使用Ansible Tower将云形成堆栈部署到AWS

时间:2016-08-05 20:22:02

标签: amazon-web-services ansible amazon-cloudformation amazon-ecs ansible-tower

我是Ansible,Ansible Tower和AWS Cloud Formation的新手,我正在尝试让Ansible Tower使用Cloud Formation模板部署EC2 Container Service。我尝试运行部署作业,并在下面遇到此错误。 

 TASK [create/update stack] *****************************************************
  task path: /var/lib/awx/projects/_6__api/tasks/create_stack.yml:2
  <127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: awx
  <127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo         $HOME/.ansible/tmp/ansible-tmp-1470427494.79-207756006727790 `" && echo ansible-tmp-1470427494.79-207756006727790="` echo $HOME/.ansible/tmp/ansible-tmp-1470427494.79-207756006727790 `" ) && sleep 0'
<127.0.0.1> PUT /tmp/tmpgAsKKv TO /var/lib/awx/.ansible/tmp/ansible-tmp-1470427494.79-207756006727790/cloudformation
<127.0.0.1> EXEC /bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-coqlkeqywlqhagfixtfpfotjgknremaw; LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 AWS_DEFAULT_REGION=us-west-2 LC_MESSAGES=en_US.UTF-8 /usr/bin/python /var/lib/awx/.ansible/tmp/ansible-tmp-1470427494.79-207756006727790/cloudformation; rm -rf "/var/lib/awx/.ansible/tmp/ansible-tmp-1470427494.79-207756006727790/" > /dev/null 2>&1'"'"' && sleep 0'
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "invocation": {"module_name": "cloudformation"}, "module_stderr": "/bin/sh: /usr/bin/sudo: Permission denied\n", "module_stdout": "", "msg": "MODULE FAILURE", "parsed": false}

这是创建/更新任务:

---
- name: create/update stack
  cloudformation:
    stack_name: my-stack
    state: present
    template: templates/stack.yml
    template_format: yaml
    template_parameters:
      VpcId: "{{ vpc_id }}"
      SubnetId: "{{ subnet_id }}"
      KeyPair: "{{ ec2_keypair }}"
      DbUsername: "{{ db_username }}"
      DbPassword: "{{ db_password }}"
      InstanceCount: "{{ instance_count | default(1) }}"
   tags:
     Environment: test
  register: cf_stack

- debug: msg={{ cf_stack }}
  when: debug is defined

Ansible Tower执行的剧本是site.yml文件:

---
- name: Deployment Playbook
  hosts: localhost
  connection: local
  gather_facts: no
  environment:
    AWS_DEFAULT_REGION: "{{ lookup('env', 'AWS_DEFAULT_REGION') | default('us-west-2', true) }}"
  tasks:
    - include: tasks/create_stack.yml
    - include: tasks/deploy_app.yml

这就是我的playbook文件夹结构:

/deploy
    /group_vars
       all
    /library
       aws_ecs_service.py
       aws_ecs_task.py 
       aws_ecs_taskdefinition.py
    /tasks
      stack.yml
    /templates
      site.yml

我的所有内容都基于Justin Menga的复数课程&#34;使用Docker和Ansible&#34;持续交付,但他使用的是Jenkins,而不是Ansible Tower,这可能就是为什么断开连接。无论如何,希望这是足够的信息,让我知道我是否也应该提供stack.yml文件。图书馆目录下的文件是Menga在其视频课程中定制的模块。

感谢阅读所有这些以及任何潜在的帮助!这是一个指向他的部署playbook存储库的链接,我在之后的所有内容中都密切建模https://github.com/jmenga/todobackend-deploy。我拿出的东西是DB RDS的东西。

1 个答案:

答案 0 :(得分:1)

如果查看错误消息的最后两行,您可以看到它正在尝试升级权限但失败:

<127.0.0.1> EXEC /bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-coqlkeqywlqhagfixtfpfotjgknremaw; LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 AWS_DEFAULT_REGION=us-west-2 LC_MESSAGES=en_US.UTF-8 /usr/bin/python /var/lib/awx/.ansible/tmp/ansible-tmp-1470427494.79-207756006727790/cloudformation; rm -rf "/var/lib/awx/.ansible/tmp/ansible-tmp-1470427494.79-207756006727790/" > /dev/null 2>&1'"'"' && sleep 0'
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "invocation": {"module_name": "cloudformation"}, "module_stderr": "/bin/sh: /usr/bin/sudo: Permission denied\n", "module_stdout": "", "msg": "MODULE FAILURE", "parsed": false}

由于这是一个本地任务,它正在尝试切换到Ansible Tower运行的框上的root用户,并且用户可能(并且有充分理由)没有权限执行此操作。 / p>

使用正常的Ansible,您可以通过在命令行中指定--become-b标志或在任务/播放定义中指定become: false来避免这种情况。

正如你在评论中指出的那样,在Ansible Tower中,它是一个解开&#34;启用权限升级的案例&#34;作业模板中的选项。

相关问题
最新问题