All geek questions in one place

How to generate keypair and then ssh to aws instance all through ansible

I create Ansible Playbook and I created a new instance of AWS EC2. Now I want SSH in this instance and execute some commands. How can I do it? Is there a way to generate a key pair through an accessible one or is it better to use an existing one?

I looked at online resources for Ansible ec2 - created, completed, started or stopped an instance in ec2 ( http://docs.ansible.com/ansible/latest/ec2_module.html ), as well as online blogs. Although, I could not figure out how to SSH into an instance, or see an example online.

Using:

- name: Wait for SSH to come up wait_for: host: "{{ item.public_ip }}" port: 22 delay: 60 timeout: 320 state: started with_items: "{{ ec2.instances }}"

the following error is generated from the documentation using ansible-playbook:

"msg": "Timeout while waiting: 22"

An instance is also created without using shared DNS for SSH to the instance through the CLI.

Any help on how to ssh into an instance via ansible-playbook , or create a public DNS name for an instance, would be ansible-playbook appreciated.

+5
source share
3 answers

It would seem that you have a fundamental misunderstanding of how AWS instances work. When an instance is created, it has a key pair assigned to it for the user by default. (for example, for an Amazon Linux instance, the user will be an ec2 user, ubuntu images use the ubuntu user).

This key pair can be seen in the ec2 console for an instance in it. All existing key pairs can be seen in the Keyboard Pairs section of the ec2 console.

To be able to ssh into an instance that you start with the key you just created, you need to do a few things:

  • Create a key pair locally (use shell: ssh-keygen ... )
  • Create an ec2 key pair from a locally generated key pair (use ec2_key: ... )
  • Run the instance using the ec2 named key pair (use ec2: ... )
  • Call the instance just launched in the same tutorial using the key generated in step 1.

Steps 1-3 should be run as hosts: 127.0.0.1 .

Step 4 should be performed as a separate call to hosts: in the same book and not as simple as it seems. You will need to somehow specify the newly created instance in the hosts , the Ansible group_vars , using the add_hosts module and / or find its IP address in some way (possibly using instance tags).

After the instance is found, the Ansible private_key_file variable can then be used to specify the key in step 1 and ssh in the instance.

Not that this could not be done, but because of the complexity and impracticality of doing this in order to have a new key pair every time you insert an instance into an instance, I would advise this if it was not absolutely necessary. It would be better to have the right key rotation policies if this is a security issue.

+4
source

Ansible connects to instances using SSH and then uses python for the client for most of its execution. You can load the client using raw and shell to perform actions such as installing python2, and then continue with the aws modules.

However, something you need to understand about the possibilities that exist should be run on many hosts, as indicated in the inventory file, and not on one. For this reason, it is impossible to "ssh into an instance with the impossible", as this would not have a practical purpose for what it does. When setting up 100 servers, the administrator should not have SSH in them; instead, the process of creating an environment, possibly launching containers for the service, should be processed at a high level.

As already mentioned, if you intend to create an EC2 instance that can use ss'd, then you must use ec2_key and create the key BEFORE creating the instance. Then, creating the instance, you specify the SSH key through the key_name field.

Make sure that the specified security group allows incoming connections from port 22, otherwise you will not be able to communicate with it.

If you want to automate the publicDNS address report, you should look at ec2_remote_facts . This will return JSON, which can be parsed for a public DNS report.

+1
source

First use ec2_key :

 - ec2_key: name: example2 key_material: 'ssh-rsa AAAAxyz...== me@example.com ' state: present - ec2: key_name: example2 instance_type: t2.micro image: ami-123456 wait: yes group: webserver vpc_subnet_id: subnet-29e63245 assign_public_ip: yes
0
source

Source: https://habr.com/ru/post/1270944/

More articles:


All Articles