I'm trying to create a task to download and import the GPG-keys from the official RPM Fusion site but it fails.
- hosts: localhost
connection: local
name: DOWNLOADING AND IMPORTING SECURITY KEYS
tasks:
- name: Downloading the security key for RPM Fusion (free) repo
get_url:
url: https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-free-fedora-2020
dest: ~/Downloads/free_keys.txt
- name: Importing (free) key
ansible.builtin.rpm_key:
state: present
key: ~/Downloads/free_keys.txt
- name: Deleting security key file (free)
ansible.builtin.file:
path: ~/Downloads/free_keys.txt
state: absent
- name: Downloading the security key for RPM Fusion (non-free) repo
get_url:
url: https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-nonfree-fedora-2020
dest: ~/Downloads/nonfree_keys.txt
- name: Importing (non-free) key
ansible.builtin.rpm_key:
state: present
key: ~/Downloads/nonfree_keys.txt
- name: Deleting security key file (non-free)
ansible.builtin.file:
path: ~/Downloads/nonfree_keys.txt
state: absent
This is the output:
TASK [Gathering Facts] *********************************************************
ok: [localhost]
TASK [Downloading the security key for RPM Fusion (free) repo] *****************
changed: [localhost] => {"changed": true, "checksum_dest": null, "checksum_src": "554f50b16f9cf421f7caf02ce83c9069fd399b0e", "dest": "/home/[REDACTED]/Downloads/free_keys.txt", "elapsed": 0, "gid": 1000, "group": "[REDACTED]", "md5sum": "7206830528e4e9fb61d52dafc4e32ed1", "mode": "0664", "msg": "OK (1704 bytes)", "owner": "[REDACTED]", "secontext": "unconfined_u:object_r:user_home_t:s0", "size": 1704, "src": "/home/[REDACTED]/.ansible/tmp/ansible-tmp-1623521488.9204922-9892-237385967611488/tmp38djamsm", "state": "file", "status_code": 200, "uid": 1000, "url": "https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-free-fedora-2020"}
TASK [Importing (free) key] ****************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Not a valid key ~/Downloads/free_keys.txt"}
PLAY RECAP *********************************************************************
localhost : ok=2 changed=1 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
So far I've tried to download the keys to .txt and .gpg format but none of these methods work. Any suggestion is greatly appreciated.
EDIT: To answer your questions:
1.
TASK [Importing (free) key] ****************************************************
task path: /home/[REDACTED]/Documents/ansible-playbooks/for_laptops/dell_e7270/import_keys.yml:11
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: [REDACTED]
<127.0.0.1> EXEC /bin/sh -c 'echo ~[REDACTED] && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/[REDACTED]/.ansible/tmp `"&& mkdir "` echo /home/[REDACTED]/.ansible/tmp/ansible-tmp-1623533463.7691412-3758-92960382692038 `" && echo ansible-tmp-1623533463.7691412-3758-92960382692038="` echo /home/[REDACTED]/.ansible/tmp/ansible-tmp-1623533463.7691412-3758-92960382692038 `" ) && sleep 0'
Using module file /usr/lib/python3.9/site-packages/ansible/modules/packaging/os/rpm_key.py
<127.0.0.1> PUT /home/[REDACTED]/.ansible/tmp/ansible-local-3682vs8hkmey/tmpjamn9upp TO /home/[REDACTED]/.ansible/tmp/ansible-tmp-1623533463.7691412-3758-92960382692038/AnsiballZ_rpm_key.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /home/[REDACTED]/.ansible/tmp/ansible-tmp-1623533463.7691412-3758-92960382692038/ /home/[REDACTED]/.ansible/tmp/ansible-tmp-1623533463.7691412-3758-92960382692038/AnsiballZ_rpm_key.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python3 /home/[REDACTED]/.ansible/tmp/ansible-tmp-1623533463.7691412-3758-92960382692038/AnsiballZ_rpm_key.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/[REDACTED]/.ansible/tmp/ansible-tmp-1623533463.7691412-3758-92960382692038/ > /dev/null 2>&1 && sleep 0'
fatal: [localhost]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"fingerprint": null,
"key": "~/Downloads/free_keys",
"state": "present",
"validate_certs": true
}
},
"msg": "Not a valid key ~/Downloads/free_keys"
}
The keys are the ones under 'Fedora 34' in this link.
Yes, the keys downloaded look like that.
Unfortunately, changing the permissions did not work.
Looks like a solution could be to download the distribution-gpg-keys from the official repos before installing the RPM Fusion.
Try to start ansible with very verbose logging
/bin/ansible-playbook import_gpg.yml -vvvv
As far as i know, its 2021 year now, and judging by URL (https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-nonfree-fedora-2020), key seems to be issued for 2020 year.
I think you have downloaded and tried to import expired key.
Can you verify you downloaded file that looks like GPG key?
Something, that looks like this:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBF2tvGQBEAC5Q2ePLZZafOkFhYHpGZdRRBCcCd+aiLATofFV8+FjPuPLL/3R
......
kgQgWZ6F2RZm5/R28DHdAetji50XbnmXgAk/u9u2Hw2bVVJfJ0WpEVcPvA1L86SE
8i8p1fmzljwRazZAksk5Zh2QfaM0jlMYHWbKpbXQcX19Uerm7D9IkciZvDAmgBYV
S6Y=
=rOqq
-----END PGP PUBLIC KEY BLOCK-----
Probably, they use cloudflare, that blocks default ansible user agent - https://docs.ansible.com/ansible/latest/collections/ansible/builtin/get_url_module.html#parameter-http_agent). You can set user agent to browser one.
Or, you can set proper permissions for file being saved to disk
- name: Downloading the security key for RPM Fusion (non-free) repo
get_url:
url: https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-nonfree-fedora-2020
dest: ~/Downloads/nonfree_keys.txt
mode: 0600
Because RPM cannot import keys from world writeable files.
After some digging I found the solution and it's simpler than I thought:
---
- hosts: localhost
connection: local
name: IMPORTING SECURITY KEYS
tasks:
- name: Importing (free) key
ansible.builtin.rpm_key:
state: present
key: https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-free-fedora-2020
- name: Importing (non-free) key
ansible.builtin.rpm_key:
state: present
key: https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-nonfree-fedora-2020
Following the official documentation, I thought you had to download the keys to your PC and then install them. Instead, you can directly enter the URL into the key section.
Related
Declared YUM task as below:
---
- hosts: all
vars:
tasks:
- name: install package
yum:
name: ntp
state: present
Ran following command:
ansible-playbook test.yml -i localhost, --connection=local -vvvv
Receiving error message:
TASK [install package] ***************************************************************************************************************************************************
task path: /home/osuser/dod/test.yml:6
Using module file /usr/lib/python2.7/site-packages/ansible/modules/system/setup.py
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: osuser
<localhost> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
Running svr4pkg as the backend for the yum action plugin
Using module file /usr/lib/python2.7/site-packages/ansible/modules/packaging/os/svr4pkg.py
<localhost> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
fatal: [localhost]: FAILED! => {
"ansible_facts": {
"pkg_mgr": "svr4pkg"
},
"changed": false,
"invocation": {
"module_args": {
"category": false,
"name": "ntp",
"proxy": null,
"response_file": null,
"src": null,
"state": "present",
"zone": "all"
}
},
"msg": "src is required when state=present",
"name": "ntp"
Note the following message in debug:
Running svr4pkg as the backend for the yum action plugin
Ansible decided to use "srv4pkg" module (which requires src parameter) as backend of yum.
Workaround:
Set use_backend: yum parameter on yum module... if possible ! (I cannot modify the yaml file in my real usage).
Running Ansible 2.7.15 on CentOS 7.6.. with yum installed so there is absolutely no reason svr4pkg as a back-end (which is not supported/documented by yum module).
However, as it seems to be defined as an ansible_fact, I have done following test (result is filtered):
ansible -i localhost, all -m setup -k
SUCCESS => {
"ansible_facts": {
"ansible_distribution": "CentOS",
"ansible_distribution_file_parsed": true,
"ansible_distribution_file_path": "/etc/redhat-release",
"ansible_distribution_file_variety": "RedHat",
"ansible_distribution_major_version": "7",
"ansible_distribution_release": "Core",
"ansible_distribution_version": "7.6.1810",
"ansible_os_family": "RedHat",
"ansible_pkg_mgr": "svr4pkg",
"ansible_python_version": "2.7.5",
"module_setup": true
},
"changed": false
}
Any clue of the reason and how to enforce ansible_pkg_mgr ?
