Question

我想在Ansible的帮助下创建和配置Amazon EC2计算机。现在，我收到以下错误：

fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "Instance creation failed => InvalidKeyPair.NotFound: The key pair '~/.keys/EC2-Kibi-Enterprise-Deployment.pem' does not exist"}

但.pem键存在：

$ ls -lh ~/.keys/EC2-Kibi-Enterprise-Deployment.pem 
-r-------- 1 sergey sergey 1.7K Apr  6 09:56 /home/sergey/.keys/EC2-Kibi-Enterprise-Deployment.pem

它是在欧盟（爱尔兰）地区创建的。

这是我的剧本：

--
- name: Setup servers on Amazon EC2 machines
  hosts: localhost
  gather_facts: no

  tasks:
    - include_vars: group_vars/all/ec2_vars.yml

    ### Create Amazon EC2 instances
    - name: Amazon EC2 | Create instances
      ec2:
        count: "{{ count }}"
        key_name: "{{ key }}"
        region: "{{ region }}"
        zone: "{{ zone }}"
        group: "{{ group }}"
        instance_type: "{{ machine }}"
        image: "{{ image }}"
        wait: true
        wait_timeout: 500
        #vpc_subnet_id: "{{ subnet }}" 
        #assign_public_ip: yes
      register: ec2

    - name: Amazon EC2 | Wait for SSH to come up
      wait_for:
        host: "{{ item.public_ip }}"
        port: 22
        delay: 10
        timeout: 60
        state: started
      with_items: "{{ ec2.instances }}"

    - name: Amazon EC2 | Add hosts to the kibi_servers in-memory inventory group
      add_host: hostname={{ item.public_ip }} groupname=kibi_servers
      with_items: "{{ ec2.instances }}"
    ### END

### Provision roles
- name: Amazon EC2 | Provision new instances
  hosts: kibi_servers
  become: yes
  roles:
    - common
    - java
    - elasticsearch
    - logstash
    - nginx
    - kibi
    - supervisor
### END

我的var文件：

count: 2
region: eu-west-1
zone: eu-west-1a
group: default
image:  ami-d1ec01a6
machine: t2.medium
subnet: subnet-3a2aa952
key: ~/.keys/EC2-Kibi-Enterprise-Deployment.pem

这里的.pem文件有什么问题？

Answer 1

ec2 module的key参数正在查找已上传到AWS的密钥对名称，而不是本地密钥。

如果您想让Ansible上传公钥，您可以使用ec2_key module。

所以你的剧本会是这样的：

--
- name: Setup servers on Amazon EC2 machines
  hosts: localhost
  gather_facts: no

  tasks:
    - include_vars: group_vars/all/ec2_vars.yml

    ### Create Amazon EC2 key pair
    - name: Amazon EC2 | Create Key Pair
      ec2_key:
        name: "{{ key_name }}"
        region: "{{ region }}"
        key_material: "{{ item }}"
      with_file: /path/to/public_key.id_rsa.pub

    ### Create Amazon EC2 instances
    - name: Amazon EC2 | Create instances
      ec2:
        count: "{{ count }}"
        key_name: "{{ key_name }}"
        ...

Answer 2

已找到解决方案。当您为.pem密钥文件放置完整路径时，EC2不喜欢。

因此，我将EC2-Kibi-Enterprise-Deployment.pem移至~/.ssh，并使用ssh-add将其添加到身份验证代理中：

ssh-add ~/.ssh/EC2-Kibi-Enterprise-Deployment.pem

并将我的var文件中的关键行更正为key: EC2-Kibi-Enterprise-Deployment.pem

如果您使用EC2 cli工具，请不要指定密钥文件的完整路径 ec2-run-instances ami-d1ec01a6 -t t2.medium --region eu-west-1 --key EC2-Kibi-Enterprise-Deployment.pem

Answer 3

不指定密钥的扩展名。因此该密钥名称应仅是“ EC2-Kibi-Enterprise-Deployment”。在此阶段，Ansible不在乎您的密钥是否在本地计算机上。它会验证它是否存在于您的AWS账户中。转到AWS账户中的“ EC2>密钥对”部分，您会看到列出的密钥没有文件扩展名。

Answer 4

在提供 Key in 变量时不要提供文件扩展名 (.pem)。只给文件名。例如：akshay.pem 是我的密钥，然后在 vars filoe 中只提供 akshay 作为密钥。

Ansible亚马逊EC2。密钥对不存在

4 个答案: