Fatal编程技术网
  • amazon-web-services/
  • Amazon web services 如何通过Ansible在远程EC2服务器上设置AWS访问密钥?

Amazon web services 如何通过Ansible在远程EC2服务器上设置AWS访问密钥?

amazon-web-services amazon-ec2 ansible

Amazon web services 如何通过Ansible在远程EC2服务器上设置AWS访问密钥?,amazon-web-services,amazon-ec2,ansible,Amazon Web Services,Amazon Ec2,Ansible,我有以下剧本: - hosts: localhost connection: local remote_user: test gather_facts: no vars_files: - files/aws_creds.yml - files/info.yml tasks: - name: Basic provisioning of EC2 instance ec2: assign_public_ip: no

我有以下剧本:

- hosts: localhost
  connection: local
  remote_user: test
  gather_facts: no

  vars_files:
    - files/aws_creds.yml
    - files/info.yml

  tasks:
    - name: Basic provisioning of EC2 instance
      ec2:
        assign_public_ip: no
        aws_access_key: "{{ aws_id }}"
        aws_secret_key: "{{ aws_key }}"
        region: "{{ aws_region }}"
        image: "{{ standard_ami }}"
        instance_type: "{{ free_instance }}"
        key_name: "{{ ssh_keyname }}"
        count: 3
        state: present
        group_id: "{{ secgroup_id }}"
        #vpc_subnet_id: "{{ private_subnet_id }}"
        wait: no
        #delete_on_termination: yes
        instance_tags:
          Name: Dawny33Template
      register: ec2



    - name: Add new instance to host group
      add_host:
        hostname: "{{ item.public_ip }}"
        groupname: launched
      with_items: "{{ ec2.instances }}"

    - name: Wait for SSH to come up
      wait_for:
        host: "{{ item.public_dns_name }}"
        port: 22
        delay: 60
        timeout: 320
        state: started
      with_items: "{{ ec2.instances }}"

    - name: Install dependencies
      yum:
        name=git
        state=present
      sudo: yes

    - name: Install Python libs
      easy_install:
        name: boto3
        state: latest
      sudo: yes

    - name: check out a git repository
      git: repo={{ repo_url }} dest=/home/ec2-user/AnsibleDir/GitRepo accept_hostkey=yes force=yes
      vars:
        repo_url: https://github.com/Dawny33/AnsibleExperiments
      become: yes


    - name: Go to the folder and execute command
      command: chmod 0755 /home/ec2-user/AnsibleDir/GitRepo/processing.py
      become: yes
      become_user: root

    - name: Set credentials
      shell: export AWS_ACCESS_KEY_ID=''
      become: yes
      become_user: root

    - name: Set credentials2
      shell: export AWS_SECRET_ACCESS_KEY=''
      become: yes
      become_user: root

    - name: Run Py script
      command: /home/ec2-user/AnsibleDir/GitRepo/processing.py {{ N }} {{ bucket_name }}
      become: yes
      become_user: root

    - name: Terminate instances that were previously launched
      connection: local
      become: false
      ec2:
        state: 'absent'
        instance_ids: '{{ ec2.instance_ids }}'
        region: '{{ aws_region }}'
在本文中,我签出一个git repo并运行一个py文件,该文件使用boto

那么,如何在动态创建的EC2实例中设置AWS凭据?是否有一个可执行此操作的模块?

注:用于导出密钥的
shell
模块不工作。他们正在抛出以下错误:

    "stderr": "sh: s3cmd: command not found\nTraceback (most recent call last):\n  File \"/home/ec2-user/AnsibleDir/GitRepo/processing.py\", line 48, in <module>\n    print get_details(N, str(bucket_name))\n  File \"/home/ec2-user/AnsibleDir/GitRepo/processing.py\", line 37, in get_details\n    for obj in bucket.objects.all():\n  File \"/usr/local/lib/python2.7/site-packages/boto3-1.4.4-py2.7.egg/boto3/resources/collection.py\", line 83, in __iter__\n    for page in self.pages():\n  File \"/usr/local/lib/python2.7/site-packages/boto3-1.4.4-py2.7.egg/boto3/resources/collection.py\", line 166, in pages\n    for page in pages:\n  File \"/usr/local/lib/python2.7/site-packages/botocore-1.5.7-py2.7.egg/botocore/paginate.py\", line 102, in __iter__\n    response = self._make_request(current_kwargs)\n  File \"/usr/local/lib/python2.7/site-packages/botocore-1.5.7-py2.7.egg/botocore/paginate.py\", line 174, in _make_request\n    return self._method(**current_kwargs)\n  File \"/usr/local/lib/python2.7/site-packages/botocore-1.5.7-py2.7.egg/botocore/client.py\", line 253, in _api_call\n    return self._make_api_call(operation_name, kwargs)\n  File \"/usr/local/lib/python2.7/site-packages/botocore-1.5.7-py2.7.egg/botocore/client.py\", line 530, in _make_api_call\n    operation_model, request_dict)\n  File \"/usr/local/lib/python2.7/site-packages/botocore-1.5.7-py2.7.egg/botocore/endpoint.py\", line 141, in make_request\n    return self._send_request(request_dict, operation_model)\n  File \"/usr/local/lib/python2.7/site-packages/botocore-1.5.7-py2.7.egg/botocore/endpoint.py\", line 166, in _send_request\n    request = self.create_request(request_dict, operation_model)\n  File \"/usr/local/lib/python2.7/site-packages/botocore-1.5.7-py2.7.egg/botocore/endpoint.py\", line 150, in create_request\n    operation_name=operation_model.name)\n  File \"/usr/local/lib/python2.7/site-packages/botocore-1.5.7-py2.7.egg/botocore/hooks.py\", line 227, in emit\n    return self._emit(event_name, kwargs)\n  File \"/usr/local/lib/python2.7/site-packages/botocore-1.5.7-py2.7.egg/botocore/hooks.py\", line 210, in _emit\n    response = handler(**kwargs)\n  File \"/usr/local/lib/python2.7/site-packages/botocore-1.5.7-py2.7.egg/botocore/signers.py\", line 90, in handler\n    return self.sign(operation_name, request)\n  File \"/usr/local/lib/python2.7/site-packages/botocore-1.5.7-py2.7.egg/botocore/signers.py\", line 147, in sign\n    auth.add_auth(request)\n  File \"/usr/local/lib/python2.7/site-packages/botocore-1.5.7-py2.7.egg/botocore/auth.py\", line 679, in add_auth\n    raise NoCredentialsError\nbotocore.exceptions.NoCredentialsError: Unable to locate credentials",
    "stdout": "",
    "stdout_lines": [],
    "warnings": []
}

“stderr”:“sh:s3cmd:command not found\n回溯(最近一次调用):\n File\”/home/ec2 user/AnsibleDir/GitRepo/processing.py\”,第48行,in\n print-get\u-details(n,str(bucket\u-name))\n File\“/home/ec2 user/AnsibleDir/GitRepo/processing.py\”,第37行,bucket.objects中obj的get\n详细信息。all():\n File\”/usr/local/lib/python2.7/site packages/boto3-1.4.4-py2.7.egg/boto3/resources/collection.py\”,第83行,用于self.pages()中的页面:\ n File\“/usr/local/lib/python2.7/site packages/boto3-1.4.4-py2.7.egg/boto3/resources/collection.py\”,第166行,用于页面中的页面:\n文件\”/usr/local/lib/python2.7/site packages/botocore-1.5.7-py2.7.egg/botocore/paginate.py\”,第102行,在iter\uuuuun response=self.\u make\u request(current\u kwargs)\n文件\“/usr/local/lib/python2.7/site packages/botocore-1.5.7-py2.7.egg/botocore/paginate.py\”,第174行,在make\n request\n return self中(*/usr/local/lib/python2.7/site packages/botocore-1.5.7-py2.7.egg/botocore/client.py\”,第253行,在api调用中返回self.\u make\u api调用(操作名称,kwargs)\n文件\“/usr/local/lib/python2.7/site packages/botocore-1.5.7-py2.7.egg/botocore/client.py\”,第530行,在api调用中,操作模型,请求文件\”/usr/local/lib/python2.7/site packages/botocore-1.5.7-py2.7.egg/botocore/endpoint.py\”,第141行,在make_request\n return self.\u send_request(request_dict,operation_model)\n File\“/usr/local/lib/python2.7/site packages/botocore-1.5.7-py2.7.egg/botocore/endpoint.py.py\”,第166行,在发送乇request\n request=self.create乇\n请求中(request_dict,operation_model)\n File\“/usr/local/lib/python2.7/site packages/botocore-1.5.7-py2.7.egg/botocore/endpoint.py\”,第150行,在create_request\n operation_name=operation_model.name)\n File\“/usr/local/lib/python2.7/site packages/botocore-1.5.7-py2.7.egg/botocore/hooks/hooks.py\”,第227行,在emit\n return self中(事件名称,kwargs)\n文件\“/usr/local/lib/python2.7/site packages/botocore-1.5.7-py2.7.egg/botocore/hooks.py\”,第210行,在\u emit\n response=handler(**kwargs)\n文件\“/usr/local/lib/python2.7/site packages/botocore-1.5.7-py2.7.egg/botocore/signers.py\”,第90行,在handler\n返回自签名(操作名称,请求文件\”/usr/local/lib/python2.7/site-packages/botocore-1.5.7-py2.7.egg/botocore/signers.py\”,第147行,在签名\n auth.add\u-auth(请求)\n文件\“/usr/local/lib/python2.7/site-packages/botocore-1.5.7-py2.7.egg/botocore/auth.py\”,第679行,在add\n auth\n-auth\n-auth-error\n raiser\n-nocredential\n-core.exceptions.nocredential\n中,无法找到凭据,
“stdout”:“,
“标准输出线”:[],
“警告”:[]
}
脚本为:

您可以执行以下任一操作:

1) 正如@konstantin在您的问题评论中所建议的,您可以将密钥导出为环境变量

2) 对于需要API密钥的AWS相关部署/AWS EC2实例,您可以使用具有应用程序所需访问权限的。

afaik ansible EC2模块尚不支持iam角色。。。