Connecting to existing ec2 instances
72 views
Skip to first unread message
nathan chu
Nov 12, 2015, 4:38:16 PM11/12/15
to Ansible Project
Hi,
I recently inherited an Ansible deployment that manages some EC2 instances and I have a couple questions. I am unable to find a pem file/ssh key on the local file system, but somehow Ansible is able to connect to the instances it creates and run shell scripts. How is this possible? I'm not trying to enhance the existing playbooks to update some data via a script on a central/master server in our deployment every time we create a new instance, but I'm having trouble connecting to the instance. How can I use whatever mechanism is in place for the recently provisioned instances to access this single (relatively static) instance?
Thanks,
Nate
I recently inherited an Ansible deployment that manages some EC2 instances and I have a couple questions. I am unable to find a pem file/ssh key on the local file system, but somehow Ansible is able to connect to the instances it creates and run shell scripts. How is this possible? I'm not trying to enhance the existing playbooks to update some data via a script on a central/master server in our deployment every time we create a new instance, but I'm having trouble connecting to the instance. How can I use whatever mechanism is in place for the recently provisioned instances to access this single (relatively static) instance?
Thanks,
Nate
nathan chu
Nov 12, 2015, 5:10:18 PM11/12/15
to Ansible Project
*typo: not --> now. there's a nice one-letter semantic change, lol.
On Thursday, November 12, 2015 at 4:38:16 PM UTC-5, nathan chu wrote:
Hi,
I recently inherited an Ansible deployment that manages some EC2 instances and I have a couple questions. I am unable to find a pem file/ssh key on the local file system, but somehow Ansible is able to connect to the instances it creates and run shell scripts. How is this possible? I'm now trying to enhance the existing playbooks to update some data via a script on a central/master server in our deployment every time we create a new instance, but I'm having trouble connecting to the instance. How can I use whatever mechanism is in place for the recently provisioned instances to access this single (relatively static) instance?
Thanks,
Nate
nathan chu
Nov 12, 2015, 5:17:34 PM11/12/15
to Ansible Project
My existing instances are provisioned thusly:
tasks:
- name: Provision an instance
ec2: >
aws_access_key={{ec2_access_key}}
aws_secret_key={{ec2_secret_key}}
keypair={{mykeypair}}
group_id={{security_group}}
instance_type={{instance_type}}
image={{image}}
region={{region}}
wait=true
count=1
vpc_subnet_id={{ subnet_name }}
instance_tags='{"Name":"{{ name }}","InternalName":"{{ internal_name }}"}'
register: ec2_info
- debug: var=ec2_info
- debug: var=item
with_items: ec2_info.instance_ids
- debug: var=item
with_items: ec2_info.instances
- name: add host to host list
add_host: hostname={{ item.public_ip }} groupname=ec2hosts
with_items: ec2_info.instances
- name: wait for instances to listen on port:22
wait_for:
state=started
host={{ item.private_dns_name }}
port=22
with_items: ec2_info.instances
- hosts: ec2hosts
gather_facts: True
user: ec2-user
sudo: True
roles:
- { role: common, XXXextra instance variablesXXX } <--- this role (in main.yml) calls a number of scripts and shell commands on the instance. How can it connect? and how can I replicate that connection?
tasks:
- name: Provision an instance
ec2: >
aws_access_key={{ec2_access_key}}
aws_secret_key={{ec2_secret_key}}
keypair={{mykeypair}}
group_id={{security_group}}
instance_type={{instance_type}}
image={{image}}
region={{region}}
wait=true
count=1
vpc_subnet_id={{ subnet_name }}
instance_tags='{"Name":"{{ name }}","InternalName":"{{ internal_name }}"}'
register: ec2_info
- debug: var=ec2_info
- debug: var=item
with_items: ec2_info.instance_ids
- debug: var=item
with_items: ec2_info.instances
- name: add host to host list
add_host: hostname={{ item.public_ip }} groupname=ec2hosts
with_items: ec2_info.instances
- name: wait for instances to listen on port:22
wait_for:
state=started
host={{ item.private_dns_name }}
port=22
with_items: ec2_info.instances
- hosts: ec2hosts
gather_facts: True
user: ec2-user
sudo: True
roles:
- { role: common, XXXextra instance variablesXXX } <--- this role (in main.yml) calls a number of scripts and shell commands on the instance. How can it connect? and how can I replicate that connection?
Brian Coca
Nov 12, 2015, 5:30:54 PM11/12/15
to Ansible Project
run ansible with -vvvvv and you should see the full ssh command used,
that should point at a key, if not you likely have an agent or the ssh
user/password info in inventory.
--
Brian Coca
that should point at a key, if not you likely have an agent or the ssh
user/password info in inventory.
--
Brian Coca
nathan chu
Nov 13, 2015, 8:30:10 AM11/13/15
to ansible...@googlegroups.com
Thanks Brian. That's some helpful debugging advice.
--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/NXRnNNIv5_Q/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAJ5XC8mVKJPrQ0rmAUZWkMr-h8zbvVgALfiA9DMhserOUJVgoQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Joanna Delaporte
Nov 13, 2015, 8:46:39 AM11/13/15
to Ansible Project
I would grep -r your ansible directory for mykeypair. Since it is a variable specified in your playbook, either you need to define that on the command line with extra-vars, or the name of the keypair is written as a variable in a file somewhere (vars file, hosts file,etc).
grep -r "mykeypair" /etc/ansible
Joanna
grep -r "mykeypair" /etc/ansible
Joanna
nathan chu
Nov 13, 2015, 9:36:42 AM11/13/15
to Ansible Project
Joanna - thanks; I don't see any references to that variable in /etc/ansible, and the only places I see it in my playbook directory are references to the amazon key name, no files.
I think the problem may be orthogonal to what I was thinking of yesterday, though. I tried running my existing Ansible script with the debug output, as suggested earlier - this also failed with an SSH key problem. On further investigation, I realized that Ansible Tower provides a credentials repository, so, It might 'just work' through the Tower interface. I was hoping to debug my script through the terminal, but since everything else we do runs through Tower, I'll try testing through there.
Thanks for the help!
Nate
Brian Coca
Nov 13, 2015, 1:27:32 PM11/13/15
to Ansible Project
ah, that is totally different question, tower keeps it's credentials
in it's own store. Also for tower questions go to support.ansible.com
sup...@ansible.com
--
Brian Coca
in it's own store. Also for tower questions go to support.ansible.com
sup...@ansible.com
--
Brian Coca
Reply all
Reply to author
Forward
0 new messages