Re: [ansible-project] Re: ec2.py and the incredibly no good bad corporate overlords policies.
Ok that fixed that issue! Thank you very much. However for some reason the first time I run ( or run again after a short period of time) the ping module against all hosts it fails on the first 2 hosts always fails with the same error. If i run it a second time right after it works just fine. Here is the error: "msg": "failed to transfer file to /home/ec2-user/.ansible/tmp/ansible-tmp-1467127255.64-133176804889810/ping:\nsftp> put /tmp/tmpCl5Pww /home/ec2-user/.ansible/tmp/ansible-tmp-1467127255.64-133176804889810/ping\n\nOpenSSH_7.2p2 Ubuntu-4ubuntu1, OpenSSL 1.0.2g-fips 1 Mar 2016\r\ndebug1: Reading configuration data /home//.ssh/config\r\ndebug1: /home//.ssh/config line 1: Applying options for *\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 6845\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 4\r\ndebug2: Remote version: 3\r\ndebug2: Server supports extension \"posix-ren...@openssh.com\" revision 1\r\ndebug2: Server supports extension \"stat...@openssh.com\" revision 2\r\ndebug2: Server supports extension \"fstat...@openssh.com\" revision 2\r\ndebug2: Server supports extension \"hardl...@openssh.com\" revision 1\r\ndebug2: Server supports extension \"fs...@openssh.com\" revision 1\r\ndebug3: Sent message fd 5 T:16 I:1\r\ndebug3: SSH_FXP_REALPATH . -> /home/ec2-user size 0\r\ndebug3: Looking up /tmp/tmpCl5Pww\r\ndebug3: Sent message fd 5 T:17 I:2\r\ndebug3: Received stat reply T:101 I:2\r\ndebug1: Couldn't stat remote file: No such file or directory\r\ndebug3: Sent message SSH2_FXP_OPEN I:3 P:/home/ec2-user/.ansible/tmp/ansible-tmp-1467127255.64-133176804889810/ping\r\nremote open(\"/home/ec2-user/.ansible/tmp/ansible-tmp-1467127255.64-133176804889810/ping\"): No such file or directory\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n" On Tue, Jun 28, 2016 at 3:17 AM Alexey Vazhnov wrote: > Check «DNS Hostnames=Yes» in your VPC settings (not in Ansible). > > > On Friday, June 24, 2016 at 10:35:19 PM UTC+5, Joe Garcia wrote: >> >> Hey All, >> >> Our corporate overlords have deemed it prudent to not allow IP addresses >> to go out through our proxy. So we cannot ssh to an IP address and have to >> use the FQDN. The ec2.py script does not return the DNS record of the >> public IP of the server. It is always returning the public IP address even >> though I have set the following in ec2.ini: >> >> destination_variable = public_dns_name >> vpc_destination_variable = public_dns_name >> >> Anybody know why? >> >> Below is the full ec2.ini file. >> >> Thanks, >> >> Joe >> >> # Ansible EC2 external inventory script settings >> # >> >> [ec2] >> >> # to talk to a private eucalyptus instance uncomment these lines >> # and edit edit eucalyptus_host to be the host name of your cloud >> controller >> #eucalyptus = True >> #eucalyptus_host = clc.cloud.domain.org >> >> # AWS regions to make calls to. Set this to 'all' to make request to all >> regions >> # in AWS and merge the results together. Alternatively, set this to a >> comma >> # separated list of regions. E.g. 'us-east-1,us-west-1,us-west-2' >> regions = all >> regions_exclude = us-gov-west-1,cn-north-1,us-east-1 >> >> # When generating inventory, Ansible needs to know how to address a >> server. >> # Each EC2 instance has a lot of variables associated with it. Here is >> the list: >> # >> http://docs.pythonboto.org/en/latest/ref/ec2.html#module-boto.ec2.instance >> # Below are 2 variables that are used as the address of a server: >> # - destination_variable >> # - vpc_destination_variable >> >> # This is the normal destination variable to use. If you are running >> Ansible >> # from outside EC2, then 'public_dns_name' makes the most sense. If you >> are >> # running Ansible from within EC2, then perhaps you want to use the >> internal >> # address, and should set this to 'private_dns_name'. The key of an EC2 >> tag >> # may optionally be used; however the boto instance variables hold >> precedence >> # in the event of a collision. >> destination_variable = public_dns_name >> >> # This allows you to override the inventory_name with an ec2 variable, >> instead >> # of using the destination_variable above. Addressing (aka >> ansible_ssh_host) >> # will still use destination_variable. Tags should be written as >> 'tag_TAGNAME'. >> #hostname_variable = tag_Name >> >> # For server inside a VPC, using DNS names may not make sense. When an >> instance >> # has 'subnet_id' set, this variable is used. If t
[ansible-project] Re: ec2.py and the incredibly no good bad corporate overlords policies.
Check «DNS Hostnames=Yes» in your VPC settings (not in Ansible).
On Friday, June 24, 2016 at 10:35:19 PM UTC+5, Joe Garcia wrote:
>
> Hey All,
>
> Our corporate overlords have deemed it prudent to not allow IP addresses
> to go out through our proxy. So we cannot ssh to an IP address and have to
> use the FQDN. The ec2.py script does not return the DNS record of the
> public IP of the server. It is always returning the public IP address even
> though I have set the following in ec2.ini:
>
> destination_variable = public_dns_name
> vpc_destination_variable = public_dns_name
>
> Anybody know why?
>
> Below is the full ec2.ini file.
>
> Thanks,
>
> Joe
>
> # Ansible EC2 external inventory script settings
> #
>
> [ec2]
>
> # to talk to a private eucalyptus instance uncomment these lines
> # and edit edit eucalyptus_host to be the host name of your cloud
> controller
> #eucalyptus = True
> #eucalyptus_host = clc.cloud.domain.org
>
> # AWS regions to make calls to. Set this to 'all' to make request to all
> regions
> # in AWS and merge the results together. Alternatively, set this to a comma
> # separated list of regions. E.g. 'us-east-1,us-west-1,us-west-2'
> regions = all
> regions_exclude = us-gov-west-1,cn-north-1,us-east-1
>
> # When generating inventory, Ansible needs to know how to address a server.
> # Each EC2 instance has a lot of variables associated with it. Here is the
> list:
> #
> http://docs.pythonboto.org/en/latest/ref/ec2.html#module-boto.ec2.instance
> # Below are 2 variables that are used as the address of a server:
> # - destination_variable
> # - vpc_destination_variable
>
> # This is the normal destination variable to use. If you are running
> Ansible
> # from outside EC2, then 'public_dns_name' makes the most sense. If you are
> # running Ansible from within EC2, then perhaps you want to use the
> internal
> # address, and should set this to 'private_dns_name'. The key of an EC2 tag
> # may optionally be used; however the boto instance variables hold
> precedence
> # in the event of a collision.
> destination_variable = public_dns_name
>
> # This allows you to override the inventory_name with an ec2 variable,
> instead
> # of using the destination_variable above. Addressing (aka
> ansible_ssh_host)
> # will still use destination_variable. Tags should be written as
> 'tag_TAGNAME'.
> #hostname_variable = tag_Name
>
> # For server inside a VPC, using DNS names may not make sense. When an
> instance
> # has 'subnet_id' set, this variable is used. If the subnet is public,
> setting
> # this to 'ip_address' will return the public IP address. For instances in
> a
> # private subnet, this should be set to 'private_ip_address', and Ansible
> must
> # be run from within EC2. The key of an EC2 tag may optionally be used;
> however
> # the boto instance variables hold precedence in the event of a collision.
> # WARNING: - instances that are in the private vpc, _without_ public ip
> address
> # will not be listed in the inventory until You set:
> # vpc_destination_variable = private_ip_address
> #vpc_destination_variable = ip_address
> vpc_destination_variable = public_dns_name
>
> # The following two settings allow flexible ansible host naming based on a
> # python format string and a comma-separated list of ec2 tags. Note that:
> #
> # 1) If the tags referenced are not present for some instances, empty
> strings
> #will be substituted in the format string.
> # 2) This overrides both destination_variable and vpc_destination_variable.
> #
> #destination_format = {0}.{1}.example.com
> #destination_format_tags = Name,environment
>
> # To tag instances on EC2 with the resource records that point to them from
> # Route53, uncomment and set 'route53' to True.
> route53 = False
>
> # To exclude RDS instances from the inventory, uncomment and set to False.
> #rds = False
>
> # To exclude ElastiCache instances from the inventory, uncomment and set
> to False.
> #elasticache = False
>
> # Additionally, you can specify the list of zones to exclude looking up in
> # 'route53_excluded_zones' as a comma-separated list.
> # route53_excluded_zones = samplezone1.com, samplezone2.com
>
> # By default, only EC2 instances in the 'running' state are returned. Set
> # 'all_instances' to True to return all instances regardless of state.
> all_instances = False
>
> # By default, only EC2 instances in the 'running' state are returned.
> Specify
> # EC2 instance states to return as a comma-separated list. This
> # option is overriden when 'all_instances' is True.
> # instance_states = pending, running, shutting-down, terminated, stopping,
> stopped
>
> # By default, only RDS instances in the 'available' state are returned.
> Set
> # 'all_rds_instances' to True return all RDS instances regardless of state.
> all_rds_instances = False
>
> # By default, only ElastiCache clusters and nodes in the 'available' state
> # are returned. Set 'all_elasticache_clusters' and/or 'all_elastic_nodes'
