[英]EC2 Dynamic Inventory - Filtering Instances by VPC ID
I'm on Ansible 2.4.2.0 under Python 3.5.2 on Ubuntu 16.04 kernel 4.4.0. 我在Ubuntu 16.04内核4.4.0的Python 3.5.2下的Ansible 2.4.2.0上。
I have downloaded the EC2 inventory Python script and configured it using ec2.ini
like so: 我已经下载了EC2广告资源Python脚本 ,并使用
ec2.ini
对其进行了配置, ec2.ini
所示:
[ec2]
regions = all
regions_exclude = us-gov-west-1,cn-north-1
destination_variable = private_dns_name
vpc_destination_variable = private_ip_address
route53 = True
rds = False
elasticache = False
all_instances = False
all_rds_instances = False
include_rds_clusters = False
all_elasticache_replication_groups = False
all_elasticache_clusters = False
all_elasticache_nodes = False
cache_path = ~/.ansible/tmp
cache_max_age = 300
nested_groups = True
replace_dash_in_groups = True
expand_csv_tags = True
group_by_instance_id = True
group_by_region = True
group_by_availability_zone = True
group_by_aws_account = False
group_by_ami_id = True
group_by_instance_type = True
group_by_instance_state = False
group_by_key_pair = True
group_by_vpc_id = True
group_by_security_group = True
group_by_tag_keys = True
group_by_tag_none = True
group_by_route53_names = True
group_by_rds_engine = True
group_by_rds_parameter_group = True
group_by_elasticache_engine = True
group_by_elasticache_cluster = True
group_by_elasticache_parameter_group = True
group_by_elasticache_replication_group = True
instance_filters = vpc-id=vpc-deadbeef
[credentials]
My inventory directory inventory/development
contains the following: 我的清单目录
inventory/development
包含以下内容:
inventory/development/
├── ec2.ini
├── ec2.py
└── hosts
My hosts file looks like this: 我的主机文件如下所示:
[tag_atlas_project_manager]
[manager:children]
tag_atlas_project_manager
My ansible.cfg
: 我的
ansible.cfg
:
[defaults]
retry_files_enabled = false
roles_path = galaxy_roles:roles
inventory = inventory/
timeout = 120
[ssh_connection]
pipelining = True
ssh_args = -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ControlMaster=auto -o ControlPath=~/.ssh/mux-%r@%h:%p -o ControlPersist=8h
Okay, so my VPC, vpc-deadbeef
, is configured like this: 好的,我的VPC
vpc-deadbeef
的配置如下:
$ aws ec2 describe-vpcs | \
jq -r '.Vpcs[] | { Id: .VpcId, CidrBlock: .CidrBlock } | select(.CidrBlock == "10.50.0.0/16")'
{
"CidrBlock": "10.50.0.0/16",
"Id": "vpc-deadbeef"
}
When I run the inventory script, I don't get any IP addresses outside of this range: 运行清单脚本时,没有任何超出此范围的IP地址:
$ inventory/development/ec2.py --list | \
grep -ioP '10\.\d{1,3}\.\d{1,3}.\d{1,3}' | sort -u
10.50.10.10
...
However, when I run a playbook against all
, I see hosts outside of vpc-deadbeef
: 但是,当我对
all
运行一个剧本时,我看到vpc-deadbeef
之外的主机:
$ ansible -i inventory/development/ -f 30 all -m command -a true
...
10.1.30.110 | UNREACHABLE! => {
"changed": false,
"msg": "SSH Error: data could not be sent to remote host \"10.1.30.110\". Make sure this host can be reached over ssh",
"unreachable": true
}
10.1.30.250 | UNREACHABLE! => {
"changed": false,
"msg": "SSH Error: data could not be sent to remote host \"10.1.30.250\". Make sure this host can be reached over ssh",
"unreachable": true
}
What gives? 是什么赋予了? What am I doing wrong?
我究竟做错了什么?
It turns out that there was another subdirectory in inventory/development
which also had an ec2.ini
and this inventory file was merged in by Ansible during run. 事实证明,
inventory/development
中还有另一个子目录,其中也有一个ec2.ini
,这个清单文件在运行过程中被Ansible 合并 。
$ ansible -vvv -i inventory/development/ -u grindr all -m command -a 'true'
ansible 2.4.2.0
config file = ansible.cfg
configured module search path = ['/home/naftuli/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.5/dist-packages/ansible
executable location = /usr/local/bin/ansible
python version = 3.5.2 (default, Nov 23 2017, 16:37:01) [GCC 5.4.0 20160609]
Using ansible.cfg as config file
Parsed inventory/development/ec2.py inventory source with script plugin
Parsed inventory/development/hosts inventory source with ini plugin
Parsed inventory/development/preprod/ec2.py inventory source with script plugin
Parsed inventory/development/preprod/hosts inventory source with ini plugin
This is the issue, Ansible climbs down recursively, which I suppose makes sense. 这就是Ansible递归爬升的问题,我认为这是有道理的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.