Ansible ec2_key module with openSUSE 小記
OS: openSUSE Leap 15
Ansible: 2.7.8
Requirements ( on host that executes module )
- boto
- boto3
- Python >= 2.6
首先來查詢 boto 是否有安裝
# zypper search boto
Loading repository data...
Reading installed packages...
S | Name | Summary | Type
--+-------------------------------+----------------------------------------+--------
i | google-roboto-fonts | Mechanical yet friendly fonts | package
| google-roboto-mono-fonts | Google Roboto Mono fonts | package
| python-gcs-oauth2-boto-plugin | GCE Storage plugin for OAuth2 | package
i | python2-boto | Amazon Web Services Library | package
| python2-boto3 | Amazon Web Services Library | package
| python2-botocore | Python interface for AWS | package
| python3-boto | Amazon Web Services Library | package
| python3-boto3 | Amazon Web Services Library | package
安裝 boto3
# pip install boto3
Requirement already satisfied: six>=1.5 in /usr/lib/python3.6/site-packages (from python-dateutil<3.0.0,>=2.1; python_version >= "2.7"->botocore<1.13.0,>=1.12.130->boto3) (1.11.0)
awscli 1.16.135 has requirement botocore==1.12.125, but you'll have botocore 1.12.130 which is incompatible.
Installing collected packages: botocore, boto3
Found existing installation: botocore 1.12.125
Uninstalling botocore-1.12.125:
Successfully uninstalled botocore-1.12.125
Successfully installed boto3-1.9.130 botocore-1.12.130
有出現 awscli 1.16.135 要求 botocore 版本是 1.12.125 但是我們裝了 1.12.130
暫時先觀察一下
參考官方文件
連接的寫法像下列的方式
- hosts: localhost
connection: local
gather_facts: False
驗證的部份, 方式有兩種
- 以 export 變數的方式
- export AWS_ACCESS_KEY_ID='AK123'
- export AWS_SECRET_ACCESS_KEY='abc123'
- 存放在 playbook 中, 例如是 vars_file , 但是我覺得我會比較喜歡使用 vars_prompt , 但是缺點就是每個 ec2 moudle 都要寫 aws_access_key 與 aws_secret_key 這兩個參數
- aws_access_key: "{{aws_access_key_id}}"
- aws_secret_key: "{{aws_secret_access_key}}"
來建立一個測試用的 yaml 檔案
> vi aws_create_ec2_key.yml
---
# AWS 相關測試
# edit by sakana 2019/4/14
# 官方建議的方式
- hosts: localhost
connection: local
gather_facts: False
#
vars_prompt:
#要求使用者輸入 access key id 與 secret access key
- name: "aws_access_key_id"
prompt: "Enter aws_access_key_id"
private: no
- name: "aws_secret_access_key"
prompt: "Enter aws_secret_access_key"
private: no
- name: "aws_region"
prompt: "Enter AWS Region"
private: no
default: us-east-2
#詢問 key name
- name: "ec2_key_name"
prompt: "Enter ec2 key name"
private: no
tasks:
- name: Create EC2 key pair
ec2_key:
aws_access_key: "{{ aws_access_key_id }}"
aws_secret_key: "{{ aws_secret_access_key }}"
name: "{{ ec2_key_name }}"
region: "{{ aws_region }}"
state: present
#使用 register 之後來將 key 匯出
register: ec2_key_result
# 使用copy module 來將傳回的資訊複製成檔案, 並設定權限
- name: Save private key
copy:
content: "{{ ec2_key_result.key.private_key }}"
dest: "~/{{ec2_key_name}}.pem"
mode: 0400
參考網路上的作法, 使用 register 搭配 copy module 來儲存 key 並設定 permission
- 我將 key 存放到 家目錄然後儲存為 ec2_key_name.pem
來進行實際測試
> ansible-playbook aws_create_ec2_key.yml
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
Enter aws_access_key_id: 輸入YOUR_ACCESS_KEY_ID
Enter aws_secret_access_key: 輸入YOUR_SECRET_ACCESS_KEY
Enter AWS Region [us-east-2]:
Enter ec2 key name: test20190414
PLAY [localhost] **********************************************************************************************************************************
TASK [Create EC2 key pair] ************************************************************************************************************************
changed: [localhost]
TASK [Save private key] ***************************************************************************************************************************
changed: [localhost]
PLAY RECAP ****************************************************************************************************************************************
localhost : ok=2 changed=2 unreachable=0 failed=0
觀察相關資訊
按照我們 playbook 內的設定, 存放到使用者家目錄
> ls -l ~/test20190414.pem
-r-------- 1 sakana users 1670 4月 14 11:42 /home/sakana/test20190414.pem
也可以到 Manage Console 觀察
接下來用同樣的方式測試移除 EC2 Key pair
> vi aws_remove_ec2_key.yml
---
# AWS 相關測試
# edit by sakana 2019/4/14
# 官方建議的方式
- hosts: localhost
connection: local
gather_facts: False
#
vars_prompt:
#要求使用者輸入 access key id 與 secret access key
- name: "aws_access_key_id"
prompt: "Enter aws_access_key_id"
private: no
- name: "aws_secret_access_key"
prompt: "Enter aws_secret_access_key"
private: no
- name: "aws_region"
prompt: "Enter AWS Region"
private: no
default: us-east-2
#詢問 key name
- name: "ec2_key_name"
prompt: "Enter ec2 key name"
private: no
tasks:
- name: Create EC2 key pair
ec2_key:
aws_access_key: "{{ aws_access_key_id }}"
aws_secret_key: "{{ aws_secret_access_key }}"
name: "{{ ec2_key_name }}"
region: "{{ aws_region }}"
state: absent
主要就是 state 換成 absent
> ansible-playbook aws_remove_ec2_key.yml
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
Enter aws_access_key_id: 輸入YOUR_ACCESS_KEY_ID
Enter aws_secret_access_key: 輸入YOUR_SECRET_ACCESS_KEY
Enter AWS Region [us-east-2]:
Enter ec2 key name: test20190414
PLAY [localhost] **********************************************************************************************************************************
TASK [Create EC2 key pair] ************************************************************************************************************************
changed: [localhost]
PLAY RECAP ****************************************************************************************************************************************
localhost : ok=1 changed=1 unreachable=0 failed=0
可以到 Manage Console 觀察 Key Pair 有沒有被刪除
也記得去刪除家目錄下面的 Key
踏出 Ansible with AWS 一小步
~ enjoy it
Reference:
沒有留言:
張貼留言