在Rackspace上为Ansible设置SSH主机IP地址
[英]Set SSH Host IP Address on Rackspace for Ansible
问题描述
The Question 
问题
When using the rax module to spin up servers and get inventory, how do I tell Ansible to connect to the IP address on an isolated network rather than the server's public IP? 当使用rax模块启动服务器并获取库存时,如何告诉Ansible连接到隔离网络上的IP地址而不是服务器的公共IP?
Note: Ansible is being run from a server on the same isolated network. 注意:Ansible正在同一个隔离网络上的服务器上运行。
The Problem 问题
I spin up a server in the Rackspace Cloud using Ansible with the rax module, and I add it to an isolated/private network. 我使用Ansible和rax模块在Rackspace Cloud中启动服务器,然后将其添加到隔离/专用网络。 I then add it to inventory and begin configuring it. 然后我将其添加到库存并开始配置它。 The first thing I do is lock down SSH, in part by telling it to bind only to the IP address given to the host on the isolated network. 我做的第一件事是锁定SSH,部分是告诉它只绑定到隔离网络上给主机的IP地址。 The catch is, that means ansible can't connect over the public IP address, so I also set ansible_ssh_host to the private IP. 问题是,这意味着ansible无法通过公共IP地址连接,因此我还将ansible_ssh_host设置为私有IP。 (This happens when I add the host to inventory.) (当我将主机添加到库存时会发生这种情况。)
- name: Add servers to group
local_action:
module: add_host
hostname: "{{ item.name }}"
ansible_ssh_host: "{{ item.rax.addresses.my_network_name[0].addr }}"
groups: launched
with_items: rax_response.success
when: rax_response.action = 'create'
This works just fine on that first run of creating and configuring new instances. 这在第一次创建和配置新实例时运行良好。 Unfortunately, the next time I try to connect to these servers, the connection is refused because Ansible is trying at an IP address on which SSH isn't listening. 不幸的是,下次我尝试连接到这些服务器时,连接被拒绝,因为Ansible正在尝试SSH没有监听的IP地址。 This happens because: 这是因为:
- Ansible tries to connect to
ansible_ssh_host...Ansible尝试连接到ansible_ssh_host... - But the
rax.pyinventory script has setansible_ssh_hostto theaccessIPv4returned by Rackspace...但rax.py库存脚本已将ansible_ssh_host设置为Rackspace返回的accessIPv4... - And Rackspace has set
accessIPv4to the public IP address of the server.Rackspace已将accessIPv4设置为服务器的公共IP地址。
Now, I'm not sure what to do about this. 现在,我不知道该怎么做。 Rackspace does allow an API call to update a server and set its accessIPv4 , so I thought I could run another local_action after creating the server to do that. Rackspace确实允许API调用更新服务器并设置其accessIPv4 ,所以我认为在创建服务器之后我可以运行另一个local_action 。 Unfortunately, the rax module doesn't appear to allow updating a server, and even if it did it depends on pyrax which in turn depends on novaclient , and novaclient only allows updating the name of the server , not accessIPv4 . 不幸的是, RAX模块不会出现允许更新服务器,即使它没有这取决于pyrax而这又取决于novaclient ,并novaclient只允许更新服务器的名称 ,而不是accessIPv4 。
Surely someone has done this before. 当然有人之前做过这件事。 What is the right way to tell Ansible to connect on the isolated network when getting dynamic inventory via the rax module? 在通过rax模块获取动态库存时,告诉Ansible在隔离网络上连接的正确方法是什么?
4 个解决方案
解决方案1
2 已采纳 2014-07-23 18:19:24
You can manually edit the rax.py file and change line 125 and line 163 from: 您可以手动编辑rax.py文件,并从以下位置更改第125 行和第163行 :
hostvars['ansible_ssh_host'] = server.accessIPv4
to: 至:
hostvars['ansible_ssh_host'] = server.addresses['private'][0]['addr']
This should make the value of ansible_ssh_host the private IP. 这应该使ansible_ssh_host的值成为私有IP。
解决方案2
2 2014-07-24 01:36:35
My first thought on this is to treat it like you have a tunnel you need to set up. 我对此的第一个想法就是像对待你需要设置的隧道一样对待它。
When you use the rax module, it creates a group called "raxhosts" . 当您使用rax模块时,它会创建一个名为“raxhosts”的组 。 By default, these are accessed using that public ipv4 address. 默认情况下,使用该公共ipv4地址访问这些。
You could create another group using that group (via add_host ), but specify the IP you want to actually access it through. 您可以使用该组创建另一个组(通过add_host ),但指定要实际访问它的IP。
- name: Redirect to raxprivhosts
local_action:
module: add_host
hostname: "{{ item.name }}"
ansible_ssh_host: "{{ item.rax_addresses['private'][0]['addr'] }}"
ansible_ssh_pass: "{{ item.rax_adminpass }}"
groupname: raxprivhosts
with_items: raxhosts
Then apply playbooks against those groups as your follow on actions. 然后将剧本作为您的后续行动应用于这些群组。
Let me know how this works out for you, I'm just throwing it out as an alternate to changing your rax.py manually. 让我知道这对你有什么影响,我只是把它作为替代方法手动更改你的rax.py。
解决方案3
0 2016-02-08 13:46:39
You can set an environment variable in /etc/tower/settings.py to use the private network. 您可以在/etc/tower/settings.py中设置环境变量以使用专用网络。 It would either be 它可能是
AWX_TASK_ENV['RAX_ACCESS_NETWORK'] = 'YOURNETWORK'
or 要么
AWX_TASK_ENV['RAX_ACCESS_NETWORK'] = 'private'
You would then restart services afterwards with ansible-tower-service restart You then need to refresh the inventory which you can do through the Tower interface. 然后,您将通过ansible-tower-service restart重新启动服务然后您需要刷新可以通过Tower界面执行的清单。 You'll now see that the host IP is set to the network you specified in the variable. 您现在将看到主机IP设置为您在变量中指定的网络。
解决方案4
0 2016-11-18 14:13:08
In the latest version of ansible you need to change: 在最新版本的ansible中,您需要更改:
hostvars['ansible_ssh_host'] = server.accessIPv4
to: 至:
hostvars['ansible_ssh_host'] = server.addresses['private'][0]['addr']
AND 和
hostvars[server.name]['ansible_ssh_host'] = server.accessIPv4
to: 至:
hostvars[server.name]['ansible_ssh_host'] = server.addresses['private'][0]['addr']
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.