Amazon web services Ansible,连接到AWS VPC中的bastion服务器,无法访问主机
如何使用Ansible 2.x连接到AWS VPC中的bastion服务器以执行Docker swarm设置?我已经看过了 已尝试通过Amazon web services Ansible,连接到AWS VPC中的bastion服务器,无法访问主机,amazon-web-services,amazon-ec2,ssh,ansible,amazon-vpc,Amazon Web Services,Amazon Ec2,Ssh,Ansible,Amazon Vpc,如何使用Ansible 2.x连接到AWS VPC中的bastion服务器以执行Docker swarm设置?我已经看过了 已尝试通过--额外变量提供以下内容: ansible\u ssh\u common\u参数:'-o ProxyCommand=“ssh-W%h:%p-quser@my.bastion.server.com“或甚至使用带有上述参数的ansible.cfg,或类似于: [ssh_connection] ssh_args = -o ControlMaster=auto -o Co
--额外变量提供以下内容:
ansible\u ssh\u common\u参数:'-o ProxyCommand=“ssh-W%h:%p-quser@my.bastion.server.com“
或甚至使用带有上述参数的ansible.cfg
,或类似于:
[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=600s -J ec2-
user@my.bastion.dns.com
我尝试了很多组合,但我总是在剧本中运行ping命令时收到以下错误消息:
UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the
host via ssh: ssh: connect to host 10.1.xx.xx port 22: Operation timed
out\r\n",
或许值得一提的是:
我能够正常使用ssh-J选项连接到VPC中的私有主机,例如:ssh-Juser@my.bastion.server.com user@vpc.host.private.ip
李>
我正在使用Ansible的ec2.py动态清单,ec2.ini配置为映射给定标记条目的私有IP
这是一个ssh配置错误的问题
我能够用这些参数修复配置
1)Ansible.cfg文件
[ssh_connection]
ssh_args = -o ProxyCommand="ssh -W %h:%p -q $BASTION_USER@$BASTION_HOST" -o ControlPersist=600s
control_path=%(directory)s/%%h-%%r
pipelining = True
[ec2]
regions = us-xxxx-x
destination_variable = private_ip_address
vpc_destination_variable = private_ip_address
2)Ec2.ini文件
[ssh_connection]
ssh_args = -o ProxyCommand="ssh -W %h:%p -q $BASTION_USER@$BASTION_HOST" -o ControlPersist=600s
control_path=%(directory)s/%%h-%%r
pipelining = True
[ec2]
regions = us-xxxx-x
destination_variable = private_ip_address
vpc_destination_variable = private_ip_address
3)剧本执行命令
export BASTION_USER=xxx-xxxx;
export BASTION_HOST=ec2-xx-xx-xx-xx.xxxxx.compute.amazonaws.com;
ansible-playbook -u ec2-xxxx \
-i ./inventory/ec2.py \
./playbook/ping.yml \
--extra-vars \
"var_hosts=tag_Name_test_private ansible_ssh_private_key_file=~/.ssh/my-test-key.pem" -vvv
瞧
由于您正在超时,VPC的路由表和NACL可能配置错误,或者您的bastion实例的安全组正在阻止传入的网络流量。当您成功连接到bastion主机时,您的playbook是否在同一台计算机上执行SSH playbook?或者playbook是否在其他远程计算机上运行SSH playbook?