Fatal编程技术网
  • amazon-web-services/
  • Amazon web services Ansible,连接到AWS VPC中的bastion服务器,无法访问主机

Amazon web services Ansible,连接到AWS VPC中的bastion服务器,无法访问主机

amazon-web-services amazon-ec2 ssh ansible

Amazon web services Ansible,连接到AWS VPC中的bastion服务器,无法访问主机,amazon-web-services,amazon-ec2,ssh,ansible,amazon-vpc,Amazon Web Services,Amazon Ec2,Ssh,Ansible,Amazon Vpc,如何使用Ansible 2.x连接到AWS VPC中的bastion服务器以执行Docker swarm设置?我已经看过了 已尝试通过--额外变量提供以下内容: ansible\u ssh\u common\u参数:'-o ProxyCommand=“ssh-W%h:%p-quser@my.bastion.server.com“或甚至使用带有上述参数的ansible.cfg,或类似于: [ssh_connection] ssh_args = -o ControlMaster=auto -o Co

如何使用Ansible 2.x连接到AWS VPC中的bastion服务器以执行Docker swarm设置?我已经看过了

已尝试通过
--额外变量提供以下内容:

ansible\u ssh\u common\u参数:'-o ProxyCommand=“ssh-W%h:%p-quser@my.bastion.server.com“
或甚至使用带有上述参数的
ansible.cfg
,或类似于:


[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=600s -J ec2- 
user@my.bastion.dns.com


我尝试了很多组合,但我总是在剧本中运行ping命令时收到以下错误消息:


UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the 
host via ssh: ssh: connect to host 10.1.xx.xx port 22: Operation timed 
out\r\n",


或许值得一提的是:


  • 我能够正常使用ssh-J选项连接到VPC中的私有主机,例如:
    ssh-Juser@my.bastion.server.com user@vpc.host.private.ip
    

  • 我正在使用Ansible的ec2.py动态清单,ec2.ini配置为映射给定标记条目的私有IP
    • 

    这是一个ssh配置错误的问题
    
我能够用这些参数修复配置
    
1)Ansible.cfg文件
    

    [ssh_connection]
ssh_args = -o ProxyCommand="ssh -W %h:%p -q $BASTION_USER@$BASTION_HOST" -o ControlPersist=600s 
control_path=%(directory)s/%%h-%%r
pipelining = True

    

    [ec2]
regions = us-xxxx-x
destination_variable = private_ip_address
vpc_destination_variable = private_ip_address

    
2)Ec2.ini文件
    

    [ssh_connection]
ssh_args = -o ProxyCommand="ssh -W %h:%p -q $BASTION_USER@$BASTION_HOST" -o ControlPersist=600s 
control_path=%(directory)s/%%h-%%r
pipelining = True

    

    [ec2]
regions = us-xxxx-x
destination_variable = private_ip_address
vpc_destination_variable = private_ip_address

    
3)剧本执行命令
    

    export BASTION_USER=xxx-xxxx;
export BASTION_HOST=ec2-xx-xx-xx-xx.xxxxx.compute.amazonaws.com;
ansible-playbook -u ec2-xxxx \
 -i ./inventory/ec2.py \
 ./playbook/ping.yml \
 --extra-vars \
 "var_hosts=tag_Name_test_private ansible_ssh_private_key_file=~/.ssh/my-test-key.pem" -vvv

    

    由于您正在超时,VPC的路由表和NACL可能配置错误,或者您的bastion实例的安全组正在阻止传入的网络流量。当您成功连接到bastion主机时,您的playbook是否在同一台计算机上执行SSH playbook?或者playbook是否在其他远程计算机上运行SSH playbook?