Note: This is not the Consul by HashiCorp it is a different project: http://consulproject.org/
I'm not sure if this is a specific problem to the consul project or if anyone with knowledge of Ansible and EC2 would be able to solve it.
I am trying to deploy a Consul instance to an Amazon EC2 instance via the Installer. I've followed the instructions found here: https://github.com/consul/installer
I'm doing this from a Mac running macOS Sierra 10.12.6 which has Python 2.7 installed on it.
I downloaded the .pem file from AWS which is a Private Key for SSH authentication. I can SSH into the server via ssh -i [path to .pem file] ec2-user#[ip address of EC2 instance]
I've installed Ansible. When I run:
sudo ansible-playbook -v consul.yml -i hosts
"Please login as the user \"ec2-user\" rather than the user
\"root\".\r\n\r\n"
However, I have edit my group_vars/all file to include root_access: false so I'm not really sure what else needs to be done.
My git diff looks like this from the repository:
diff --git a/group_vars/all b/group_vars/all
index 85bf74d..cb3db37 100644
--- a/group_vars/all
+++ b/group_vars/all
## -10,10 +10,10 ## locale: en_US.UTF-8
# General settings
env: production
-root_access: true
-deploy_user: deploy
+root_access: false
+deploy_user: ec2-user
home_dir: "/home/{{ deploy_user }}"
-deploy_password: test
+deploy_password: <some really great password>
deploy_app_name: test
deploy_server_hostname: 127.0.0.1
consul_dir: "{{ home_dir }}/consul"
## -27,7 +27,7 ## shared_public_dirs:
- "system"
- "ckeditor_assets"
-ssh_public_key_path: "~/.ssh/id_rsa.pub"
+ssh_public_key_path: "[path to .pem file]"
# Ruby
ruby_version: 2.4.9
Do not run the ansible-playbook command with sudo. If the tasks in the playbook need root access (on the remote/managed host), then add become: true where necessary (i.e. either at a task level, play level, or in your Ansible config)
I needed to update the ansible_user.
To do this in this case, I added this line to the group_vars/all file
ansible_user: ec2-user
Related
I'm am using Ansible and want to automate my VPS & Homelab setups. I'm running into an issue, which is the initial connection.
If I have a fresh VPS that has never been used or logged into, how can I remotely configure the node from my laptop?
ansible.cfg
[defaults]
inventory = ./inventory
remote_user = root
host_key_checking = false
ansible_ssh_common_args = "-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
inventory
[homelab]
0.0.0.0 <--- actual IP here
./playbooks/add_pub_keys.yaml
---
- hosts: all
become: yes
tasks:
- name: Install public key on remote node
authorized_key:
state: present
user: root
key: "{{lookup('file','~/.ssh/homelab.pub')}}"
Command
ansible-playbook playbooks/add_public_keys.yaml
Now, this fails with permission denied, which makes sense because there is nothing that would allow connection to the remote node.
I tried adding -ask-pass to the command:
ansible-playbook playbooks/add_public_keys.yaml -ask-pass
and typing in the root password, but that fails and says I need sshpass, which is not recommended and not readily available to install on Mac due to security. How should I think about this initial setup process?
When I get issues like this I try and replicate the problem using ansible ad-hoc commands and go back to basics. It helps to prove where the issue is located.
Are you able to run ansible ad-hoc commands against your remote server using the password?
ansible -i ip, all -m shell -a 'uptime' -u root -k
If you can't, something is up with the password or possible in the ansible.cfg.
Installed Ansible AWX on CentOS 7 without docker. Want to add remote linux hosts(without password) to AWX and run play books and get the results. How to do it? Can any one help. One or two hosts I can add it in web page. How to add 100 remote hosts to AWX. Is there any AWX back end scripting is there to add N number of remote hosts to AWX? Thanks.
Create inventory file in git. Add it to projects in AWX. Create inventory with source as inventory project in AWX.
Your ssh keys will have to be stored in awx credentials.
Create inventory with credentials via web interface.
Sign in hosts with AWX via ssh.
ssh user#hostname
Sign in container awx_tasks
docker exec -it awx_task sh
Create or copy file with hosts ip/hostname
# cat hosts.ini
10.0.0.1
10.0.0.2
#
Add multiple hosts from file to inventory
awx-manage inventory_import \
--inventory-name my-inventory \
--source hosts.ini
Worked in my case, AWX 17.0.1
I am trying to copy a file from my Host Mac System to CentOS on a VM through Ansible Roles.
I have a folder created called Ansible Roles and under that I have used ansible-galaxy command and have created a role called tomcatdoccfg. helloworld.war is present in the root Ansible Roles folder.
