使用 ansible was_ec2 动态库存插件到达堡垒主机后面的盒子时出现问题
Issue reaching boxes behind a bastion host with ansible was_ec2 dynamic inventory plugin
我稍微绕了一下,我可以说这个 post 不是重复的。我一直在使用 Ansible 2.9.x 并且使用 ec2.py 动态清单连接到 bastion host 对我来说一直很好。我正在切换到 ansible was_ec2 插件,其中一个原因甚至是我的另一个 post。
我收集到的信息如下是我的库存文件和 ansible.cfg 文件
#myprovile.aws_ec2.yml
plugin: amazon.aws.aws_ec2
boto_profile: my profile
strict: True
regions:
- eu-west-1
- eu-central-1
- eu-north-1
keyed_groups:
- key: tags
prefix: tag
hostnames:
- ip-address
# - dns-name
# - tag:Name
- private-ip-address
compose:
ansible_host: private_ip_address
# folder/project level ansible.cfg configuration
[defaults]
roles_path = roles
host_key_checking = False
hash_behaviour = merge ### Note to self: Extremely important settings
interpreter_python = auto ### Note to self: Very important settings for running from localhost
[inventory]
enable_plugins = aws_ec2, host_list, script, auto, yaml, ini, toml
# inventory = plugin_inventory/bb.aws_ec2.yaml
库存有 group_vars 个文件
➜ plugin_inventory git:(develop) ✗ tree
.
├── myprovile.aws_ec2.yml
└── group_vars
├── tag_Name_main_productname_uat_jumpbox.yml
├── tag_Name_main_productname_uat_mongo.yml
├── tag_Name_main_productname_uat_mongo_arb.yml
├── tag_Name_main_productname_uat_mysql.yml
└── tag_Name_xxx.yml
└── tag_Name_yyy.yml
要访问私有子网中的 mongo 数据库,group_vars 文件如下所示
#ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -i {{ hostvars.localhost.reg_jumpbox_ssh_key }} -W %h:%p -q ubuntu@{{ hostvars.localhost.reg_jumpbox_facts.instances.0.public_ip_address }}"'
ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -i ~/Dropbox/creds/pemfiles/ProductUATOps.pem -W %h:%p -q ubuntu@xxx.xxx.xxx.xxx"'
每次我运行命令
AWS_PROFILE=myprofile ansible -i ~/infrastructure_as_code/ansible_projects/productname/plugin_inventory/myprofile.aws_ec2.yml tag_Name_main_productname_uat_mongo -m ping -u ubuntu --private-key ~/Dropbox/creds/pemfiles/ProductUATOps.pem -vvvv
它没有连接,完整的输出和一些其他信息在 pastebin。
现在我看到的奇怪的是,即使在 ansible.cfg 中有 host_key_checking= False 我仍然在命令 Are you sure you want to continue connecting (yes/no/[fingerprint])?.
中找到以下内容
我也看到它正在寻找 ~/.ssh/known_hosts2\、/etc/ssh/ssh_known_hosts 和 /etc/ssh/ssh_known_hosts2,但那里有 ~/.ssh/known_hosts。
日志中还有一个令人困惑的错误 "module_stdout": "/bin/sh: 1: /Users/joseph/.pyenv/shims/python: not found\r\n"。但是python安装和pyenv已经一致了,oswise:
➜ ~ which python
/Users/joseph/.pyenv/shims/python
➜ ~ python --version
Python 3.8.12 (9ef55f6fc369, Oct 25 2021, 05:10:01)
[PyPy 7.3.7 with GCC Apple LLVM 13.0.0 (clang-1300.0.29.3)]
➜ ~ ls -lh /Users/joseph/.pyenv/shims/python
-rwxr-xr-x 1 joseph staff 183B Feb 14 22:47 /Users/joseph/.pyenv/shims/python
➜ ~ /usr/bin/env python --version
Python 3.8.12 (9ef55f6fc369, Oct 25 2021, 05:10:01)
[PyPy 7.3.7 with GCC Apple LLVM 13.0.0 (clang-1300.0.29.3)]
我怀疑错误是由于某些东西阻止了指纹进入已知的 hosts 文件,我很想自己手动模拟 ssh 隧道,但我想了解为什么会这样,是否因为这是一台新机器。任何人都可以为我阐明这一点。谢谢
在 运行 ansible-config dump 使用那个 ansible.cfg 之后,它发出 AnsibleOptionsError: Invalid value "merge ##... 所以它看起来 ansible 只是默默地吃掉了配置文件,或者可能正在使用不同的配置文件
虽然 # 是受支持的 行首 注释字符,但 ansible-config(自 2.12.1 起)仅允许 ; 作为行尾注释字符
[defaults]
roles_path = roles
host_key_checking = False
hash_behaviour = merge ;;; Note to self: Extremely important settings
interpreter_python = auto ;;; Note to self: Very important settings for running from localhost
[inventory]
enable_plugins = aws_ec2, host_list, script, auto, yaml, ini, toml
我稍微绕了一下,我可以说这个 post 不是重复的。我一直在使用 Ansible 2.9.x 并且使用 ec2.py 动态清单连接到 bastion host 对我来说一直很好。我正在切换到 ansible was_ec2 插件,其中一个原因甚至是我的另一个
我收集到的信息如下是我的库存文件和 ansible.cfg 文件
#myprovile.aws_ec2.yml
plugin: amazon.aws.aws_ec2
boto_profile: my profile
strict: True
regions:
- eu-west-1
- eu-central-1
- eu-north-1
keyed_groups:
- key: tags
prefix: tag
hostnames:
- ip-address
# - dns-name
# - tag:Name
- private-ip-address
compose:
ansible_host: private_ip_address
# folder/project level ansible.cfg configuration
[defaults]
roles_path = roles
host_key_checking = False
hash_behaviour = merge ### Note to self: Extremely important settings
interpreter_python = auto ### Note to self: Very important settings for running from localhost
[inventory]
enable_plugins = aws_ec2, host_list, script, auto, yaml, ini, toml
# inventory = plugin_inventory/bb.aws_ec2.yaml
库存有 group_vars 个文件
➜ plugin_inventory git:(develop) ✗ tree
.
