Ansible azure module - Dynamic inventory 小記
OS: openSUSE Leap 42.3 in Azure
今天來嘗試 使用 Ansible 的 Dynamic inventory 在 Azure
官方文件 Use Ansible to manage your Azure dynamic inventories
不過說真的, 個人不覺得一般的人類可以看完這個文件直接實作成功 :p
因為他是有些必要條件的
- 安裝 Azure python SDK
- 安裝 ansible 套件然後不能跟 python 衝突( 符合 python 套件需要 )
- 下載 azure_rm.py
- 已經設定好 ~/.azure/credentials ( 他寫在 azure_rm.py 裏面要逼死誰 ?? )
- 手動處理一些例外狀況 …..
開始之前先紀錄自己的經驗( 血淚 )
Ansible and Python3
- In both controller side and module code, we support Python-3.5 or greater and Python-2.6 or greater. Python-3.5 was chosen as a minimum because it is the earliest Python-3 version adopted as the default Python by a Long Term Support (LTS) Linux distribution
在安裝相關套件的時候, 大家會用 pip 指令( 官方也是寫 pip 喔 )
但是 pip 指令到底是 python2 or python3 ???
先用 which 指令查詢 pip 路徑
# which pip
/usr/bin/pip
ls 一下, 發現他是個 link, 指向 /etc/alternatives/pip
# ls -l /usr/bin/pip
lrwxrwxrwx 1 root root 21 Jan 14 19:24 /usr/bin/pip -> /etc/alternatives/pip
觀察檔案, 看起來是指向 pip3.4 ( 我想這就是有些慘案發生的原因 … )
# cat /etc/alternatives/pip
#!/usr/bin/python3
# EASY-INSTALL-ENTRY-SCRIPT: 'pip==7.1.2','console_scripts','pip3.4'
__requires__ = 'pip==7.1.2'
import sys
from pkg_resources import load_entry_point
if __name__ == '__main__':
sys.exit(
load_entry_point('pip==7.1.2', 'console_scripts', 'pip3.4')()
)
安裝 python-pip 套件 ( 非 python3-pip, 且預設 python3-pip 已經安裝 )
# zypper install python-pip
Loading repository data...
Reading installed packages...
Resolving package dependencies...
The following 6 NEW packages are going to be installed:
python-appdirs python-packaging python-pip python-pyparsing python-setuptools python-six
6 new packages to install.
Overall download size: 2.0 MiB. Already cached: 0 B. After the operation, additional 9.1 MiB will be used.
Continue? [y/n/...? shows all options] (y): Y
這個時候才會有 pip2 的指令
檢查 pip 版本
# pip2 --version
pip 7.1.2 from /usr/lib/python2.7/site-packages (python 2.7)
首要之務, 就是先升級 pip 版本
# pip2 install --upgrade pip
# pip2 install --upgrade pip
Collecting pip
Downloading pip-9.0.1-py2.py3-none-any.whl (1.3MB)
100% |████████████████████████████████| 1.3MB 94kB/s
Installing collected packages: pip
Found existing installation: pip 7.1.2
Uninstalling pip-7.1.2:
Successfully uninstalled pip-7.1.2
Successfully installed pip-9.0.1
檢查 pip 版本為最新
# pip2 --version
pip 9.0.1 from /usr/lib/python2.7/site-packages (python 2.7)
安裝 ansible 以及 azure SDK
# pip2 install ansible[azure]
怎麼驗證 ansible 有符合相對應的版本呢?
如果出現 相關資訊那就沒有問題
# ansible --version
ansible 2.4.3.0
config file = None
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.13 (default, Jan 03 2017, 17:41:54) [GCC]
如果是 pip 導向 pip3 安裝的 ansible 就會出現下列的錯誤訊息 ( 淚 ~ )
# ansible --verison
ERROR! Unexpected Exception, this is probably a bug: unsupported operand type(s) for %: 'bytes' and 'bytes'
the full traceback was:
Traceback (most recent call last):
File "/usr/bin/ansible", line 85, in <module>
mycli = getattr(__import__("ansible.cli.%s" % sub, fromlist=[myclass]), myclass)
File "/usr/lib/python3.4/site-packages/ansible/cli/__init__.py", line 38, in <module>
from ansible.inventory.manager import InventoryManager
File "/usr/lib/python3.4/site-packages/ansible/inventory/manager.py", line 44, in <module>
IGNORED_EXTS = [b'%s$' % to_bytes(re.escape(x)) for x in C.INVENTORY_IGNORE_EXTS]
File "/usr/lib/python3.4/site-packages/ansible/inventory/manager.py", line 44, in <listcomp>
IGNORED_EXTS = [b'%s$' % to_bytes(re.escape(x)) for x in C.INVENTORY_IGNORE_EXTS]
TypeError: unsupported operand type(s) for %: 'bytes' and 'bytes'
好吧, 下一步就是下載 azure_rm.py
使用 wget 指令取得 azure_rm.py
# wget https://raw.githubusercontent.com/ansible/ansible/devel/contrib/inventory/azure_rm.py
給與執行的權限
# chmod a+x azure_rm.py
開始執行第一次測試 ( 按照文件上面 )
針對 sakanatest 的資源群組 進行 ping 模組測試
# ansible -i azure_rm.py sakanatest -m ping
[WARNING]: * Failed to parse /root/azure_rm.py with script plugin: Inventory script (/root/azure_rm.py) had an execution error: Failed to get
credentials. Either pass as parameters, set environment variables, or define a profile in ~/.azure/credentials.
恩, 他可愛的 ~/.azure/credentials 說明是寫在 azure_rm.py 裏面
有了 ~/.azure/credentials 那就再來一次吧
# ansible -i azure_rm.py sakanatest -m ping
The authenticity of host '52.179.3.77 (52.179.3.77)' can't be established.
ECDSA key fingerprint is SHA256:XsRhBadLUetPIn9wWb2AQQ03E3eg+YaEITxumPmX4o0.
Are you sure you want to continue connecting (yes/no)? The authenticity of host '13.90.214.129 (13.90.214.129)' can't be established.
ECDSA key fingerprint is SHA256:bS5jxhey+ybnCoKNawzzAXy0QOj7Am2ZGOd+0NOkekU.
Are you sure you want to continue connecting (yes/no)? yes
這邊會失敗的原因是我建立 VM 的時候是使用密碼的方式
嘗試加入 --ask-pass 方式來執行
# ansible -i azure_rm.py --ask-pass sakanatest -m ping
SSH password:
test01 | FAILED! => {
"msg": "to use the 'ssh' connection type with passwords, you must install the sshpass program"
}
test02 | FAILED! => {
"msg": "to use the 'ssh' connection type with passwords, you must install the sshpass program"
}
被告知沒有裝 sshpass 套件, 那就裝吧
# zypper install sshpass
再次嘗試
# ansible -i azure_rm.py --ask-pass sakanatest -m ping
SSH password:
test02 | FAILED! => {
"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host."
}
test01 | UNREACHABLE! => {
"changed": false,
"msg": "Authentication failure.",
"unreachable": true
}
因為我剛剛加入 SSH 金鑰的時候只加入一把, 就會發現兩個錯誤訊息
- test02 VM 金鑰沒有加入到 ~/.ssh/known_host 檔案
- test01 VM 驗證錯誤
test01 VM 驗證錯誤應該是我是用 root 身份執行, 預設應該也是用 root 進行 ssh 連線
嘗試加上 -u 的選項指定使用者來試試看
# ansible -i azure_rm.py --ask-pass -u sakana sakanatest -m ping
SSH password:
test02 | FAILED! => {
"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host."
}
test01 | SUCCESS => {
"changed": false,
"ping": "pong"
}
Test02 的部份, 解決方式大概就是
- 將 金鑰加入 ~/.ssh/known_hosts
- 在 ansible.cfg 內設定不用檢查 key ( 不建議, 但是實驗性質應該還好 )
建立一個 ansible.cfg, 設定不檢查 host key
# vi ansible.cfg
[defaults]
host_key_checking = False
再次嘗試就發現成功了, 針對 sakanatest 資源群組的所有主機進行 ping 動作
# ansible -i azure_rm.py --ask-pass -u sakana sakanatest -m ping
SSH password:
test01 | SUCCESS => {
"changed": false,
"ping": "pong"
}
test02 | SUCCESS => {
"changed": false,
"ping": "pong"
}
最後最重要的是記得看一次 azure_rm.py 透過 api 撈出來的主機資訊
# ./azure_rm.py --pretty
又跨出一小步, 農曆年假也結束了 QQ
Reference
~ enjoy it
沒有留言:
張貼留言