It seems that this distribution is shipped with yum and svr4pkg as we can see below:
$ ll /usr/bin/yum
-rwxr-xr-x. 1 root root 801 Nov 5 2018 /usr/bin/yum
$ ll /usr/sbin/pkgadd
-rwxr-xr-x. 1 root root 207342 Jul 2 16:12 /usr/sbin/pkgadd
So the last available package manager resolved is kept and take precedence /usr/lib/python2.7/site-packages/ansible/module_utils/facts/system/pkg_mgr.py
# A list of dicts. If there is a platform with more than one
# package manager, put the preferred one last. If there is an
# ansible module, use that as the value for the 'name' key.
PKG_MGRS = [{'path': '/usr/bin/yum', 'name': 'yum'},
{'path': '/usr/bin/dnf', 'name': 'dnf'},
{'path': '/usr/bin/apt-get', 'name': 'apt'},
{'path': '/usr/sbin/pkgadd', 'name': 'svr4pkg'},
[...]
def collect(self, module=None, collected_facts=None):
facts_dict = {}
collected_facts = collected_facts or {}
pkg_mgr_name = 'unknown'
for pkg in PKG_MGRS:
if os.path.exists(pkg['path']):
pkg_mgr_name = pkg['name']
# Handle distro family defaults when more than one package manager is
# installed, the ansible_fact entry should be the default package
# manager provided by the distro.
if collected_facts['ansible_os_family'] == "RedHat":
if pkg_mgr_name not in ('yum', 'dnf'):
pkg_mgr_name = self._check_rh_versions(pkg_mgr_name, collected_facts)
[...]
facts_dict['pkg_mgr'] = pkg_mgr_name
return facts_dict
So it seems to be an unmanaged case on ansible.
However, I still have no idea on how to enforce the right value !
Fixed by upgrading to Ansible 2.8+.
See https://github.com/ansible/ansible/issues/49184 when multiple package managers are available on system.
I am trying to use a variable and the results of a previous task as input. Here is my code.
---
- hosts: localhost
vars:
v_hostname: XXXXXXXXXXXXX
v_datacentre: DC-UK-LON-GS
v_username: YYYYYYYY
v_password: XXXXXXXX
connection: local
gather_facts: false
tasks:
- name: Find the folder for the VM
vmware_guest_find:
hostname: "{{ v_hostname }}"
datacenter: "{{ v_datacentre }}"
username: "{{ v_username }}"
password: "{{ v_password }}"
validate_certs: no
name: MYVMNAME
register: folder
- debug:
msg:
- "{{ folder.folders }}"
- name: Gather facts from VM
connection: local
gather_facts: false
vmware_guest_facts:
hostname: "{{ v_hostname }}"
datacenter: "{{ v_datacentre }}"
username: "{{ v_username }}"
password: "{{ v_password }}"
validate_certs: no
folder: "{{ v_datacentre }}{{ folder.folders }}"
name: MYVMNAME
The last line tries to use the defined variable v_datacentre and append the value from the registered fact from the previous task. However the concatenation produces some unwanted wrapping chars:
ansible-playbook 2.4.2.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/export/home/ansible/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /bin/ansible-playbook
python version = 2.7.5 (default, May 3 2017, 07:55:04) [GCC 4.8.5 20150623 (Red Hat 4.8.5-14)]
Using /etc/ansible/ansible.cfg as config file
Parsed /export/home/ansible/inventory_prod inventory source with ini plugin
[WARNING]: Ignoring invalid attribute: gather_facts
PLAYBOOK: mainvm.yml *****************************************************************************************************************************************
1 plays in mainvm.yml
PLAY [localhost] *********************************************************************************************************************************************
META: ran handlers
TASK [TEST1] *************************************************************************************************************************************************
task path: /export/home/ansible/mainvm.yml:12
Using module file /usr/lib/python2.7/site-packages/ansible/modules/cloud/vmware/vmware_guest_find.py
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: ansible
<127.0.0.1> EXEC /bin/sh -c 'echo ~ && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /export/home/ansible/.ansible/tmp/ansible-tmp-1523621823.18-119950066241401 `" && echo ansible-tmp-1523621823.18-119950066241401="` echo /export/home/ansible/.ansible/tmp/ansible-tmp-1523621823.18-119950066241401 `" ) && sleep 0'
<127.0.0.1> PUT /tmp/tmpM_Pf2B TO /export/home/ansible/.ansible/tmp/ansible-tmp-1523621823.18-119950066241401/vmware_guest_find.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /export/home/ansible/.ansible/tmp/ansible-tmp-1523621823.18-119950066241401/ /export/home/ansible/.ansible/tmp/ansible-tmp-1523621823.18-119950066241401/vmware_guest_find.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python2 /export/home/ansible/.ansible/tmp/ansible-tmp-1523621823.18-119950066241401/vmware_guest_find.py; rm -rf "/export/home/ansible/.ansible/tmp/ansible-tmp-1523621823.18-119950066241401/" > /dev/null 2>&1 && sleep 0'
ok: [localhost] => {
"changed": false,
"folders": [
"/vm/LON-GS-AD/LON-GS-AD-UNIX"
],
"invocation": {
"module_args": {
"datacenter": "DC-UK-LON-GS",
"hostname": "XXXXXXXXXXXXX",
"name": "MYVMNAME",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"username": "XXXXXXXX",
"uuid": null,
"validate_certs": false
}
}
}
TASK [debug] *************************************************************************************************************************************************
task path: /export/home/ansible/mainvm.yml:23
ok: [localhost] => {
"msg": [
[
"/vm/LON-GS-AD/LON-GS-AD-UNIX"
]
]
}
TASK [Gather facts from standalone ESXi server] **************************************************************************************************************
task path: /export/home/ansible/mainvm.yml:28
Using module file /usr/lib/python2.7/site-packages/ansible/modules/cloud/vmware/vmware_guest_facts.py
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: ansible
<127.0.0.1> EXEC /bin/sh -c 'echo ~ && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /export/home/ansible/.ansible/tmp/ansible-tmp-1523621827.79-78942665802166 `" && echo ansible-tmp-1523621827.79-78942665802166="` echo /export/home/ansible/.ansible/tmp/ansible-tmp-1523621827.79-78942665802166 `" ) && sleep 0'
<127.0.0.1> PUT /tmp/tmp43NXf_ TO /export/home/ansible/.ansible/tmp/ansible-tmp-1523621827.79-78942665802166/vmware_guest_facts.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /export/home/ansible/.ansible/tmp/ansible-tmp-1523621827.79-78942665802166/ /export/home/ansible/.ansible/tmp/ansible-tmp-1523621827.79-78942665802166/vmware_guest_facts.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python2 /export/home/ansible/.ansible/tmp/ansible-tmp-1523621827.79-78942665802166/vmware_guest_facts.py; rm -rf "/export/home/ansible/.ansible/tmp/ansible-tmp-1523621827.79-78942665802166/" > /dev/null 2>&1 && sleep 0'
fatal: [localhost]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"datacenter": "XXXXXX",
"folder": "DC-UK-LON-GS[u'/vm/LON-GS-AD/LON-GS-AD-UNIX']",
"hostname": "XXXXXXXXXXXXX",
"name": "MYVMNAME",
"name_match": "first",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"username": "XXXXXXXX",
"uuid": null,
"validate_certs": false
}
},
"msg": "Unable to gather facts for non-existing VM MYVMNAME"
}
to retry, use: --limit #/export/home/ansible/mainvm.retry
PLAY RECAP ***************************************************************************************************************************************************
localhost : ok=2 changed=0 unreachable=0 failed=1
The results of folder.folders is correctly printed by debug but in the last step the concatenation gives:
"folder": "DC-UK-LON-GS[u'/vm/LON-GS-AD/LON-GS-AD-UNIX']",
I confess to being a bit of an Ansible newbie but I don't understand where the [u' and ] come from. I just want to use the combined strings as input. Can anyone please explain or show solution or point me at some beginners documents for this sort of variable use?
Thanks.
So after some further playing turns out that the vmware_guest_find returns a list (and it's in the docs!!!) so I need to either pick the 1st item if there will only be one group or loop though them.
folder: "{{ v_datacentre }}{{ folder.folders[0] }}"
This does the job.
I need to copy the latest log file from remote linux server to the ansible host. This is what I have tried so far.
- hosts: [host]
remote_user: root
tasks:
- name: Copy the file
command: bash -c "ls -rt | grep install | tail -n1"
register: result
args:
chdir: /root
- name: Copying the file
copy:
src: "/root/{{ result.stdout }}"
dest: /home
But I am getting the following error .
