星期日, 4月 14, 2019

Ansible ec2_key module with openSUSE 小記

Ansible ec2_key module with openSUSE 小記

OS: openSUSE Leap 15
Ansible: 2.7.8

Requirements ( on host that executes module )
  • boto
  • boto3
  • Python >= 2.6

首先來查詢 boto 是否有安裝

# zypper  search  boto

Loading repository data...
Reading installed packages...

S | Name                          | Summary       | Type
--+-------------------------------+----------------------------------------+--------
i | google-roboto-fonts           | Mechanical yet friendly fonts       | package
 | google-roboto-mono-fonts      | Google Roboto Mono fonts         | package
 | python-gcs-oauth2-boto-plugin | GCE Storage plugin for OAuth2          | package
i | python2-boto                  | Amazon Web Services Library       | package
 | python2-boto3                 | Amazon Web Services Library         | package
 | python2-botocore              | Python interface for AWS         | package
 | python3-boto                  | Amazon Web Services Library         | package
 | python3-boto3                 | Amazon Web Services Library         | package


安裝 boto3
# pip  install  boto3

Requirement already satisfied: six>=1.5 in /usr/lib/python3.6/site-packages (from python-dateutil<3.0.0,>=2.1; python_version >= "2.7"->botocore<1.13.0,>=1.12.130->boto3) (1.11.0)
awscli 1.16.135 has requirement botocore==1.12.125, but you'll have botocore 1.12.130 which is incompatible.
Installing collected packages: botocore, boto3
 Found existing installation: botocore 1.12.125
   Uninstalling botocore-1.12.125:
     Successfully uninstalled botocore-1.12.125
Successfully installed boto3-1.9.130 botocore-1.12.130

有出現 awscli 1.16.135 要求 botocore 版本是 1.12.125 但是我們裝了 1.12.130
暫時先觀察一下

參考官方文件

連接的寫法像下列的方式
- hosts: localhost
 connection: local
 gather_facts: False

驗證的部份, 方式有兩種
  • 以 export 變數的方式
    • export AWS_ACCESS_KEY_ID='AK123'
    • export AWS_SECRET_ACCESS_KEY='abc123'
  • 存放在 playbook 中, 例如是 vars_file , 但是我覺得我會比較喜歡使用 vars_prompt , 但是缺點就是每個 ec2 moudle 都要寫 aws_access_key 與 aws_secret_key 這兩個參數
    • aws_access_key: "{{aws_access_key_id}}"
    • aws_secret_key: "{{aws_secret_access_key}}"




來建立一個測試用的 yaml 檔案
> vi   aws_create_ec2_key.yml

---
# AWS 相關測試
# edit by sakana 2019/4/14
# 官方建議的方式
- hosts: localhost
 connection: local
 gather_facts: False
#

 vars_prompt:
#要求使用者輸入 access key id 與 secret access key
   - name: "aws_access_key_id"
     prompt: "Enter aws_access_key_id"
     private: no

   - name: "aws_secret_access_key"
     prompt: "Enter aws_secret_access_key"
     private: no

   - name: "aws_region"
     prompt: "Enter AWS Region"
     private: no
     default: us-east-2

#詢問 key name
   - name: "ec2_key_name"
     prompt: "Enter ec2 key name"
     private: no


 tasks:
   - name: Create EC2 key pair
     ec2_key:
       aws_access_key: "{{ aws_access_key_id }}"
       aws_secret_key: "{{ aws_secret_access_key }}"
       name: "{{ ec2_key_name }}"
       region: "{{ aws_region }}"
       state: present
#使用 register 之後來將 key 匯出  
     register: ec2_key_result

# 使用copy module 來將傳回的資訊複製成檔案, 並設定權限
   - name: Save private key
     copy:
       content: "{{ ec2_key_result.key.private_key }}"
       dest: "~/{{ec2_key_name}}.pem"
       mode: 0400




參考網路上的作法, 使用 register 搭配 copy module 來儲存 key 並設定 permission

來進行實際測試

> ansible-playbook  aws_create_ec2_key.yml

[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'

Enter aws_access_key_id:  輸入YOUR_ACCESS_KEY_ID
Enter aws_secret_access_key: 輸入YOUR_SECRET_ACCESS_KEY
Enter AWS Region [us-east-2]:
Enter ec2 key name: test20190414

PLAY [localhost] **********************************************************************************************************************************

TASK [Create EC2 key pair] ************************************************************************************************************************
changed: [localhost]

TASK [Save private key] ***************************************************************************************************************************
changed: [localhost]

PLAY RECAP ****************************************************************************************************************************************
localhost                  : ok=2 changed=2 unreachable=0    failed=0  

觀察相關資訊
按照我們 playbook 內的設定, 存放到使用者家目錄
> ls  -l   ~/test20190414.pem
-r-------- 1 sakana users 1670  4月 14 11:42 /home/sakana/test20190414.pem

也可以到 Manage Console 觀察


接下來用同樣的方式測試移除 EC2 Key pair

> vi   aws_remove_ec2_key.yml

---
# AWS 相關測試
# edit by sakana 2019/4/14
# 官方建議的方式
- hosts: localhost
 connection: local
 gather_facts: False
#

 vars_prompt:
#要求使用者輸入 access key id 與 secret access key
   - name: "aws_access_key_id"
     prompt: "Enter aws_access_key_id"
     private: no

   - name: "aws_secret_access_key"
     prompt: "Enter aws_secret_access_key"
     private: no

   - name: "aws_region"
     prompt: "Enter AWS Region"
     private: no
     default: us-east-2

#詢問 key name
   - name: "ec2_key_name"
     prompt: "Enter ec2 key name"
     private: no


 tasks:
   - name: Create EC2 key pair
     ec2_key:
       aws_access_key: "{{ aws_access_key_id }}"
       aws_secret_key: "{{ aws_secret_access_key }}"
       name: "{{ ec2_key_name }}"
       region: "{{ aws_region }}"
       state: absent

主要就是 state 換成 absent

> ansible-playbook  aws_remove_ec2_key.yml

[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'

Enter aws_access_key_id: 輸入YOUR_ACCESS_KEY_ID
Enter aws_secret_access_key: 輸入YOUR_SECRET_ACCESS_KEY
Enter AWS Region [us-east-2]:
Enter ec2 key name: test20190414

PLAY [localhost] **********************************************************************************************************************************

TASK [Create EC2 key pair] ************************************************************************************************************************
changed: [localhost]

PLAY RECAP ****************************************************************************************************************************************
localhost                  : ok=1 changed=1 unreachable=0    failed=0   

可以到 Manage Console 觀察 Key Pair 有沒有被刪除
也記得去刪除家目錄下面的 Key

踏出 Ansible with AWS 一小步
~ enjoy it


Reference:

沒有留言: