Re: [ansible-project] Re: ec2.py and the incredibly no good bad corporate overlords policies.
Ok that fixed that issue! Thank you very much. However for some reason the first time I run ( or run again after a short period of time) the ping module against all hosts it fails on the first 2 hosts always fails with the same error. If i run it a second time right after it works just fine. Here is the error: "msg": "failed to transfer file to /home/ec2-user/.ansible/tmp/ansible-tmp-1467127255.64-133176804889810/ping:\nsftp> put /tmp/tmpCl5Pww /home/ec2-user/.ansible/tmp/ansible-tmp-1467127255.64-133176804889810/ping\n\nOpenSSH_7.2p2 Ubuntu-4ubuntu1, OpenSSL 1.0.2g-fips 1 Mar 2016\r\ndebug1: Reading configuration data /home//.ssh/config\r\ndebug1: /home//.ssh/config line 1: Applying options for *\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 6845\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 4\r\ndebug2: Remote version: 3\r\ndebug2: Server supports extension \"posix-ren...@openssh.com\" revision 1\r\ndebug2: Server supports extension \"stat...@openssh.com\" revision 2\r\ndebug2: Server supports extension \"fstat...@openssh.com\" revision 2\r\ndebug2: Server supports extension \"hardl...@openssh.com\" revision 1\r\ndebug2: Server supports extension \"fs...@openssh.com\" revision 1\r\ndebug3: Sent message fd 5 T:16 I:1\r\ndebug3: SSH_FXP_REALPATH . -> /home/ec2-user size 0\r\ndebug3: Looking up /tmp/tmpCl5Pww\r\ndebug3: Sent message fd 5 T:17 I:2\r\ndebug3: Received stat reply T:101 I:2\r\ndebug1: Couldn't stat remote file: No such file or directory\r\ndebug3: Sent message SSH2_FXP_OPEN I:3 P:/home/ec2-user/.ansible/tmp/ansible-tmp-1467127255.64-133176804889810/ping\r\nremote open(\"/home/ec2-user/.ansible/tmp/ansible-tmp-1467127255.64-133176804889810/ping\"): No such file or directory\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n" On Tue, Jun 28, 2016 at 3:17 AM Alexey Vazhnov wrote: > Check «DNS Hostnames=Yes» in your VPC settings (not in Ansible). > > > On Friday, June 24, 2016 at 10:35:19 PM UTC+5, Joe Garcia wrote: >> >> Hey All, >> >> Our corporate overlords have deemed it prudent to not allow IP addresses >> to go out through our proxy. So we cannot ssh to an IP address and have to >> use the FQDN. The ec2.py script does not return the DNS record of the >> public IP of the server. It is always returning the public IP address even >> though I have set the following in ec2.ini: >> >> destination_variable = public_dns_name >> vpc_destination_variable = public_dns_name >> >> Anybody know why? >> >> Below is the full ec2.ini file. >> >> Thanks, >> >> Joe >> >> # Ansible EC2 external inventory script settings >> # >> >> [ec2] >> >> # to talk to a private eucalyptus instance uncomment these lines >> # and edit edit eucalyptus_host to be the host name of your cloud >> controller >> #eucalyptus = True >> #eucalyptus_host = clc.cloud.domain.org >> >> # AWS regions to make calls to. Set this to 'all' to make request to all >> regions >> # in AWS and merge the results together. Alternatively, set this to a >> comma >> # separated list of regions. E.g. 'us-east-1,us-west-1,us-west-2' >> regions = all >> regions_exclude = us-gov-west-1,cn-north-1,us-east-1 >> >> # When generating inventory, Ansible needs to know how to address a >> server. >> # Each EC2 instance has a lot of variables associated with it. Here is >> the list: >> # >> http://docs.pythonboto.org/en/latest/ref/ec2.html#module-boto.ec2.instance >> # Below are 2 variables that are used as the address of a server: >> # - destination_variable >> # - vpc_destination_variable >> >> # This is the normal destination variable to use. If you are running >> Ansible >> # from outside EC2, then 'public_dns_name' makes the most sense. If you >> are >> # running Ansible from within EC2, then perhaps you want to use the >> internal >> # address, and should set this to 'private_dns_name'. The key of an EC2 >> tag >> # may optionally be used; however the boto instance variables hold >> precedence >> # in the event of a collision. >> destination_variable = public_dns_name >> >> # This allows you to override the inventory_name with an ec2 variable, >> instead >> # of using the destination_variable above. Addressing (aka >> ansible_ssh_host) >> # will still use destination_variable. Tags should be written as >> 'tag_TAGNAME'. >> #hostname_variable = tag_Name >> >> # For server inside a VPC, using DNS names may not make sense. When an >> instance >> # has 'subnet_id' set, this variable is used. If t
[ansible-project] Re: ec2.py and the incredibly no good bad corporate overlords policies.
Check «DNS Hostnames=Yes» in your VPC settings (not in Ansible). On Friday, June 24, 2016 at 10:35:19 PM UTC+5, Joe Garcia wrote: > > Hey All, > > Our corporate overlords have deemed it prudent to not allow IP addresses > to go out through our proxy. So we cannot ssh to an IP address and have to > use the FQDN. The ec2.py script does not return the DNS record of the > public IP of the server. It is always returning the public IP address even > though I have set the following in ec2.ini: > > destination_variable = public_dns_name > vpc_destination_variable = public_dns_name > > Anybody know why? > > Below is the full ec2.ini file. > > Thanks, > > Joe > > # Ansible EC2 external inventory script settings > # > > [ec2] > > # to talk to a private eucalyptus instance uncomment these lines > # and edit edit eucalyptus_host to be the host name of your cloud > controller > #eucalyptus = True > #eucalyptus_host = clc.cloud.domain.org > > # AWS regions to make calls to. Set this to 'all' to make request to all > regions > # in AWS and merge the results together. Alternatively, set this to a comma > # separated list of regions. E.g. 'us-east-1,us-west-1,us-west-2' > regions = all > regions_exclude = us-gov-west-1,cn-north-1,us-east-1 > > # When generating inventory, Ansible needs to know how to address a server. > # Each EC2 instance has a lot of variables associated with it. Here is the > list: > # > http://docs.pythonboto.org/en/latest/ref/ec2.html#module-boto.ec2.instance > # Below are 2 variables that are used as the address of a server: > # - destination_variable > # - vpc_destination_variable > > # This is the normal destination variable to use. If you are running > Ansible > # from outside EC2, then 'public_dns_name' makes the most sense. If you are > # running Ansible from within EC2, then perhaps you want to use the > internal > # address, and should set this to 'private_dns_name'. The key of an EC2 tag > # may optionally be used; however the boto instance variables hold > precedence > # in the event of a collision. > destination_variable = public_dns_name > > # This allows you to override the inventory_name with an ec2 variable, > instead > # of using the destination_variable above. Addressing (aka > ansible_ssh_host) > # will still use destination_variable. Tags should be written as > 'tag_TAGNAME'. > #hostname_variable = tag_Name > > # For server inside a VPC, using DNS names may not make sense. When an > instance > # has 'subnet_id' set, this variable is used. If the subnet is public, > setting > # this to 'ip_address' will return the public IP address. For instances in > a > # private subnet, this should be set to 'private_ip_address', and Ansible > must > # be run from within EC2. The key of an EC2 tag may optionally be used; > however > # the boto instance variables hold precedence in the event of a collision. > # WARNING: - instances that are in the private vpc, _without_ public ip > address > # will not be listed in the inventory until You set: > # vpc_destination_variable = private_ip_address > #vpc_destination_variable = ip_address > vpc_destination_variable = public_dns_name > > # The following two settings allow flexible ansible host naming based on a > # python format string and a comma-separated list of ec2 tags. Note that: > # > # 1) If the tags referenced are not present for some instances, empty > strings > #will be substituted in the format string. > # 2) This overrides both destination_variable and vpc_destination_variable. > # > #destination_format = {0}.{1}.example.com > #destination_format_tags = Name,environment > > # To tag instances on EC2 with the resource records that point to them from > # Route53, uncomment and set 'route53' to True. > route53 = False > > # To exclude RDS instances from the inventory, uncomment and set to False. > #rds = False > > # To exclude ElastiCache instances from the inventory, uncomment and set > to False. > #elasticache = False > > # Additionally, you can specify the list of zones to exclude looking up in > # 'route53_excluded_zones' as a comma-separated list. > # route53_excluded_zones = samplezone1.com, samplezone2.com > > # By default, only EC2 instances in the 'running' state are returned. Set > # 'all_instances' to True to return all instances regardless of state. > all_instances = False > > # By default, only EC2 instances in the 'running' state are returned. > Specify > # EC2 instance states to return as a comma-separated list. This > # option is overriden when 'all_instances' is True. > # instance_states = pending, running, shutting-down, terminated, stopping, > stopped > > # By default, only RDS instances in the 'available' state are returned. > Set > # 'all_rds_instances' to True return all RDS instances regardless of state. > all_rds_instances = False > > # By default, only ElastiCache clusters and nodes in the 'available' state > # are returned. Set 'all_elasticache_clusters' and/or 'all_elastic_nodes'