Ansible:在动态ec2上设置用户
我似乎没有连接到远程主机。为什么不呢?
命令行:ansible-playbook-i“127.0.0.1,”-c local playbook.yml
这就是剧本。角色create_ec2_instance创建变量ec2hosts,该变量在剧本的第二部分(ansible/playbook.yml)中使用:
# Create instance
- hosts: 127.0.0.1
connection: local
gather_facts: false
roles:
- create_ec2_instance
# Configure and install all we need
- hosts: ec2hosts
remote_user: admin
gather_facts: false
roles:
- show-hosts
- prepare-target-system
- install-project-dependencies
- install-project
这只是一个简单的ec2模块创建。这按预期工作。(ansible/roles/create-ec2-instance/tasks/main.yml):
- name: Create instance
ec2:
region: "{{ instance_values['region'] }}"
zone: "{{ instance_values['zone'] }}"
keypair: "{{ instance_values['key_pair'] }}"
group: "{{ instance_values['security_groups'] }}"
instance_type: "{{ instance_values['instance_type'] }}"
image: "{{ instance_values['image_id'] }}"
count_tag: "{{ instance_values['name'] }}"
exact_count: 1
wait: yes
instance_tags:
Name: "{{ instance_values['name'] }}"
when: ec2_instances.instances[instance_values['name']]|default("") == ""
register: ec2_info
- name: Wait for instances to listen on port 22
wait_for:
state: started
host: "{{ ec2_info.instances[0].public_dns_name }}"
port: 22
when: ec2_info|changed
- name: Add new instance to ec2hosts group
add_host:
hostname: "{{ ec2_info.instances[0].public_ip }}"
groupname: ec2hosts
instance_id: "{{ ec2_info.instances[0].id }}"
when: ec2_info|changed
我还包含了额外的透明方法,尽管这些方法非常基本(ansible/roles/show-hosts/tasks/main.yml):
- name: List hosts
debug: msg="groups={{groups}}"
run_once: true
我们有(ansible/roles/prepare-target-system/tasks/main.yml):
- name: get the username running the deploy
local_action: command whoami
register: username_on_the_host
- debug: var=username_on_the_host
- name: Add necessary system packages
become: yes
become_method: sudo
package: "name={{item}} state=latest"
with_items:
- software-properties-common
- python-software-properties
- devscripts
- build-essential
- libffi-dev
- libssl-dev
- vim
TASK [prepare-target-system : debug] *******************************************
task path: <REDACTED>/ansible/roles/prepare-target-system/tasks/main.yml:5
ok: [35.166.52.247] => {
"username_on_the_host": {
"changed": true,
"cmd": [
"whoami"
],
"delta": "0:00:00.009067",
"end": "2017-01-07 08:23:42.033551",
"rc": 0,
"start": "2017-01-07 08:23:42.024484",
"stderr": "",
"stdout": "brianbruggeman",
"stdout_lines": [
"brianbruggeman"
],
"warnings": []
}
}
TASK [prepare-target-system : Ensure that we can update apt-repository] ********
task path: /<REDACTED>/ansible/roles/prepare-target-system/tasks/Debian.yml:2
Using module file <REDACTED>/.envs/dg2/lib/python2.7/site-packages/ansible/modules/core/packaging/os/apt.py
<35.166.52.247> ESTABLISH LOCAL CONNECTION FOR USER: brianbruggeman