The folder structure is as below :
Ansible tasks\main.yml playbook on Mac is as below:
- name: Copy war file to tmp
copy:
src: helloworld.war
dest: /tmp/helloworld.war
The helloworld.war file should be accessible for user abhilashdk(My Default MAC username). The CentOS VM also has a user called abhilashdk. I have configured ssh keys. Meaning I have generated ssh-keys -t rsa and moved the keys to the CentOS VM using ssh-copy-id and I am able to ping to VM using ansible -i hosts node1 -m ping command. I am able to install docker also on my node1 machine using ansible.
I have a main.yml file in the root Ansible Roles folder the contents of which is as below:
---
- hosts: node1
vars:
webapp:
app1:
PORT: 8090
NAME: webapp1
app2:
PORT: 8091
NAME: webapp2
become: true
roles:
- docinstall
- tomcatdoccfg
Now when I run the command ansible-playbook -i hosts main.yml I get the below error for Copy war file to tmp:
TASK [tomcatdoccfg : Copy war file to tmp] ************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: /Files/DevOps/Ansible/Ansible_roles/helloworld.war
fatal: [node1]: FAILED! => {"changed": false, "msg": "Could not find or access 'helloworld.war'\nSearched in:\n\t/Files/DevOps/Ansible/Ansible_roles/tomcatdoccfg/files/helloworld.war\n\t/Files/DevOps/Ansible/Ansible_roles/tomcatdoccfg/helloworld.war\n\t/Files/DevOps/Ansible/Ansible_roles/tomcatdoccfg/tasks/files/helloworld.war\n\t/Files/DevOps/Ansible/Ansible_roles/tomcatdoccfg/tasks/helloworld.war\n\t/Files/DevOps/Ansible/Ansible_roles/files/helloworld.war\n\t/Files/DevOps/Ansible/Ansible_roles/helloworld.war"}
I am not understanding what permissions should I give to hellowrold.war file so that my centos on vm will be able to access it through ansible playbook/roles.
Could anybody help me out how to solve this issue.
Thanks in Advance
adding as answer, so i can show the non-latin characters that the log you attached in the question includes:
note right before the helloworld.war.
Could be the reason why Ansible cant find the file on the FS.
To be on the safe side, i would delete the whole main.yml and rewrite it.
ansible-playbook -i hosts main.yml --ask-sudo-pass or ansible-playbook -i hosts main.yml --ask-pass
This params will ask you for sudo password for playbook operations
Whenever I run my playbook on my control machine I only see this:
PLAY RECAP *********************************************************************
So I get the feeling ansible is not finding my task file. Here is my directory structure (it's a git project in Eclipse):
ansible
ansible
dockerhosts.yml
hosts
roles
dockerhost
tasks
main.yml
My dockerhosts.yml:
---
- hosts: integration
roles: [dockerhost]
...
My hosts file:
[integration]
192.168.1.8
192.168.1.9
And my main.yml file:
- name: Install Docker CE from added Docker YUM repo
remote_user: installer
become: true
become_user: root
become_method: sudo
command: yum -y install docker-ce
I don't have any syntax errors clearly as it's running but for some reason it doesn't appear to find my main.yml file. I tried to see what user ansible runs under in case it's a question of file permissions but I haven't found anything.
I am running ansible-playbook dockerhosts.yml from the /ansible/ansible directory.
What am I doing wrong?
I have a hosts file but it's not in the /etc/ansible/hosts default location. As I showed in my question it's actually at the same level as dockerhosts.yml since this is a git project.
I used the -vvvv flag but that didn't tell me much. After running ansible-playbook -h I tried the -i flag and ran ansible-playbook dockerhosts.yml -i hosts and that actually did something.
It gave me SSH connection errors but it did more than just the blank PLAY RECAP I got before which to me means it's actually running the tasks now.
I'm very confused on how you are supposed to launch EC2 instances using Ansible.
I'm trying to use the ec2.py inventory scripts. I'm not sure which one is supposed to be used, because there is three installed with Ansible:
ansible/lib/ansible/module_utils/ec2.py
ansible/lib/ansible/modules/core/cloud/amazon/ec2.py
ansible/plugins/inventory/ec2.py
I thought running the one in inventory/ would make most sense, so I run it using:
ansible-playbook launch-ec2.yaml -i ec2.py
which gives me:
msg: Either region or ec2_url must be specified
So I add a region (even though I have a vpc_subnet_id specified) and I get:
msg: Region us-east-1e does not seem to be available for aws module boto.ec2. If the region definitely exists, you may need to upgrade boto or extend with endpoints_path
I'm thinking Amazon must have recently changed ec2 so you need to use a VPC? Even when I try and launch an instance from Amazon's console, the option for "EC2 Classic" is disabled.
When I try and use the ec2.py script in cloud/amazon/ I get:
ERROR: Inventory script (/software/ansible/lib/ansible/modules/core/cloud/amazon/ec2.py) had an execution error:
There are no more details than this.
After some searching, I see that ec2.py module in /module_utils has been changed so a region doesn't need to be specified. I try to run this file but get:
ERROR: The file /software/ansible/lib/ansible/module_utils/ec2.py is marked as executable, but failed to execute correctly. If this is not supposed to be an executable script, correct this with chmod -x /software/ansible/lib/ansible/module_utils/ec2.py.
So as the error suggests, I remove the executable permissions for the ec2.py file, but then get the following error:
ERROR: /software/ansible/lib/ansible/module_utils/ec2.py:30: Invalid ini entry: distutils.version - need more than 1 value to unpack
Does anyone have any ideas on how to get this working? What is the correct file to be using? I'm completely lost at this point on how to get this working.
There are several questions in your post. I'll try to summarise them in three items:
Is it still possible to launch instances in EC2 Classic (no VPC)?
How do I create a new EC2 instance using Ansible?
How to launch the dynamic inventory file ec2.py?
1. EC2 Classic
Your options will differ depending on when did you create your AWS account, the type of instance and the AMI virtualisation type used. Refs: aws account,instance type.
If none of the above parameters restricts the usage of EC2 classic you should be able to create a new instance without defining any VPC.
2. Create a new EC2 instance with Ansible
Since your instance doesn't exist yet a dynamic inventory file (ec2.py) is useless. Try to instruct ansible to run on your local machine instead.
Create a new inventory file, e.g. new_hosts with the following contents:
[localhost]
127.0.0.1
Then your playbook, e.g. create_instance.yml should use a local connection and hosts: localhost. See an example below:
--- # Create ec2 instance playbook
- hosts: localhost
connection: local
gather_facts: false
vars_prompt:
inst_name: "What's the name of the instance?"
vars:
keypair: "your_keypair"
instance_type: "m1.small"
image: "ami-xxxyyyy"
group: "your_group"
region: "us-west-2"
tasks:
- name: make one instance
ec2: image={{ image }}
instance_type={{ instance_type }}
keypair={{ keypair }}
instance_tags='{"Name":"{{ inst_name }}"}'
region={{ region }}
group={{ group }}
wait=true
register: ec2_info
- name: Add instances to host group
add_host: hostname={{ item.public_ip }} groupname=ec2hosts
with_items: ec2_info.instances
- name: Wait for SSH to come up
wait_for: host={{ item.public_dns_name }} port=22 delay=60 timeout=320 state=started
with_items: ec2_info.instances
This play will create an EC2 instance and it will register its public IP as an ansible host variable ec2hosts ie. as if you had defined it in the inventory file. This is useful if you want to provision the instance just created, just add a new play with hosts: ec2hosts.
Ultimately, launch ansible as follows:
export ANSIBLE_HOST_KEY_CHECKING=false
export AWS_ACCESS_KEY=<your aws access key here>
export AWS_SECRET_KEY=<your aws secret key here>
ansible-playbook -i new_hosts create_instance.yml
The purpose of the environment variable ANSIBLE_HOST_KEY_CHECKING=false is to avoid being prompted to add the ssh host key when connecting to the instance.
Note: boto needs to be installed on the machine that runs the above ansible command.
3. Use ansible's ec2 dynamic inventory
EC2 dynamic inventory is comprised of 2 files, ec2.py and ec2.ini. In your particular case, I believe that your issue is due to the fact that ec2.py is unable to locate ec2.ini file.
To solve your issue, copy ec2.py and ec2.ini to the same folder in the machine where you intend to run ansible, e.g. to /etc/ansible/.
Pre Ansible 2.0 release (change the branch accordingly).
cd /etc/ansible
wget https://raw.githubusercontent.com/ansible/ansible/stable-1.9/plugins/inventory/ec2.py
wget https://raw.githubusercontent.com/ansible/ansible/stabe-1.9/plugins/inventory/ec2.ini
chmod u+x ec2.py
For Ansible 2:
cd /etc/ansible
wget https://raw.githubusercontent.com/ansible/ansible/devel/contrib/inventory/ec2.py
wget https://raw.githubusercontent.com/ansible/ansible/devel/contrib/inventory/ec2.ini
chmod u+x ec2.py
Configure ec2.ini and run ec2.py, which should print an ini formatted list of hosts to stdout.