Reputation: 31
Ansible + AWS EC2 Plugin + username + ssh key on the dynamic inventory file
I'm using the aws_ec2 plugin to get my inventory on AWS but I need some help.
I want to set the 'ansible_user' and 'ansible_ssh_private_key_file' on the dynamic inventory file but I cant get it work. ¿Is this possible? So I don't need to set the '--private-key' and '-u' options on the command line.
This is my current aws_ec2.yaml:
---
plugin: aws_ec2
aws_access_key: 123
aws_secret_key: 345
filters:
tag:Cliente: CustName
instance-state-name : running
Any Idea?
Thanks!
Upvotes: 3
Views: 1906
Answers (1)
Reputation: 2540
You can create and load dynamic variables for each Ansible host group. You need to create appropriate files on your inventory directory. For example: Say you have configured your ansible.cfg file with the inventory key pointing to the relative path ./inventory. This tells Ansible that it should look inside a file called ./inventory or a series of files inside the ./inventory folder for the host group's information.
You tell Ansible to load different variables for each group just by following the appropriate convention for the folder structure:
./inventory/group_vars: will hold group variables../inventory/host_vars: will hold host variables.
Ansible will use the file's name inside each of these folders to reference the appropriate group or host. You can also use sub-directories with the group's name if you want to use multiple files to hold all the variables.
It's important that your
aws_ec2.ymlfile be located inside the./inventorydirectory.
For example: if you wanted to store the appropriate user and key configuration to access EC2 instances tagged with the Project tag set to stackoverflow, you would need to create a directory at ./inventory/group_vars/tag_Project_stackoverflow with a variables file like the following:
ansible_user: ec2-user
ansible_ssh_private_key_file: ~/.ssh/id_rsa
The EC2 dynamic inventory module can create dynamic groups from the configuration of your EC2 instances. Check its documentation to see how to configure it.
You can even create these files dynamically using tasks. Here I create a new ec2 key, store it locally, and create the necessary folder structure to hold the connection information:
- name: Create a new EC2 key
amazon.aws.ec2_key:
name: "{{ ec2_key_name }}"
register: ec2_key_output
- name: Save private key
ansible.builtin.copy:
content: "{{ ec2_key_output.key.private_key }}"
dest: "{{ ec2_key_path }}"
mode: 0600
when: ec2_key_output.changed == True
- name: Create the group_vars folder
ansible.builtin.file:
path: ./inventory/group_vars
state: directory
mode: '0755'
- name: Create the group_vars configuration file
ansible.builtin.copy:
content: |
ansible_user: "{{ ec2_user }}"
ansible_ssh_private_key_file: "{{ ec2_key_path }}"
dest: ./inventory/group_vars/tag_Project_stackoverflow
Please check out Ansible's documentation regarding inventory management for more information.
Upvotes: 2
Related Questions
- Ansible aws_ec2 inventory plugin issue
- How to Set UserNames in Ansible Dynamic Inventory EC2
- Using multiple SSH keys for different hosts with Ansible EC2 Inventory Plugin
- Configuring multiple AWS Accounts for Ansible ec2 dynamic inventory
- How to run a role in EC2 instance using dynamic inventory in ansible?
- Using Ansible with AWS dynamic inventory (ec2.py)
- Ansible AWS dynamic inventory connection not working
- Ansible dynamic inventory: Authentication error retrieving ec2 inventory
- Using ec2.py for dynamic inventory
- Ansible and AWS EC2 inventory