Amazon web services 如何通过Ansible在远程EC2服务器上设置AWS访问密钥?
我有以下剧本:Amazon web services 如何通过Ansible在远程EC2服务器上设置AWS访问密钥?,amazon-web-services,amazon-ec2,ansible,Amazon Web Services,Amazon Ec2,Ansible,我有以下剧本: - hosts: localhost connection: local remote_user: test gather_facts: no vars_files: - files/aws_creds.yml - files/info.yml tasks: - name: Basic provisioning of EC2 instance ec2: assign_public_ip: no
- hosts: localhost
connection: local
remote_user: test
gather_facts: no
vars_files:
- files/aws_creds.yml
- files/info.yml
tasks:
- name: Basic provisioning of EC2 instance
ec2:
assign_public_ip: no
aws_access_key: "{{ aws_id }}"
aws_secret_key: "{{ aws_key }}"
region: "{{ aws_region }}"
image: "{{ standard_ami }}"
instance_type: "{{ free_instance }}"
key_name: "{{ ssh_keyname }}"
count: 3
state: present
group_id: "{{ secgroup_id }}"
#vpc_subnet_id: "{{ private_subnet_id }}"
wait: no
#delete_on_termination: yes
instance_tags:
Name: Dawny33Template
register: ec2
- name: Add new instance to host group
add_host:
hostname: "{{ item.public_ip }}"
groupname: launched
with_items: "{{ ec2.instances }}"
- name: Wait for SSH to come up
wait_for:
host: "{{ item.public_dns_name }}"
port: 22
delay: 60
timeout: 320
state: started
with_items: "{{ ec2.instances }}"
- name: Install dependencies
yum:
name=git
state=present
sudo: yes
- name: Install Python libs
easy_install:
name: boto3
state: latest
sudo: yes
- name: check out a git repository
git: repo={{ repo_url }} dest=/home/ec2-user/AnsibleDir/GitRepo accept_hostkey=yes force=yes
vars:
repo_url: https://github.com/Dawny33/AnsibleExperiments
become: yes
- name: Go to the folder and execute command
command: chmod 0755 /home/ec2-user/AnsibleDir/GitRepo/processing.py
become: yes
become_user: root
- name: Set credentials
shell: export AWS_ACCESS_KEY_ID=''
become: yes
become_user: root
- name: Set credentials2
shell: export AWS_SECRET_ACCESS_KEY=''
become: yes
become_user: root
- name: Run Py script
command: /home/ec2-user/AnsibleDir/GitRepo/processing.py {{ N }} {{ bucket_name }}
become: yes
become_user: root
- name: Terminate instances that were previously launched
connection: local
become: false
ec2:
state: 'absent'
instance_ids: '{{ ec2.instance_ids }}'
region: '{{ aws_region }}'
在本文中,我签出一个git repo并运行一个py文件,该文件使用boto
那么,如何在动态创建的EC2实例中设置AWS凭据?是否有一个可执行此操作的模块?
注:用于导出密钥的shell
模块不工作。他们正在抛出以下错误:
"stderr": "sh: s3cmd: command not found\nTraceback (most recent call last):\n File \"/home/ec2-user/AnsibleDir/GitRepo/processing.py\", line 48, in <module>\n print get_details(N, str(bucket_name))\n File \"/home/ec2-user/AnsibleDir/GitRepo/processing.py\", line 37, in get_details\n for obj in bucket.objects.all():\n File \"/usr/local/lib/python2.7/site-packages/boto3-1.4.4-py2.7.egg/boto3/resources/collection.py\", line 83, in __iter__\n for page in self.pages():\n File \"/usr/local/lib/python2.7/site-packages/boto3-1.4.4-py2.7.egg/boto3/resources/collection.py\", line 166, in pages\n for page in pages:\n File \"/usr/local/lib/python2.7/site-packages/botocore-1.5.7-py2.7.egg/botocore/paginate.py\", line 102, in __iter__\n response = self._make_request(current_kwargs)\n File \"/usr/local/lib/python2.7/site-packages/botocore-1.5.7-py2.7.egg/botocore/paginate.py\", line 174, in _make_request\n return self._method(**current_kwargs)\n File \"/usr/local/lib/python2.7/site-packages/botocore-1.5.7-py2.7.egg/botocore/client.py\", line 253, in _api_call\n return self._make_api_call(operation_name, kwargs)\n File \"/usr/local/lib/python2.7/site-packages/botocore-1.5.7-py2.7.egg/botocore/client.py\", line 530, in _make_api_call\n operation_model, request_dict)\n File \"/usr/local/lib/python2.7/site-packages/botocore-1.5.7-py2.7.egg/botocore/endpoint.py\", line 141, in make_request\n return self._send_request(request_dict, operation_model)\n File \"/usr/local/lib/python2.7/site-packages/botocore-1.5.7-py2.7.egg/botocore/endpoint.py\", line 166, in _send_request\n request = self.create_request(request_dict, operation_model)\n File \"/usr/local/lib/python2.7/site-packages/botocore-1.5.7-py2.7.egg/botocore/endpoint.py\", line 150, in create_request\n operation_name=operation_model.name)\n File \"/usr/local/lib/python2.7/site-packages/botocore-1.5.7-py2.7.egg/botocore/hooks.py\", line 227, in emit\n return self._emit(event_name, kwargs)\n File \"/usr/local/lib/python2.7/site-packages/botocore-1.5.7-py2.7.egg/botocore/hooks.py\", line 210, in _emit\n response = handler(**kwargs)\n File \"/usr/local/lib/python2.7/site-packages/botocore-1.5.7-py2.7.egg/botocore/signers.py\", line 90, in handler\n return self.sign(operation_name, request)\n File \"/usr/local/lib/python2.7/site-packages/botocore-1.5.7-py2.7.egg/botocore/signers.py\", line 147, in sign\n auth.add_auth(request)\n File \"/usr/local/lib/python2.7/site-packages/botocore-1.5.7-py2.7.egg/botocore/auth.py\", line 679, in add_auth\n raise NoCredentialsError\nbotocore.exceptions.NoCredentialsError: Unable to locate credentials",
"stdout": "",
"stdout_lines": [],
"warnings": []
}
“stderr”:“sh:s3cmd:command not found\n回溯(最近一次调用):\n File\”/home/ec2 user/AnsibleDir/GitRepo/processing.py\”,第48行,in\n print-get\u-details(n,str(bucket\u-name))\n File\“/home/ec2 user/AnsibleDir/GitRepo/processing.py\”,第37行,bucket.objects中obj的get\n详细信息。all():\n File\”/usr/local/lib/python2.7/site packages/boto3-1.4.4-py2.7.egg/boto3/resources/collection.py\”,第83行,用于self.pages()中的页面:\ n File\“/usr/local/lib/python2.7/site packages/boto3-1.4.4-py2.7.egg/boto3/resources/collection.py\”,第166行,用于页面中的页面:\n文件\”/usr/local/lib/python2.7/site packages/botocore-1.5.7-py2.7.egg/botocore/paginate.py\”,第102行,在iter\uuuuun response=self.\u make\u request(current\u kwargs)\n文件\“/usr/local/lib/python2.7/site packages/botocore-1.5.7-py2.7.egg/botocore/paginate.py\”,第174行,在make\n request\n return self中(*/usr/local/lib/python2.7/site packages/botocore-1.5.7-py2.7.egg/botocore/client.py\”,第253行,在api调用中返回self.\u make\u api调用(操作名称,kwargs)\n文件\“/usr/local/lib/python2.7/site packages/botocore-1.5.7-py2.7.egg/botocore/client.py\”,第530行,在api调用中,操作模型,请求文件\”/usr/local/lib/python2.7/site packages/botocore-1.5.7-py2.7.egg/botocore/endpoint.py\”,第141行,在make_request\n return self.\u send_request(request_dict,operation_model)\n File\“/usr/local/lib/python2.7/site packages/botocore-1.5.7-py2.7.egg/botocore/endpoint.py.py\”,第166行,在发送乇request\n request=self.create乇\n请求中(request_dict,operation_model)\n File\“/usr/local/lib/python2.7/site packages/botocore-1.5.7-py2.7.egg/botocore/endpoint.py\”,第150行,在create_request\n operation_name=operation_model.name)\n File\“/usr/local/lib/python2.7/site packages/botocore-1.5.7-py2.7.egg/botocore/hooks/hooks.py\”,第227行,在emit\n return self中(事件名称,kwargs)\n文件\“/usr/local/lib/python2.7/site packages/botocore-1.5.7-py2.7.egg/botocore/hooks.py\”,第210行,在\u emit\n response=handler(**kwargs)\n文件\“/usr/local/lib/python2.7/site packages/botocore-1.5.7-py2.7.egg/botocore/signers.py\”,第90行,在handler\n返回自签名(操作名称,请求文件\”/usr/local/lib/python2.7/site-packages/botocore-1.5.7-py2.7.egg/botocore/signers.py\”,第147行,在签名\n auth.add\u-auth(请求)\n文件\“/usr/local/lib/python2.7/site-packages/botocore-1.5.7-py2.7.egg/botocore/auth.py\”,第679行,在add\n auth\n-auth\n-auth-error\n raiser\n-nocredential\n-core.exceptions.nocredential\n中,无法找到凭据,
“stdout”:“,
“标准输出线”:[],
“警告”:[]
}
脚本为:您可以执行以下任一操作: 1) 正如@konstantin在您的问题评论中所建议的,您可以将密钥导出为环境变量
2) 对于需要API密钥的AWS相关部署/AWS EC2实例,您可以使用具有应用程序所需访问权限的。afaik ansible EC2模块尚不支持iam角色。。。