2
votes

I wrote a quick ansible playbook to launch a simple ec2 instance but I think I have an issue on how I want to authenticate.

What I don't want to do is set my aws access/secret keys as env variables since they expire each hour and I need to regenerate the ~/.aws/credentials file via a script.

Right now, my ansible playbook looks like this:

--- # Launch ec2
- name: Create ec2 instance
  hosts: local
  connection: local
  gather_facts: false
  vars:
    profile: profile_xxxx
    key_pair: usrxxx
    region: us-east-1
    subnet: subnet-38xxxxx
    security_groups: ['sg-e54xxxx', 'sg-bfcxxxx', 'sg-a9dxxx']
    image: ami-031xxx
    instance_type: t2.small
    num_instances: 1
    tag_name: ansibletest
    hdd_volumes:
    - device_name: /dev/sdf
      volume_size: 50
      delete_on_termination: true
    - device_name: /dev/sdh
      volume_size: 50
      delete_on_termination: true
  tasks:
    - name: launch ec2
      ec2:
        count: 1
        key_name: "{{ key_pair }}"
        profile: "{{ profile }}"
        group_id: "{{ security_groups }}"
        instance_type: "{{ instance_type }}"
        image: "{{ image }}"
        region: "{{ region }}"
        vpc_subnet_id: "{{ subnet }}"
        assign_public_ip: false
        volumes: "{{ hdd_volumes }}"
        instance_tags:
          Name: "{{ tag_name }}"
          ASV: "{{ tag_asv }}"
          CMDBEnvironment: "{{ tag_cmdbEnv }}"
          EID: "{{ tag_eid }}"
          OwnerContact: "{{ tag_eid }}"
      register: ec2
    - name: print ec2 vars
      debug: var=ec

my hosts file is this:

[local]
localhost ansible_python_interpreter=/usr/local/bin/python2.7

I run my playbook like this:

ansible-playbook -i hosts launchec2.yml -vvv

and then get this back:

PLAYBOOK: launchec2.yml ********************************************************
1 plays in launchec2.yml

PLAY [Create ec2 instance] *****************************************************

TASK [launch ec2] **************************************************************
task path: /Users/usrxxx/Desktop/cloud-jumper/Ansible/launchec2.yml:27
Using module file /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/ansible/modules/core/cloud/amazon/ec2.py
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: usrxxx
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730 `" && echo ansible-tmp-1485527483.82-106272618422730="` echo ~/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730 `" ) && sleep 0'
<localhost> PUT /var/folders/cx/_fdv7nkn6dz21798p_bn9dp9ln9sqc/T/tmpnk2rh5 TO /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/ec2.py
<localhost> PUT /var/folders/cx/_fdv7nkn6dz21798p_bn9dp9ln9sqc/T/tmpEpwenH TO /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/args
<localhost> EXEC /bin/sh -c 'chmod u+x /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/ /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/ec2.py /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/args && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/bin/env python /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/ec2.py /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/args; rm -rf "/Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/" > /dev/null 2>&1 && sleep 0'
fatal: [localhost]: FAILED! => {
    "changed": false, 
    "failed": true, 
    "invocation": {
        "module_name": "ec2"
    }, 
    "module_stderr": "usage: ec2.py [-h] [--list] [--host HOST] [--refresh-cache]\n              [--profile BOTO_PROFILE]\nec2.py: error: unrecognized arguments: /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/args\n", 
    "module_stdout": "", 
    "msg": "MODULE FAILURE"
}
    to retry, use: --limit @/Users/usrxxx/Desktop/cloud-jumper/Ansible/launchec2.retry

PLAY RECAP *********************************************************************
localhost                  : ok=0    changed=0    unreachable=0    failed=1 

I noticed in the ec2.py file it says this:

NOTE: This script assumes Ansible is being executed where the environment
variables needed for Boto have already been set:
    export AWS_ACCESS_KEY_ID='AK123'
    export AWS_SECRET_ACCESS_KEY='abc123'

This script also assumes there is an ec2.ini file alongside it.  To specify a
different path to ec2.ini, define the EC2_INI_PATH environment variable:

    export EC2_INI_PATH=/path/to/my_ec2.ini

If you're using eucalyptus you need to set the above variables and
you need to define:

    export EC2_URL=http://hostname_of_your_cc:port/services/Eucalyptus

If you're using boto profiles (requires boto>=2.24.0) you can choose a profile
using the --boto-profile command line argument (e.g. ec2.py --boto-profile prod) or using
the AWS_PROFILE variable:

    AWS_PROFILE=prod ansible-playbook -i ec2.py myplaybook.yml

so I ran it like this:

AWS_PROFILE=profile_xxxx ansible-playbook -i hosts launchec2.yml -vvv

but still got the same results...

----EDIT-----

I also ran it like this:

export ANSIBLE_HOST_KEY_CHECKING=false
export AWS_ACCESS_KEY=<your aws access key here>
export AWS_SECRET_KEY=<your aws secret key here>

ansible-playbook -i hosts launchec2.yml

but still got this back...still seems to be a credentials issue?

usrxxx$ ansible-playbook -i hosts launchec2.yml 

PLAY [Create ec2 instance] *****************************************************

TASK [launch ec2] **************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "module_stderr": "usage: ec2.py [-h] [--list] [--host HOST] [--refresh-cache]\n              [--profile BOTO_PROFILE]\nec2.py: error: unrecognized arguments: /Users/usrxxx/.ansible/tmp/ansible-tmp-1485531356.01-33528208838066/args\n", "module_stdout": "", "msg": "MODULE FAILURE"}
    to retry, use: --limit @/Users/usrxxx/Desktop/cloud-jumper/Ansible/launchec2.retry

PLAY RECAP *********************************************************************
localhost                  : ok=0    changed=0    unreachable=0    failed=1   

---EDIT 2------

Completely removed ansible and then installed with homebrew but got the same error....so I think went to the directory that its looking for ec2.py (Using module file /usr/local/Cellar/ansible/2.2.1.0/libexec/lib/python2.7/site-packages/ansible/modules/core/cloud/amazon/ec2.py) and replaced that ec2.py with this one...https://raw.githubusercontent.com/ansible/ansible/devel/contrib/inventory/ec2.py....but now get this error:

Using /Users/usrxxx/ansible/ansible.cfg as config file

PLAYBOOK: launchec2.yml ********************************************************
1 plays in launchec2.yml

PLAY [Create ec2 instance] *****************************************************

TASK [aws : launch ec2] ********************************************************
task path: /Users/usrxxx/Desktop/cloud-jumper/Ansible/roles/aws/tasks/main.yml:1
Using module file /usr/local/Cellar/ansible/2.2.1.0/libexec/lib/python2.7/site-packages/ansible/modules/core/cloud/amazon/ec2.py
fatal: [localhost]: FAILED! => {
    "failed": true, 
    "msg": "module (ec2) is missing interpreter line"
}
1

1 Answers

0
votes

Seems you have placed ec2.py inventory script into your /path/to/playbook/library/ folder.
You should not put dynamic inventory scripts there – this way Ansible runs inventory script instead of ec2 module.

Remove ec2.py from your project's library folder (or Ansible global library defined in ansible.cfg) and try again.