├── myprovile.aws_ec2.yml
└── group_vars
├── tag_Name_main_productname_uat_jumpbox.yml
├── tag_Name_main_productname_uat_mongo.yml
├── tag_Name_main_productname_uat_mongo_arb.yml
├── tag_Name_main_productname_uat_mysql.yml
└── tag_Name_xxx.yml
└── tag_Name_yyy.yml
要访问私有子网中的 mongo 数据库,group_vars 文件如下所示
#ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -i {{ hostvars.localhost.reg_jumpbox_ssh_key }} -W %h:%p -q ubuntu@{{ hostvars.localhost.reg_jumpbox_facts.instances.0.public_ip_address }}"'
ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -i ~/Dropbox/creds/pemfiles/ProductUATOps.pem -W %h:%p -q ubuntu@xxx.xxx.xxx.xxx"'
每次我运行命令
AWS_PROFILE=myprofile ansible -i ~/infrastructure_as_code/ansible_projects/productname/plugin_inventory/myprofile.aws_ec2.yml tag_Name_main_productname_uat_mongo -m ping -u ubuntu --private-key ~/Dropbox/creds/pemfiles/ProductUATOps.pem -vvvv
它没有连接,完整的输出和一些其他信息在 pastebin。
现在我看到的奇怪的是,即使在 ansible.cfg 中有 host_key_checking= False 我仍然在命令 Are you sure you want to continue connecting (yes/no/[fingerprint])?.
我也看到它正在寻找 ~/.ssh/known_hosts2\、/etc/ssh/ssh_known_hosts 和 /etc/ssh/ssh_known_hosts2,但那里有 ~/.ssh/known_hosts。
日志中还有一个令人困惑的错误 "module_stdout": "/bin/sh: 1: /Users/joseph/.pyenv/shims/python: not found\r\n"。但是python安装和pyenv已经一致了,oswise:
➜ ~ which python
/Users/joseph/.pyenv/shims/python
➜ ~ python --version
Python 3.8.12 (9ef55f6fc369, Oct 25 2021, 05:10:01)
[PyPy 7.3.7 with GCC Apple LLVM 13.0.0 (clang-1300.0.29.3)]
➜ ~ ls -lh /Users/joseph/.pyenv/shims/python
-rwxr-xr-x 1 joseph staff 183B Feb 14 22:47 /Users/joseph/.pyenv/shims/python
➜ ~ /usr/bin/env python --version
Python 3.8.12 (9ef55f6fc369, Oct 25 2021, 05:10:01)
[PyPy 7.3.7 with GCC Apple LLVM 13.0.0 (clang-1300.0.29.3)]
我怀疑错误是由于某些东西阻止了指纹进入已知的 hosts 文件,我很想自己手动模拟 ssh 隧道,但我想了解为什么会这样,是否因为这是一台新机器。任何人都可以为我阐明这一点。谢谢
在 运行 ansible-config dump 使用那个 ansible.cfg 之后,它发出 AnsibleOptionsError: Invalid value "merge ##... 所以它看起来 ansible 只是默默地吃掉了配置文件,或者可能正在使用不同的配置文件
虽然 # 是受支持的 行首 注释字符,但 ansible-config(自 2.12.1 起)仅允许 ; 作为行尾注释字符
[defaults]
roles_path = roles
host_key_checking = False
hash_behaviour = merge ;;; Note to self: Extremely important settings
interpreter_python = auto ;;; Note to self: Very important settings for running from localhost
[inventory]
enable_plugins = aws_ec2, host_list, script, auto, yaml, ini, toml