I am new to Ansible. I am able to test it and its working fine with my test requirment. For making connection between management node and the client node I am using already created ssh key pair. How can I use another node with different SSH key pair? For reference I am considering 3 ec2-instance with different key pairs.
Good news- in a basic use case, this is fairly easy. Simply use the ansible_ssh_private_key_file parameter in your Ansible inventory.
Here are some examples purloined from my personal file:
$ cat hosts.ini
[server1]
54.1.2.3 ansible_ssh_private_key_file=~/.ssh/server1.pem
[testservers]
ec2-54-2-3-4.compute-1.amazonaws.com ansible_ssh_private_key_file=~/.ssh/aws-testserver.pem ansible_ssh_user=ubuntu
ec2-54-2-3-5.compute-1.amazonaws.com ansible_ssh_private_key_file=~/.ssh/aws-testserver.pem ansible_ssh_user=ubuntu
[piwall]
10.0.0.88 ansible_ssh_private_key_file=~/.ssh/raspberrypi.pem ansible_ssh_user=pi
tedder42 is correct, however, there is a better way of doing it.
See ansible_ssh_private_key_file here.
I have in my host files the following
# SSH Keys configuration
[all_servers:vars]
ansible_ssh_private_key_file = <YOUR PRIVATE KEY LOCATION>
# Server configuration
[all_servers:children]
elastic_servers
nginx_servers
[elastic_servers]
44.22.11.22
44.55.66.77
22.11.22.33
[nginx_servers]
22.24.123.123
233.111.222.11
If you have multiple keys configuration, you can do something like the following
[nginx:vars]
ansible_ssh_private_key_file = <YOUR PRIVATE KEY LOCATION>
[app:vars]
ansible_ssh_private_key_file = <YOUR 2nd PRIVATE KEY LOCATION>
[nginx:children]
nginx_servers
[app:children]
app_servers
[nginx_servers]
1.2.3.4
[app_servers]
5.5.5.5
6.6.6.6
That's way cleaner than tedder42 answer. This is useful if you have multiple keys for multiple servers.
Otherwise, you can include your key in ansible.cfg file instead.
Related
For example,
I have 100 IP, I want to collect their hostnames or product type. I know Saltstack has this feature via a simple --output=json # or yaml.
How should I save this result to JSON format even a CSV file fast?
According to Ansible Callback, I can edit ansible.cfg to use a JSON callback. But can I only use specific callback form time to time? I don't want to use specific callback all the time.
If fact_caching is enabled you can according setup_module Examples just run something like
ansible test --ask-pass -m setup --args 'filter=ansible_fqdn'
and find via cat /tmp/ansible/facts_cache/test.example.com a result like
ansible_fqdn: test.example.com
discovered_interpreter_python: /usr/bin/python
depending on your configuration. See Enabling inventory cache plugins for more information.
Need to launch ad-hook commands like "-m ping" on existing ec2 instances, but it requred key-pair.
How to set key-pair for boto, like "aws_access_key_id" stored in ~/.aws/credentials ?
Also, have a problem invertory:
i got "invertory" folder near Ansible, where stored both local hosts and aws_ec2.yml file. But ansible-invertory --list works only for aws_ec2.yml file...
You can declare appropriate credentials and other host-sensitive variable right in the inventory file.
I.e.:
[ec2fleet]
35.... ansible_ssh_user=ec2-user
15.... ansible_ssh_user=ubuntu
[ec2fleet:vars]
ansible_user=deployer
ansible_ssh_private_key_file=/home/deployer/.ssh/deployer.pem
I have a problem with groups variables.
Example: I have two inventory groups group_A and group_B, and also have the same name files in group_vars:
inventories/
hosts.inv
[group_A]
server1
server2
[group_B]
server3
server4
group_vars/
group_A - file
var_port: 9001
group_B - file
var_port: 9002
The problem is when i execute:
ansible-playbook playbooks/playbook.yml -i inventories/hosts.inv -l group_B
playbook was executed for proper scope of servers (server3, server4) but it takes variables from group variables file group_A.
expected result: var_port: 9002
in realty : var_port: 9001
ansible 2.4.2.0
BR Oleg
I included ANSIBLE_DEBUG , and what i have found:
2018-05-03 15:23:23,663 p=129458 u=user | 129458 1525353803.66336: Loading data from /ansible/inventories/prod/group_vars/group_B.yml
2018-05-03 15:23:23,663 p=129458 u=user | 129661 1525353803.66060: in run() - task 00505680-eccc-d94e-2b1b-0000000000f4
2018-05-03 15:23:23,664 p=129458 u=user | 129661 1525353803.66458: calling self._execute()
2018-05-03 15:23:23,665 p=129458 u=user | 129458 1525353803.66589: Loading data from /ansible/inventories/prod/group_vars/group_A.yml
on playbook execution ansible scan all files with variables in folder group_vars which have variable "var_port", last will win.....
as you can found in another topic:
Ansible servers/groups in development/production
and from documentation:
http://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable
Note
Within any section, redefining a var will overwrite the previous instance. If multiple groups have the same variable, **the last one loaded wins**. If you define a variable twice in a play’s vars: section, the **2nd one wins**.
For me now NOT clear how to manage configuration files. In this case I must use unique variables names for each group, but it is not possible regarding roles, or should I use include_vars when i call playbook?
Super example how to manage variables files in multistage environment from DigitalOcean
How to Manage Multistage Environments with Ansible
I believe that the problem here, while not explicitly stated in the original question, is that Server{1,2} and Server{3,4} are actually the same servers in 2 different groups at the same level.
I ran into this problem which caused me to do some digging. I don't agree with it, but it is as designed. This was even fixed with full compatibility and the pull request was rejected
Discussion
Pull Request
I've a hosts file with 4 host ip's and I'm always using "ansible_connection=ssh ansible_ssh_user=user ansible_ssh_pass=pass" besides host ip to verify the connection.
But, this is difficult to add these many times. Could someone please tell me where can I keep common these parameters and pass it to all my host ip's at a time?
Create file in directory all in directory group_vars with the content.
ansible_connection:ssh
ansible_ssh_user:user
ansible_ssh_pass:pass
It should work.
I am kicking machines with cobbler to install redhat 6 and also put in hostname.
I am managing my machines with /etc/hosts file right now (may switch to dns in the future) and would like to have puppet (or anything that will work) parse through /etc/hosts and find my ip address and hostname (based on the hostname supplied by cobbler at kickstart). The trick is that some machines have multiple IP's and hostnames in the /etc/hosts file, like such:
# Maintenance Network
192.168.80.192 testsrv01-maint
192.168.80.193 testsrv02-maint
192.168.80.194 testsrv03-maint
# Lights Out Network
192.168.120.192 testsrv01-ilo
192.168.120.193 testsrv02-ilo
192.168.120.194 testsrv03-ilo
# Primary Data Network
192.168.150.192 testsrv01-pri
192.168.150.193 testsrv02-pri
192.168.150.194 testsrv03-pri
# Secondary Data Network
192.168.200.192 testsrv01-sec
192.168.200.193 testsrv02-sec
192.168.200.194 testsrv03-sec
I need to capture each ip and hostname pair (in a line) and transpose into /etc/sysconfig/network-scripts/ifcfg-eth* (eth1, eth2, eth3, ...). Puppet will need to create as many ifcfg-eth* files as there are matches in /etc/hosts for the hostname.
I just need puppet to append the $IP and $hostname to the ifcfg-eth file, the rest of the content is common.
So how would I get 4x ifcfg-eth files for 'testsrv01', with puppet?
Puppet is a very ill fit for this task. This calls for a script, which Puppet does not support. Puppet allows you to declare a piece of machine state that can portably enforced on different platforms.
The task is simple enough for a Shell or Perl Script.
With Puppet, it would entail the following scripts
writing custom facts to retrieve each address / hostname pair
devising a defined type to render such a pair into an ethX file
You'd possibly even need to generate the respective manifest, so that the appropriate interface index is chosen for each address.
All things considered, you would not make use of Puppet's strengths and suffer some of its weaknesses.