有两个 ec2 实例:

  • ansible控制机
  • 基于ami的主机

试图从控制机器 ping 'ami' 主机。这是我的主机文件:

[local] 
localhost ansible_connection=local

[tag_Name_ami]

[tag_Name_redhat]

[amazon:children] 
tag_Name_ami 
tag_Name_redhat

要成功 ping 'ami' 主机,我需要使用两个特定变量:

  • ansible_ssh_user:ec2-user(我的控制机是ubuntu)
  • ansible_ssh_private_key_file: /home/ubuntu/.ssh/klucze.pem

尝试通过在group_vars目录中创建文件来实现它:

.
├── demo_setup.yml
├── ec2.ini
├── ec2.py
├── group_vars
│   ├── amazon.yml
│   ├── aws-redhats
│   ├── tag_Name_ami.yml
│   └── tag_Name_redhat.yml
├── hosts
├── hosts.bckp
└── host_vars

$ cat group_vars/tag_Name_ami.yml 
ansible_ssh_user: ec2-user
$ cat group_vars/amazon.yml 
ansible_ssh_private_key_file: /home/ubuntu/.ssh/klucze.pem

问题是 ansible 似乎只“看到”了带有 ansible_ssh_user 的tag_Name_ami.yml,而忽略了我的带有ansible_ssh_private_key_file值的 amazon.yml 。下面的一些输出:

$ ansible tag_Name_ami -i ec2.py -m ping -vvv
<52.59.246.244> ESTABLISH CONNECTION FOR USER: ec2-user
<52.59.246.244> REMOTE_MODULE ping
<52.59.246.244> EXEC ssh -C -tt -v -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/ubuntu/.ansible/cp/ansible-ssh-%h-%p-%r" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 52.59.246.244 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1452256637.43-34398544897068 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1452256637.43-34398544897068 && echo $HOME/.ansible/tmp/ansible-tmp-1452256637.43-34398544897068'
52.59.246.244 | FAILED => SSH Error: Permission denied (publickey).
    while connecting to 52.59.246.244:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.

$ ansible amazon -i ec2.py -m ping
No hosts matched
$

当我将ansible_ssh_private_key_file添加到我的 tag_Name_ami 时,ping 成功:

$ ansible tag_Name_ami -i ec2.py -m ping -vvv
<52.59.246.244> ESTABLISH CONNECTION FOR USER: ec2-user
<52.59.246.244> REMOTE_MODULE ping
<52.59.246.244> EXEC ssh -C -tt -v -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/ubuntu/.ansible/cp/ansible-ssh-%h-%p-%r" -o IdentityFile="/home/ubuntu/.ssh/klucze.pem" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 52.59.246.244 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1452256765.34-42269843852436 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1452256765.34-42269843852436 && echo $HOME/.ansible/tmp/ansible-tmp-1452256765.34-42269843852436'
<52.59.246.244> PUT /tmp/tmpbFP5sH TO /home/ec2-user/.ansible/tmp/ansible-tmp-1452256765.34-42269843852436/ping
<52.59.246.244> EXEC ssh -C -tt -v -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/ubuntu/.ansible/cp/ansible-ssh-%h-%p-%r" -o IdentityFile="/home/ubuntu/.ssh/klucze.pem" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 52.59.246.244 /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/ec2-user/.ansible/tmp/ansible-tmp-1452256765.34-42269843852436/ping; rm -rf /home/ec2-user/.ansible/tmp/ansible-tmp-1452256765.34-42269843852436/ >/dev/null 2>&1'
52.59.246.244 | success >> {
    "changed": false, 
    "ping": "pong"
}

$
ubuntu@ip-172-31-20-41:/etc/ansible$ cat group_vars/tag_Name_ami.yml 
ansible_ssh_user: ec2-user
ansible_ssh_private_key_file: /home/ubuntu/.ssh/klucze.pem

但这不是我想要的,我希望每个新的 EC2 实例都定义这个ansible_ssh_private_key_file变量(它将成为“amazon”静态组的一部分),并且 ami/redhat 实例还定义了ansible_ssh_user

提前感谢您提供的任何帮助!

*********** 更新 ****************

我所能达到的就是这样做:

$ ansible-playbook demo_ping.yml --private-key=/home/ubuntu/.ssh/klucze.pem -u ec2-user

PLAY [webserver] ************************************************************** 

GATHERING FACTS *************************************************************** 
ok: [ec2-54-93-114-191.eu-central-1.compute.amazonaws.com]

TASK: [Execute ping] ********************************************************** 
ok: [ec2-54-93-114-191.eu-central-1.compute.amazonaws.com]

PLAY RECAP ******************************************************************** 
ec2-54-93-114-191.eu-central-1.compute.amazonaws.com : ok=2    changed=0    unreachable=0    failed=0

将我的静态主机文件与网络服务器组一起使用。剧本看起来像:

---
- hosts: amazon 
  remote_user: ec2-user
  tasks:
  - name: Execute ping
    ping:
...

在剧本中将“亚马逊”作为主机值返回错误:

PLAY [amazon] ***************************************************************** 
skipping: no hosts matched

还尝试使用'-i ec2.py'执行剧本,同样的错误

4

1 回答 1

1

您可以遍历 ec2 主机并ansible_ssh_private_key_file在剧本中设置变量。

- hosts: amazon
  gather_facts: false
  tasks:
    - set_fact:
        ansible_ssh_private_key_file: '/home/ubuntu/.ssh/klucze.pem'
...
于 2016-01-08T16:37:20.247 回答