<35.166.52.247> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1483799022.33-268449475843769 `" && echo ansible-tmp-1483799022.33-268449475843769="` echo $HOME/.ansible/tmp/ansible-tmp-1483799022.33-268449475843769 `" ) && sleep 0'
<35.166.52.247> PUT /var/folders/r9/kv1j05355r34570x2f5wpxpr0000gn/T/tmpK2__II TO <REDACTED>/.ansible/tmp/ansible-tmp-1483799022.33-268449475843769/apt.py
<35.166.52.247> EXEC /bin/sh -c 'chmod u+x <REDACTED>/.ansible/tmp/ansible-tmp-1483799022.33-268449475843769/ <REDACTED>/.ansible/tmp/ansible-tmp-1483799022.33-268449475843769/apt.py && sleep 0'
<35.166.52.247> EXEC /bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-owktjrfvqssjrqcetaxjkwowkzsqfitq; /usr/bin/python <REDACTED>/.ansible/tmp/ansible-tmp-1483799022.33-268449475843769/apt.py; rm -rf "<REDACTED>/.ansible/tmp/ansible-tmp-1483799022.33-268449475843769/" > /dev/null 2>&1'"'"' && sleep 0'
failed: [35.166.52.247] (item=[u'software-properties-common', u'python-software-properties', u'devscripts', u'build-essential', u'libffi-dev', u'libssl-dev', u'vim']) => {
"failed": true,
"invocation": {
"module_name": "apt"
},
"item": [
"software-properties-common",
"python-software-properties",
"devscripts",
"build-essential",
"libffi-dev",
"libssl-dev",
"vim"
],
"module_stderr": "sudo: a password is required\n",
"module_stdout": "",
"msg": "MODULE FAILURE"
}
to retry, use: --limit @<REDACTED>/ansible/<redacted playbook>.retry
PLAY RECAP *********************************************************************
127.0.0.1 : ok=6 changed=2 unreachable=0 failed=0
35.166.52.247 : ok=3 changed=1 unreachable=0 failed=1
共有1个答案
使用成为:
remote_user: ansible
become: true
become_user: root
Ansible文档:成为(权限提升)
例如:在我的脚本中,我以用户“ansible”的身份连接到远程主机(因为ssh对root禁用),然后成为“root”。很少,我作为“Ansible”连接,然后成为“Apache”用户。因此,remote_user指定要连接的用户名,bece_user是连接后的用户名。
- name: nopasswd sudo for ansible user
lineinfile: "dest=/etc/sudoers state=present regexp='^{{ ansible_user }}' line='{{ ansible }} ALL=(ALL) NOPASSWD: ALL'"
-
本文向大家介绍如何在Ubuntu 16.04上设置Ansible,包括了如何在Ubuntu 16.04上设置Ansible的使用技巧和注意事项,需要的朋友参考一下 在本文中,我们将学习如何配置Ansible –自动化配置管理系统。Anisble是一种配置管理系统,可以通过易于管理的方式控制大量客户端计算机,并且可以从中央位置自动进行管理。 Anisble通过SSH隧道进行通信,不需要在客户端计算机
-
我已经在EC2实例上安装了Apache Kafka,更改了安全组,为Kafka和Zookeeper打开了端口9092和2181。我只有一个代理,一个主题,一个分区,没什么复杂的。我通过尝试当地生产者/消费者来确认Kafka作品。 在AWS安全组上,它显示: 自定义 TCP 规则 TCP 2181 0.0.0.0/0 自定义 TCP 规则 TCP 9092 0.0.0.0/0 现在我想使用我的Bro
-
本文向大家介绍ansible 使用Ansible设置远程计算机,包括了ansible 使用Ansible设置远程计算机的使用技巧和注意事项,需要的朋友参考一下 示例 我们可以使用Ansible设置远程系统。您应该有一个SSH密钥对,并且应该将SSH公钥带到计算机〜/ .ssh / authorized_keys文件中。您可以在未经任何授权的情况下登录。 先决条件: Ansible 您需要一个清单文
-
问题内容: 我知道将状态设置为打开是一种反模式,应该将状态设置为打开,但是假设我想将标记数量的长度设置为状态。在那种情况下,我无法将状态设置为on,因为在该阶段可能未安装标签。那么,这里最好的选择是什么?如果将状态设置为开启,会好吗? 问题答案: 这不是一个反模式调用在。实际上,ReactJS在其文档中提供了一个示例: 您应该在componentDidMount生命周期方法中使用AJAX调用填充数
-
cmf_set_dynamic_config($data) 功能 设置动态配置 参数 $data: array 要设置的数据,格式["cmf_default_theme"=>'simpleboot3'] 返回 boolean
-
我在启动弹性搜索时有以下错误。弹性搜索是通过Ansibles进行的: