星期二, 2月 20, 2018

Ansible azure module - Dynamic inventory 小記

Ansible azure module - Dynamic inventory 小記

OS: openSUSE Leap 42.3 in Azure

今天來嘗試 使用 Ansible 的 Dynamic inventory 在 Azure

官方文件 Use Ansible to manage your Azure dynamic inventories

不過說真的, 個人不覺得一般的人類可以看完這個文件直接實作成功 :p

因為他是有些必要條件的
  • 安裝 Azure python SDK
  • 安裝 ansible 套件然後不能跟 python 衝突( 符合 python 套件需要 )
  • 下載 azure_rm.py
  • 已經設定好 ~/.azure/credentials ( 他寫在 azure_rm.py 裏面要逼死誰 ??  )
  • 手動處理一些例外狀況 …..

開始之前先紀錄自己的經驗( 血淚 )

Ansible and Python3

在安裝相關套件的時候, 大家會用 pip 指令( 官方也是寫 pip 喔 )

但是 pip 指令到底是 python2 or python3 ???

先用 which 指令查詢 pip 路徑

# which   pip
/usr/bin/pip

ls 一下, 發現他是個 link, 指向 /etc/alternatives/pip
# ls -l  /usr/bin/pip
lrwxrwxrwx 1 root root 21 Jan 14 19:24 /usr/bin/pip -> /etc/alternatives/pip

觀察檔案, 看起來是指向 pip3.4 ( 我想這就是有些慘案發生的原因 …  )
# cat   /etc/alternatives/pip
#!/usr/bin/python3
# EASY-INSTALL-ENTRY-SCRIPT: 'pip==7.1.2','console_scripts','pip3.4'
__requires__ = 'pip==7.1.2'
import sys
from pkg_resources import load_entry_point

if __name__ == '__main__':
   sys.exit(
       load_entry_point('pip==7.1.2', 'console_scripts', 'pip3.4')()
   )

安裝 python-pip 套件 ( 非 python3-pip, 且預設 python3-pip 已經安裝 )

# zypper  install  python-pip
Loading repository data...
Reading installed packages...
Resolving package dependencies...

The following 6 NEW packages are going to be installed:
 python-appdirs python-packaging python-pip python-pyparsing python-setuptools python-six

6 new packages to install.
Overall download size: 2.0 MiB. Already cached: 0 B. After the operation, additional 9.1 MiB will be used.
Continue? [y/n/...? shows all options] (y):  Y

這個時候才會有 pip2 的指令

檢查 pip 版本
# pip2  --version
pip 7.1.2 from /usr/lib/python2.7/site-packages (python 2.7)

首要之務, 就是先升級 pip 版本
# pip2  install  --upgrade  pip

# pip2  install  --upgrade  pip
Collecting pip
 Downloading pip-9.0.1-py2.py3-none-any.whl (1.3MB)
   100% |████████████████████████████████| 1.3MB 94kB/s
Installing collected packages: pip
 Found existing installation: pip 7.1.2
   Uninstalling pip-7.1.2:
     Successfully uninstalled pip-7.1.2
Successfully installed pip-9.0.1

檢查 pip 版本為最新
# pip2  --version
pip 9.0.1 from /usr/lib/python2.7/site-packages (python 2.7)


安裝 ansible 以及 azure SDK
# pip2  install  ansible[azure]

怎麼驗證 ansible 有符合相對應的版本呢?
如果出現 相關資訊那就沒有問題
# ansible  --version
ansible 2.4.3.0
 config file = None
 configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
 ansible python module location = /usr/lib/python2.7/site-packages/ansible
 executable location = /usr/bin/ansible
 python version = 2.7.13 (default, Jan 03 2017, 17:41:54) [GCC]


如果是 pip 導向 pip3 安裝的 ansible 就會出現下列的錯誤訊息 ( 淚 ~ )

# ansible  --verison
ERROR! Unexpected Exception, this is probably a bug: unsupported operand type(s) for %: 'bytes' and 'bytes'
the full traceback was:

Traceback (most recent call last):
 File "/usr/bin/ansible", line 85, in <module>
   mycli = getattr(__import__("ansible.cli.%s" % sub, fromlist=[myclass]), myclass)
 File "/usr/lib/python3.4/site-packages/ansible/cli/__init__.py", line 38, in <module>
   from ansible.inventory.manager import InventoryManager
 File "/usr/lib/python3.4/site-packages/ansible/inventory/manager.py", line 44, in <module>
   IGNORED_EXTS = [b'%s$' % to_bytes(re.escape(x)) for x in C.INVENTORY_IGNORE_EXTS]
 File "/usr/lib/python3.4/site-packages/ansible/inventory/manager.py", line 44, in <listcomp>
   IGNORED_EXTS = [b'%s$' % to_bytes(re.escape(x)) for x in C.INVENTORY_IGNORE_EXTS]
TypeError: unsupported operand type(s) for %: 'bytes' and 'bytes'

