christiangda.awscli_configure
Ansible角色:christiangda.awscli
此角色创建配置AWS命令行界面(awscli)所需的文件。
此角色非常基础,它的唯一功能是将yaml格式中定义的变量转化为.aws/config和.aws/credentials文件的内容,并保存为.ini文件格式,放置在你希望的地方。
安装此角色的最佳方式是使用命令ansible-galaxy install christiangda.awscli_configure,Ansible Galaxy仓库地址是christiangda.awscli_configure
仓库代码在https://github.com/christiangda/ansible-role-awscli-configure
请查看示例以了解其用法。
需求
此角色适用于RedHat、CentOS、Debian和Ubuntu发行版。
- RedHat
- 6 (*)
- 7
- 8
- CentOS
- 6 (*)
- 7
- 8
- Ubuntu
- 14.* (*)
- 16.* (*)
- 18.*
- 19.*
- Debian
- jessie (8) (*)
- stretch (9)
- buster (10)
- sid (不稳定版本)
(*) 这些版本未经测试,可能会遇到问题。
要查看Python与Ansible的兼容性矩阵,请查看项目Travis-CI构建矩阵
角色变量
| 变量 | 默认值 |
|---|---|
| awscliconf_path | "~/." |
| awscliconf_recursive_path_creation | false |
| awscliconf_files_owner | "root" |
| awscliconf_files_group | "root" |
| awscliconf_files | "" --> 空 |
更多详情: 请查看文件defaults/main.yaml
依赖关系
此角色没有依赖关系,但重要的是你要先安装AWS命令行界面(awscli),以确保其有效。我提供的角色christiangda.awscli可以帮助你安装AWS命令行界面(awscli)。
示例剧本
RedHat/CentOS、Ubuntu和Debian
如果你已经安装了AWS命令行界面(awscli)
- hosts: redhat-8
gather_facts: True
roles:
- role: christiangda.awscli_configure
vars:
awscliconf_path: '/home/christian.gonzalez'
awscliconf_files_owner: 'christian.gonzalez'
awscliconf_files_group: 'christian.gonzalez'
awscliconf_files:
credentials:
- default:
aws_access_key_id: 'AKIAIOSFODNN7EXAMPLE'
aws_secret_access_key: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'
config:
- default:
region: us-west-2
output: json
- profile development:
role_arn: 'arn:aws:iam::123456789012:role/role-for-development'
mfa_serial: 'arn:aws:iam::11111111111:mfa/christian.gonzalez'
region: eu-west-1
source_profile: default
当你有RedHat/CentOS 8或Debian/Ubuntu目标时,并且还没有安装AWS命令行界面(awscli),想使用我的角色christiangda.awscli
- hosts: redhat-8
gather_facts: True
roles:
- role: christiangda.awscli
- role: christiangda.awscli_configure
vars:
awscliconf_files:
credentials:
- default:
aws_access_key_id: 'AKIAIOSFODNN7EXAMPLE'
aws_secret_access_key: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'
config:
- default:
region: us-west-2
output: json
- profile development:
role_arn: 'arn:aws:iam::123456789012:role/role-for-development'
mfa_serial: 'arn:aws:iam::11111111111:mfa/christian.gonzalez'
region: eu-west-1
source_profile: default
当你有RedHat/CentOS 6/7目标时,如果没有安装AWS命令行界面(awscli)和EPEL源,并想使用我的角色christiangda.epel_role、christiangda.awscli
- hosts: redhat-7
gather_facts: True
roles:
- role: christiangda.epel_repo
- role: christiangda.awscli
- role: christiangda.awscli_configure
vars:
awscliconf_files:
credentials:
- default:
aws_access_key_id: 'AKIAIOSFODNN7EXAMPLE'
aws_secret_access_key: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'
config:
- default:
region: us-west-2
output: json
- profile development:
role_arn: 'arn:aws:iam::123456789012:role/role-for-development'
mfa_serial: 'arn:aws:iam::11111111111:mfa/christian.gonzalez'
region: eu-west-1
source_profile: default
当你有多个操作系统目标,并希望仅在RedHat/CentOS 6/7中安装EPEL源时,使用我的角色christiangda.epel_role、christiangda.awscli
- hosts: servers
gather_facts: True
roles:
- role: christiangda.epel_repo
when: >
ansible_os_family == 'RedHat' and (
ansible_distribution == 'CentOS' or
ansible_distribution == 'RedHat'
)
and (
ansible_distribution_major_version == '6' or
ansible_distribution_major_version == '7'
)
changed_when: false
- role: christiangda.awscli
- role: christiangda.awscli_configure
vars:
awscliconf_files:
credentials:
- default:
aws_access_key_id: 'AKIAIOSFODNN7EXAMPLE'
aws_secret_access_key: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'
- production-profile:
aws_access_key_id: 'AKIAIOSFODNN7EXAMPLE'
aws_secret_access_key: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'
config:
- default:
region: us-west-2
output: json
- profile development:
role_arn: arn:aws:iam::123456789012:role/role-name
role_session_name: maria_garcia_role
source_profile: production-profile
aws_session_token: AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/LTo6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3zrkuWJOgQs8IZZaIv2BXIa2R4Olgk
s3:
max_concurrent_requests: 20
max_queue_size: 10000
multipart_threshold: 64MB
multipart_chunksize: 16MB
max_bandwidth: 50MB/s
use_accelerate_endpoint: true
addressing_style: path
api_versions:
ec2: '2015-03-01'
cloudfront: '2015-09-17'
tcp_keepalive: false
开发/贡献
此角色使用Molecule进行测试,并使用Python虚拟环境进行开发。
此外,我们使用了两个主要的git分支
- master
- develop
如果你想为这个项目做贡献,你需要做的事情是:
参考资料:
准备你的环境
- Python 3
mkdir ansible-roles
cd ansible-roles/
python3 -m venv venv
source venv/bin/activate
pip install pip --upgrade
pip install ansible
pip install molecule
pip install 'molecule[docker]'
pip install 'molecule[podman]'
pip install 'molecule[lint]'
pip install molecule-vagrant
pip install python-vagrant
pip install selinux
pip install docker
pip install pytest
pip install pytest-mock
pip install pylint
pip install rope
pip install autopep8
pip install yamllint
pip install flake8
pip install ansible-lint
克隆角色仓库(从你的Fork)并创建符号链接
git clone https://github.com/christiangda/ansible-role-awscli-configure.git
ln -s ansible-role-awscli-configure christiangda.awscli_configure
cd christiangda.awscli_configure
执行molecule测试
可用的场景:
- default -->
--driver-name docker - podman -->
--driver-name podman - centos-8 -->
--driver-name centos-8 - centos-7 -->
--driver-name centos-7 - ubuntu-21.04 -->
--driver-name ubuntu-21.04
默认场景
逐步执行
molecule create [--scenario-name default]
molecule converge [--scenario-name default]
molecule verify [--scenario-name default]
molecule destroy [--scenario-name default]
或
一次性执行
molecule test [--scenario-name default]
podman场景
逐步执行
molecule create --scenario-name podman
molecule converge --scenario-name podman
molecule verify --scenario-name podman
molecule destroy --scenario-name podman
或
一次性执行
molecule test --scenario-name podman
此外,如果你想使用虚拟机进行测试,我有一个非常好的ansible-playground项目,使用Vagrant和VirtualBox,试试看吧!
许可
此模块根据GNU通用公共许可证第3版发布:
作者信息
关于项目
Ansible Role to Configure AWS Command Line Interface (awscli)
安装
ansible-galaxy install christiangda.awscli_configure许可证
gpl-3.0
下载
135.3k