我正在尝试将静态和放大器结合起来动态(EC2)库存。有两个ec2实例:
尝试从控制台ping“ami”主机。这是我的 主机 文件:
[local]
localhost ansible_connection=local
[tag_Name_ami]
[tag_Name_redhat]
[amazon:children]
tag_Name_ami
tag_Name_redhat
要成功ping“ami”主机,我需要使用两个特定的变量:
尝试通过在 group_vars 目录中创建文件来实现它:
.
├── demo_setup.yml
├── ec2.ini
├── ec2.py
├── group_vars
│ ├── amazon.yml
│ ├── aws-redhats
│ ├── tag_Name_ami.yml
│ └── tag_Name_redhat.yml
├── hosts
├── hosts.bckp
└── host_vars
$ cat group_vars/tag_Name_ami.yml
ansible_ssh_user: ec2-user
$ cat group_vars/amazon.yml
ansible_ssh_private_key_file: /home/ubuntu/.ssh/klucze.pem
问题是ansible似乎只用“em> ansible_ssh_user ”“看”了tag_Name_ami.yml,用 ansible_ssh_private_key_file 值忽略了我的amazon.yml。下面的一些输出:
$ ansible tag_Name_ami -i ec2.py -m ping -vvv
<52.59.246.244> ESTABLISH CONNECTION FOR USER: ec2-user
<52.59.246.244> REMOTE_MODULE ping
<52.59.246.244> EXEC ssh -C -tt -v -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/ubuntu/.ansible/cp/ansible-ssh-%h-%p-%r" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 52.59.246.244 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1452256637.43-34398544897068 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1452256637.43-34398544897068 && echo $HOME/.ansible/tmp/ansible-tmp-1452256637.43-34398544897068'
52.59.246.244 | FAILED => SSH Error: Permission denied (publickey).
while connecting to 52.59.246.244:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
$ ansible amazon -i ec2.py -m ping
No hosts matched
$
当我将 ansible_ssh_private_key_file 添加到我的tag_Name_ami时,ping是成功的:
$ ansible tag_Name_ami -i ec2.py -m ping -vvv
<52.59.246.244> ESTABLISH CONNECTION FOR USER: ec2-user
<52.59.246.244> REMOTE_MODULE ping
<52.59.246.244> EXEC ssh -C -tt -v -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/ubuntu/.ansible/cp/ansible-ssh-%h-%p-%r" -o IdentityFile="/home/ubuntu/.ssh/klucze.pem" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 52.59.246.244 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1452256765.34-42269843852436 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1452256765.34-42269843852436 && echo $HOME/.ansible/tmp/ansible-tmp-1452256765.34-42269843852436'
<52.59.246.244> PUT /tmp/tmpbFP5sH TO /home/ec2-user/.ansible/tmp/ansible-tmp-1452256765.34-42269843852436/ping
<52.59.246.244> EXEC ssh -C -tt -v -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/ubuntu/.ansible/cp/ansible-ssh-%h-%p-%r" -o IdentityFile="/home/ubuntu/.ssh/klucze.pem" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 52.59.246.244 /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/ec2-user/.ansible/tmp/ansible-tmp-1452256765.34-42269843852436/ping; rm -rf /home/ec2-user/.ansible/tmp/ansible-tmp-1452256765.34-42269843852436/ >/dev/null 2>&1'
52.59.246.244 | success >> {
"changed": false,
"ping": "pong"
}
$
ubuntu@ip-172-31-20-41:/etc/ansible$ cat group_vars/tag_Name_ami.yml
ansible_ssh_user: ec2-user
ansible_ssh_private_key_file: /home/ubuntu/.ssh/klucze.pem
但这不是我想要的,我希望每个新的EC2实例都定义了这个 ansible_ssh_private_key_file 变量(它将成为'amazon'静态组的一部分),而ami / redhat实例还有< em> ansible_ssh_user 已定义。
提前感谢您提供的任何帮助!
***********更新****************
我所能做到的就是这样做:
$ ansible-playbook demo_ping.yml --private-key=/home/ubuntu/.ssh/klucze.pem -u ec2-user
PLAY [webserver] **************************************************************
GATHERING FACTS ***************************************************************
ok: [ec2-54-93-114-191.eu-central-1.compute.amazonaws.com]
TASK: [Execute ping] **********************************************************
ok: [ec2-54-93-114-191.eu-central-1.compute.amazonaws.com]
PLAY RECAP ********************************************************************
ec2-54-93-114-191.eu-central-1.compute.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0
将我的静态主机文件与webserver组一起使用。该剧本看起来像:
---
- hosts: amazon
remote_user: ec2-user
tasks:
- name: Execute ping
ping:
...
将'amazon'作为播放本中的主机值返回错误:
PLAY [amazon] *****************************************************************
skipping: no hosts matched
还尝试用'-i ec2.py'执行playbook,同样的错误
答案 0 :(得分:1)
您可以遍历ec2主机并在剧本中设置变量ansible_ssh_private_key_file
。
- hosts: amazon
gather_facts: false
tasks:
- set_fact:
ansible_ssh_private_key_file: '/home/ubuntu/.ssh/klucze.pem'
...