使用 aws 凭据通过 Ansible 创建 EC2 实例
Create EC2 instance by Ansible with aws credentials
我遵循了这 3 个指南:
- http://docs.ansible.com/ansible/guide_aws.html
- http://docs.ansible.com/ansible/ec2_module.html
- https://gist.github.com/tristanfisher/e5a306144a637dc739e7
我写了这个 Ansible play
---
- hosts: localhost
connection: local
gather_facts: false
tasks:
- include_vars: aws_credentials.yml
- name: Creating EC2 Ubuntu instance
ec2:
instance_type: t1.micro
image: ami-86e0ffe7
region: us-west-2
key_name: my-aws-key
zone: us-west-2a
vpc_subnet_id: subnet-04199d61
group_id: sg-cf6736aa
assign_public_ip: yes
count: 1
wait: true
volumes:
- device_name: /dev/sda1
volume_type: gp2
volume_size: 10
instance_tags:
Name: ansible-test
Project: test
Ansible: manageable
register: ec2
那我运行ansible-playbook create-ec2.yml -v --private-key ~/.ssh/my-key --vault-password-file ~/.password/to_ansible_vault
我收到了这条消息
PLAY [localhost] ***************************************************************
TASK [include_vars] ************************************************************
ok: [localhost] => {"ansible_facts": {"ec2_access_key": "decrypted_acces_key_XXXXX", "ec2_secret_key": "decrypted_secret_key_XXXXX"}, "changed": false}
TASK [Creating EC2 Ubuntu instance] ********************************************
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "No handler was ready to authenticate. 1 handlers were checked. ['HmacAuthV4Handler'] Check your credentials"}
NO MORE HOSTS LEFT *************************************************************
[WARNING]: Could not create retry file 'create-ec2.retry'. [Errno 2] No such file or directory: ''
PLAY RECAP *********************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=1
当我 运行 ansible-vault view aws_credentials.yml --vault-password-file ~/.password/to_ansible_vault 我得到了加密的可读内容 aws_credentials.yml,
像这样:
---
ec2_access_key: "XXXXX"
ec2_secret_key: "XXXXX"
另外,当我使用纯 aws_credentials.yml 时,它不起作用。只有当我导出我的凭据时,它才能正常工作。
有人可以帮助我吗,我如何编写剧本来创建带有存储在加密文件中的凭据的 ec2 实例?
在这种情况下,我认为您应该将密钥直接提供给 ec2 模块。
试试这个:
- name: Creating EC2 Ubuntu instance
ec2:
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
instance_type: t1.micro
image: ami-86e0ffe7
region: us-west-2
...
The code 表明它只检查模块的参数和环境变量,而不是主机变量。
您还可以将 AWS API 密钥导出到 OS 环境变量,例如:
export AWS_ACCESS_KEY=XXXXXXX
那么在Ansible场景中你需要设置:
- name: Creating EC2 Ubuntu instance
ec2:
aws_access_key: "{{ lookup('env', 'AWS_ACCESS_KEY') }}"
aws_secret_key: "{{ lookup('env', 'AWS_SECRET_KEY') }}"
instance_type: t1.micro
image: ami-86e0ffe7
region: us-west-2
我遵循了这 3 个指南:
- http://docs.ansible.com/ansible/guide_aws.html
- http://docs.ansible.com/ansible/ec2_module.html
- https://gist.github.com/tristanfisher/e5a306144a637dc739e7
我写了这个 Ansible play
---
- hosts: localhost
connection: local
gather_facts: false
tasks:
- include_vars: aws_credentials.yml
- name: Creating EC2 Ubuntu instance
ec2:
instance_type: t1.micro
image: ami-86e0ffe7
region: us-west-2
key_name: my-aws-key
zone: us-west-2a
vpc_subnet_id: subnet-04199d61
group_id: sg-cf6736aa
assign_public_ip: yes
count: 1
wait: true
volumes:
- device_name: /dev/sda1
volume_type: gp2
volume_size: 10
instance_tags:
Name: ansible-test
Project: test
Ansible: manageable
register: ec2
那我运行ansible-playbook create-ec2.yml -v --private-key ~/.ssh/my-key --vault-password-file ~/.password/to_ansible_vault
我收到了这条消息
PLAY [localhost] ***************************************************************
TASK [include_vars] ************************************************************
ok: [localhost] => {"ansible_facts": {"ec2_access_key": "decrypted_acces_key_XXXXX", "ec2_secret_key": "decrypted_secret_key_XXXXX"}, "changed": false}
TASK [Creating EC2 Ubuntu instance] ********************************************
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "No handler was ready to authenticate. 1 handlers were checked. ['HmacAuthV4Handler'] Check your credentials"}
NO MORE HOSTS LEFT *************************************************************
[WARNING]: Could not create retry file 'create-ec2.retry'. [Errno 2] No such file or directory: ''
PLAY RECAP *********************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=1
当我 运行 ansible-vault view aws_credentials.yml --vault-password-file ~/.password/to_ansible_vault 我得到了加密的可读内容 aws_credentials.yml,
像这样:
---
ec2_access_key: "XXXXX"
ec2_secret_key: "XXXXX"
另外,当我使用纯 aws_credentials.yml 时,它不起作用。只有当我导出我的凭据时,它才能正常工作。 有人可以帮助我吗,我如何编写剧本来创建带有存储在加密文件中的凭据的 ec2 实例?
在这种情况下,我认为您应该将密钥直接提供给 ec2 模块。
试试这个:
- name: Creating EC2 Ubuntu instance
ec2:
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
instance_type: t1.micro
image: ami-86e0ffe7
region: us-west-2
...
The code 表明它只检查模块的参数和环境变量,而不是主机变量。
您还可以将 AWS API 密钥导出到 OS 环境变量,例如:
export AWS_ACCESS_KEY=XXXXXXX
那么在Ansible场景中你需要设置:
- name: Creating EC2 Ubuntu instance
ec2:
aws_access_key: "{{ lookup('env', 'AWS_ACCESS_KEY') }}"
aws_secret_key: "{{ lookup('env', 'AWS_SECRET_KEY') }}"
instance_type: t1.micro
image: ami-86e0ffe7
region: us-west-2