Ansible Amazon EC2上。该密钥对不存在

问题描述 投票:9回答:3

我愿与Ansible的帮助下创建和提供Amazon EC2的机器。现在,我得到以下错误:

fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "Instance creation failed => InvalidKeyPair.NotFound: The key pair '~/.keys/EC2-Kibi-Enterprise-Deployment.pem' does not exist"}

但.PEM项是否存在:

$ ls -lh ~/.keys/EC2-Kibi-Enterprise-Deployment.pem 
-r-------- 1 sergey sergey 1.7K Apr  6 09:56 /home/sergey/.keys/EC2-Kibi-Enterprise-Deployment.pem

而且它是在欧盟(爱尔兰)区创建。

这里是我的剧本:

--
- name: Setup servers on Amazon EC2 machines
  hosts: localhost
  gather_facts: no

  tasks:
    - include_vars: group_vars/all/ec2_vars.yml

    ### Create Amazon EC2 instances
    - name: Amazon EC2 | Create instances
      ec2:
        count: "{{ count }}"
        key_name: "{{ key }}"
        region: "{{ region }}"
        zone: "{{ zone }}"
        group: "{{ group }}"
        instance_type: "{{ machine }}"
        image: "{{ image }}"
        wait: true
        wait_timeout: 500
        #vpc_subnet_id: "{{ subnet }}" 
        #assign_public_ip: yes
      register: ec2

    - name: Amazon EC2 | Wait for SSH to come up
      wait_for:
        host: "{{ item.public_ip }}"
        port: 22
        delay: 10
        timeout: 60
        state: started
      with_items: "{{ ec2.instances }}"

    - name: Amazon EC2 | Add hosts to the kibi_servers in-memory inventory group
      add_host: hostname={{ item.public_ip }} groupname=kibi_servers
      with_items: "{{ ec2.instances }}"
    ### END

### Provision roles
- name: Amazon EC2 | Provision new instances
  hosts: kibi_servers
  become: yes
  roles:
    - common
    - java
    - elasticsearch
    - logstash
    - nginx
    - kibi
    - supervisor
### END

而我var文件:

count: 2
region: eu-west-1
zone: eu-west-1a
group: default
image:  ami-d1ec01a6
machine: t2.medium
subnet: subnet-3a2aa952
key: ~/.keys/EC2-Kibi-Enterprise-Deployment.pem

什么是错在这里.pem文件?

amazon-ec2 ansible ansible-playbook
3个回答
14
投票

对于keyec2 module参数寻找那已被上传到AWS,不是本地密钥的密钥对名称。

如果你想获得Ansible上传您可以使用ec2_key module公钥。

所以,你的剧本是这样的:

--
- name: Setup servers on Amazon EC2 machines
  hosts: localhost
  gather_facts: no

  tasks:
    - include_vars: group_vars/all/ec2_vars.yml

    ### Create Amazon EC2 key pair
    - name: Amazon EC2 | Create Key Pair
      ec2_key:
        name: "{{ key_name }}"
        region: "{{ region }}"
        key_material: "{{ item }}"
      with_file: /path/to/public_key.id_rsa.pub

    ### Create Amazon EC2 instances
    - name: Amazon EC2 | Create instances
      ec2:
        count: "{{ count }}"
        key_name: "{{ key_name }}"
        ...
2
投票

该解决方案已被发现。当你把一个完整路径的.pem密钥文件EC2不喜欢。

所以,我搬到EC2-Kibi-Enterprise-Deployment.pem~/.ssh,把它添加到使用ssh-add认证代理:

ssh-add ~/.ssh/EC2-Kibi-Enterprise-Deployment.pem

并纠正了重点线,我var文件到 key: EC2-Kibi-Enterprise-Deployment.pem

同样的,如果你使用EC2 CLI工具,不指定完整路径的密钥文件。 ec2-run-instances ami-d1ec01a6 -t t2.medium --region eu-west-1 --key EC2-Kibi-Enterprise-Deployment.pem

1
投票

不要指定扩展的关键。这样关键的名称应该是“EC2-吉备-企业部署”而已。 Ansible不关心,如果你的关键是你的本地计算机上,在这个阶段。它验证,如果它存在于您的AWS账户。转到“EC2>密钥对”一节中您的AWS帐号,你会看到键没有文件扩展名上市。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.