TASK [Gathering Facts] ********************************************************************************************************************************************************************************************
ok
TASK [Copy the file] **********************************************************************************************************************************************************************************************
changed: => {"changed": true, "cmd": ["bash", "-c", "ls -rt | grep install | tail -n1"], "delta": "0:00:00.011388", "end": "2017-06-14 07:53:26.475344", "rc": 0, "start": "2017-06-14 07:53:26.463956", "stderr": "", "stdout": "install.20170614-051027.log", "stdout_lines": ["install.20170614-051027.log"], "warnings": []}
TASK [Copying the file] *******************************************************************************************************************************************************************************************
fatal: FAILED! => {"changed": false, "failed": true, "msg": "Unable to find 'install.20170614-051027.log' in expected paths."}
PLAY RECAP ********************************************************************************************************************************************************************************************************
: ok=2 changed=1 unreachable=0 failed=1
But that file is right there.Please help me resolve this issue.
Ansible Copy copies files from ansible host to remote host. Use Ansible fetch instead.
http://docs.ansible.com/ansible/fetch_module.html
This one works , i have to use fetch instead of copy to get the file from remote .
- name: Copy the file
command: bash -c "ls -rt | grep install | tail -n1"
register: result
args:
chdir: /root
- name: Copying the file
fetch:
src: "/root/{{ result.stdout }}"
dest: /home
flat: yes
I'd like to make a kerberos keytab with ansible + expect, but the keytab file doesn't get created. What is wrong with my play ? How could I troubleshoot?
---
- hosts: localhost
connection: local
gather_facts: false
vars_prompt:
- name: "kuser"
prompt: "enter your user"
- name: "kpw"
prompt: "enter your pw"
tasks:
- name: Generate Kerberos ticket
expect:
command: ktutil
responses:
ktutil: "addent -password -p {{ kuser }}#MYDOMAIN.LOCAL -k 1 -e rc4-hmac"
Password: "{{ kpw }}"
ktutil: "wkt /username.keytab"
ktutil: "quit"
The output with -vvv
Using /etc/ansible/ansible.cfg as config file
[WARNING]: provided hosts list is empty, only localhost is available
[WARNING]: While constructing a mapping from /repo/Playbooks/test.yml, line 15, column 9, found a duplicate dict key (ktutil). Using last
defined value only.
1 plays in /repo/Playbooks/test.yml
enter your user:
enter your pw:
PLAY ***************************************************************************
TASK [Generate Kerberos ticket] ************************************************
task path: /repo/Playbooks/test.yml:11
ESTABLISH LOCAL CONNECTION FOR USER: root
127.0.0.1 EXEC ( umask 22 && mkdir -p "$( echo $HOME/.ansible/tmp/ansible-tmp-1496244261.67-88427652465239 )" && echo "$( echo $HOME/.ansible/tmp/ansible-tmp-1496244261.67-88427652465239 )" )
127.0.0.1 PUT /tmp/tmpwLW3r2 TO /root/.ansible/tmp/ansible-tmp-1496244261.67-88427652465239/expect
127.0.0.1 EXEC LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 LC_MESSAGES=en_US.UTF-8 /usr/bin/python /root/.ansible/tmp/ansible-tmp-1496244261.67-88427652465239/expect; rm -rf "/root/.ansible/tmp/ansible-tmp-1496244261.67-88427652465239/" > /dev/null 2>&1
changed: [localhost] => {"changed": true, "cmd": "ktutil", "delta": "0:00:00.282785", "end": "2017-05-31 15:24:22.038164", "invocation": {"module_args": {"chdir": null, "command": "ktutil", "creates": null, "echo": false, "removes": null, "responses": {"Password": "mypw", "ktutil": "quit"}, "timeout": 30}, "module_name": "expect"}, "rc": 0, "start": "2017-05-31 15:24:21.755379", "stdout": "ktutil: ", "stdout_lines": ["ktutil: "]}
PLAY RECAP *********************************************************************
localhost : ok=1 changed=1 unreachable=0 failed=0
I don't have the keytab created following the above
The problem seems to be that you're repeating the same key for some of the responses. From the ansible expect module documentation:
"If the response is a list, successive matches return successive responses"
Replacing the kutil prompts with a list of responses should prevent the error (and deploy the keytab), eg:
responses:
ktutil:
- "addent -password -p {{ kuser }}#MYDOMAIN.LOCAL -k 1 -e rc4-hmac"
- "wkt /username.keytab"
- "quit"
Password: "{{ kpw }}"
More information: http://docs.ansible.com/ansible/expect_module.html
What actually worked for me was -
- name: addent of keytab
hosts: localhost
vars:
realm: "MYREALM.COM"
sec: "aes256-cts"
passw: "ansible"
usname: "friend"
tasks:
- name: keytab command
expect:
**command: ktutil
responses:
ktutil:
- "addent -password -p {{ usname }}#{{ realm }} -k 1 -e {{ sec }}"
- " wkt /etc/ansible/loopkey.keytab"
- "quit"
Password(.*): "{{ passw }}"**
I am newbie to Ansible and follow this tutorial to create a security group and an ec2 instance. The security group is created successfully, but creating ec2 instance is failed by ec2:
error: unrecognized arguments:
/home/ec2-user/.ansible/tmp/ansible-tmp-14244....
I did set up aws credentials and asnsible variables properly as below
# AWS Credentials
export AWS_ACCESS_KEY_ID=xxx
export AWS_SECRET_ACCESS_KEY=xxx
# EC2 Environment Variables
export ANSIBLE_HOSTS=/etc/ansible/ec2.py
export EC2_INI_PATH=/etc/ansible/ec2.ini
The files and output are showed as follow. Any ideas for this issue? Thanks for your Help!
$ cat group_vars/all
# Variables listed here are applicable to all host groups
key_name: sobrr-staging.pem
aws_region: cn-north-1
ami_id: ami-9e0c9ea7
instance_type: m1.small
$ cat basic-create.yml
# Basic provisioning example
- name: Create AWS resources
hosts: localhost
connection: local
gather_facts: False
tasks:
- name: Create security group
ec2_group:
name: my-security-group
description: "A Security group"
region: "{{aws_region}}"
rules:
- proto: tcp
type: ssh
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
rules_egress:
- proto: all
type: all
cidr_ip: 0.0.0.0/0
register: basic_firewall
- name: debug basic_firewall
debug: 'msg="{{ basic_firewall }}"'
- name: create an EC2 instance
local_action:
module: ec2
key_name: "{{key_name}}"
region: "{{aws_region}}"
group_id: "{{basic_firewall.group_id}}"
instance_type: "{{instance_type}}"
image: "{{ami_id}}"
count: 1
wait: yes
register: basic_ec2
- name: debug instance start
debug: 'msg="{{ basic_ec2 }}"'
OUTPUT
ansible-playbook -i /etc/ansible/hosts -vvvv basic-create.yml
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
PLAY [Create AWS resources] ***************************************************
TASK: [Create security group] *************************************************
<localhost> region=cn-north-1 description=A Security group name=my-security-group
<localhost>
<localhost>
<localhost> u'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/ec2-user/.ansible/tmp/ansible-tmp-1424461765.15-98406246607462/ec2_group; rm -rf /home/ec2-user/.ansible/tmp/ansible-tmp-1424461765.15-98406246607462/ >/dev/null 2>&1']
ok: [localhost] => {"changed": false, "group_id": "sg-63fae101"}
TASK: [debug basic_firewall] **************************************************
ok: [localhost] => {
"msg": "{'invocation': {'module_name': u'ec2_group', 'module_args': ''}, 'changed': False, 'group_id': 'sg-63fae101'}"
}
TASK: [create an EC2 instance] ************************************************
<127.0.0.1> instance_type=m1.small image=ami-9e0c9ea7 group_id=sg-63fae101 region=cn-north-1 key_name=sobrr-staging.pem
<127.0.0.1>
<127.0.0.1>
<127.0.0.1>
<127.0.0.1> u'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/env python /home/ec2-user/.ansible/tmp/ansible-tmp-1424461765.54-184834253412898/ec2 /home/ec2-user/.ansible/tmp/ansible-tmp-1424461765.54-184834253412898/arguments; rm -rf /home/ec2-user/.ansible/tmp/ansible-tmp-1424461765.54-184834253412898/ >/dev/null 2>&1']
failed: [localhost -> 127.0.0.1] => {"failed": true, "parsed": false}
usage: ec2 [-h] [--list] [--host HOST] [--refresh-cache]
ec2: error: unrecognized arguments: /home/ec2-user/.ansible/tmp/ansible-tmp-1424461765.54-184834253412898/arguments
FATAL: all hosts have already failed -- aborting
PLAY RECAP ********************************************************************
to retry, use: --limit #/home/ec2-user/basic-create.retry
localhost : ok=2 changed=0 unreachable=0 failed=1
The key_name parameter in Ansible ec2 module refers to the ssh public key you uploaded or created(if you want to reuse the previous key) in your AWS account. You may want to verify it matches the name you specified in the AWS account.
My guess is that the key name in you AWS account is sobrr-staging, not sobrr-staging.pem
Try use sobrr-staging and see how that goes.