好吧, 下一步就是下載 azure_rm.py

使用 wget 指令取得 azure_rm.py
# wget  https://raw.githubusercontent.com/ansible/ansible/devel/contrib/inventory/azure_rm.py

給與執行的權限
# chmod  a+x  azure_rm.py

開始執行第一次測試 ( 按照文件上面 )
針對 sakanatest 的資源群組 進行 ping 模組測試
# ansible  -i  azure_rm.py  sakanatest  -m  ping
[WARNING]:  * Failed to parse /root/azure_rm.py with script plugin: Inventory script (/root/azure_rm.py) had an execution error: Failed to get
credentials. Either pass as parameters, set environment variables, or define a profile in ~/.azure/credentials.

恩, 他可愛的 ~/.azure/credentials 說明是寫在 azure_rm.py 裏面

請參考這篇文章 http://sakananote2.blogspot.tw/2018/02/ansible-azure-module.html 建立你的驗證資訊

有了 ~/.azure/credentials 那就再來一次吧

# ansible  -i  azure_rm.py   sakanatest  -m  ping
The authenticity of host '52.179.3.77 (52.179.3.77)' can't be established.
ECDSA key fingerprint is SHA256:XsRhBadLUetPIn9wWb2AQQ03E3eg+YaEITxumPmX4o0.
Are you sure you want to continue connecting (yes/no)? The authenticity of host '13.90.214.129 (13.90.214.129)' can't be established.
ECDSA key fingerprint is SHA256:bS5jxhey+ybnCoKNawzzAXy0QOj7Am2ZGOd+0NOkekU.
Are you sure you want to continue connecting (yes/no)? yes

這邊會失敗的原因是我建立 VM 的時候是使用密碼的方式
嘗試加入 --ask-pass 方式來執行
# ansible  -i  azure_rm.py --ask-pass sakanatest  -m ping
SSH password:
test01 | FAILED! => {
   "msg": "to use the 'ssh' connection type with passwords, you must install the sshpass program"
}
test02 | FAILED! => {
   "msg": "to use the 'ssh' connection type with passwords, you must install the sshpass program"
}

被告知沒有裝 sshpass 套件, 那就裝吧
# zypper  install  sshpass

再次嘗試
# ansible  -i  azure_rm.py --ask-pass sakanatest  -m ping

SSH password:
test02 | FAILED! => {
   "msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this.  Please add this host's fingerprint to your known_hosts file to manage this host."
}
test01 | UNREACHABLE! => {
   "changed": false,
   "msg": "Authentication failure.",
   "unreachable": true
}

因為我剛剛加入 SSH 金鑰的時候只加入一把, 就會發現兩個錯誤訊息
  • test02 VM 金鑰沒有加入到 ~/.ssh/known_host 檔案
  • test01 VM 驗證錯誤

test01 VM 驗證錯誤應該是我是用 root 身份執行, 預設應該也是用 root 進行 ssh 連線
嘗試加上 -u 的選項指定使用者來試試看

# ansible  -i  azure_rm.py  --ask-pass  -u  sakana  sakanatest  -m ping
SSH password:
test02 | FAILED! => {
   "msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this.  Please add this host's fingerprint to your known_hosts file to manage this host."
}
test01 | SUCCESS => {
   "changed": false,
   "ping": "pong"
}

Test02 的部份, 解決方式大概就是
  • 將 金鑰加入 ~/.ssh/known_hosts
  • 在 ansible.cfg 內設定不用檢查 key ( 不建議, 但是實驗性質應該還好 )

建立一個 ansible.cfg, 設定不檢查 host key
# vi  ansible.cfg

[defaults]
host_key_checking = False
再次嘗試就發現成功了, 針對 sakanatest 資源群組的所有主機進行 ping 動作

# ansible  -i  azure_rm.py  --ask-pass  -u  sakana  sakanatest  -m ping

SSH password:
test01 | SUCCESS => {
   "changed": false,
   "ping": "pong"
}
test02 | SUCCESS => {
   "changed": false,
   "ping": "pong"
}

最後最重要的是記得看一次 azure_rm.py 透過 api 撈出來的主機資訊

# ./azure_rm.py   --pretty

又跨出一小步, 農曆年假也結束了 QQ



Reference



~ enjoy it

沒有留言: