混合库存中的Ansible静态和动态组

时间:2016-01-08 12:47:13

标签: amazon-ec2 ansible ansible-inventory

我正在尝试将静态和放大器结合起来动态(EC2)库存。有两个ec2实例:

  • ansible control machine
  • ami based host

尝试从控制台ping“ami”主机。这是我的 主机 文件:

[local] 
localhost ansible_connection=local

[tag_Name_ami]

[tag_Name_redhat]

[amazon:children] 
tag_Name_ami 
tag_Name_redhat

要成功ping“ami”主机,我需要使用两个特定的变量:

  • ansible_ssh_user:ec2-user(我的控制机器是ubuntu)
  • ansible_ssh_private_key_file:/home/ubuntu/.ssh/klucze.pem

尝试通过在 group_vars 目录中创建文件来实现它:

.
├── demo_setup.yml
├── ec2.ini
├── ec2.py
├── group_vars
│   ├── amazon.yml
│   ├── aws-redhats
│   ├── tag_Name_ami.yml
│   └── tag_Name_redhat.yml
├── hosts
├── hosts.bckp
└── host_vars

$ cat group_vars/tag_Name_ami.yml 
ansible_ssh_user: ec2-user
$ cat group_vars/amazon.yml 
ansible_ssh_private_key_file: /home/ubuntu/.ssh/klucze.pem

问题是ansible似乎只用“em> ansible_ssh_user ”“看”了tag_Name_ami.yml,用 ansible_ssh_private_key_file 值忽略了我的amazon.yml。下面的一些输出:

$ ansible tag_Name_ami -i ec2.py -m ping -vvv
<52.59.246.244> ESTABLISH CONNECTION FOR USER: ec2-user
<52.59.246.244> REMOTE_MODULE ping
<52.59.246.244> EXEC ssh -C -tt -v -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/ubuntu/.ansible/cp/ansible-ssh-%h-%p-%r" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 52.59.246.244 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1452256637.43-34398544897068 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1452256637.43-34398544897068 && echo $HOME/.ansible/tmp/ansible-tmp-1452256637.43-34398544897068'
52.59.246.244 | FAILED => SSH Error: Permission denied (publickey).
    while connecting to 52.59.246.244:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.

$ ansible amazon -i ec2.py -m ping
No hosts matched
$ 

当我将 ansible_ssh_private_key_file 添加到我的tag_Name_ami时,ping是成功的:

$ ansible tag_Name_ami -i ec2.py -m ping -vvv
<52.59.246.244> ESTABLISH CONNECTION FOR USER: ec2-user
<52.59.246.244> REMOTE_MODULE ping
<52.59.246.244> EXEC ssh -C -tt -v -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/ubuntu/.ansible/cp/ansible-ssh-%h-%p-%r" -o IdentityFile="/home/ubuntu/.ssh/klucze.pem" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 52.59.246.244 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1452256765.34-42269843852436 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1452256765.34-42269843852436 && echo $HOME/.ansible/tmp/ansible-tmp-1452256765.34-42269843852436'
<52.59.246.244> PUT /tmp/tmpbFP5sH TO /home/ec2-user/.ansible/tmp/ansible-tmp-1452256765.34-42269843852436/ping
<52.59.246.244> EXEC ssh -C -tt -v -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/ubuntu/.ansible/cp/ansible-ssh-%h-%p-%r" -o IdentityFile="/home/ubuntu/.ssh/klucze.pem" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 52.59.246.244 /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/ec2-user/.ansible/tmp/ansible-tmp-1452256765.34-42269843852436/ping; rm -rf /home/ec2-user/.ansible/tmp/ansible-tmp-1452256765.34-42269843852436/ >/dev/null 2>&1'
52.59.246.244 | success >> {
    "changed": false, 
    "ping": "pong"
}

$
ubuntu@ip-172-31-20-41:/etc/ansible$ cat group_vars/tag_Name_ami.yml 
ansible_ssh_user: ec2-user
ansible_ssh_private_key_file: /home/ubuntu/.ssh/klucze.pem

但这不是我想要的,我希望每个新的EC2实例都定义了这个 ansible_ssh_private_key_file 变量(它将成为'amazon'静态组的一部分),而ami / redhat实例还有< em> ansible_ssh_user 已定义。

提前感谢您提供的任何帮助!

***********更新****************

我所能做到的就是这样做:

$ ansible-playbook demo_ping.yml --private-key=/home/ubuntu/.ssh/klucze.pem -u ec2-user

PLAY [webserver] ************************************************************** 

GATHERING FACTS *************************************************************** 
ok: [ec2-54-93-114-191.eu-central-1.compute.amazonaws.com]

TASK: [Execute ping] ********************************************************** 
ok: [ec2-54-93-114-191.eu-central-1.compute.amazonaws.com]

PLAY RECAP ******************************************************************** 
ec2-54-93-114-191.eu-central-1.compute.amazonaws.com : ok=2    changed=0    unreachable=0    failed=0

将我的静态主机文件与webserver组一起使用。该剧本看起来像:

---
- hosts: amazon 
  remote_user: ec2-user
  tasks:
  - name: Execute ping
    ping:
...

将'amazon'作为播放本中的主机值返回错误:

PLAY [amazon] ***************************************************************** 
skipping: no hosts matched

还尝试用'-i ec2.py'执行playbook,同样的错误

1 个答案:

答案 0 :(得分:1)

您可以遍历ec2主机并在剧本中设置变量ansible_ssh_private_key_file

- hosts: amazon
  gather_facts: false
  tasks:
    - set_fact:
        ansible_ssh_private_key_file: '/home/ubuntu/.ssh/klucze.pem'
...