小编Mia*_*ian的帖子

当通过pip()安装时pip install pipenv，在zsh shell上找不到该命令pipenv。

如果通过brew:安装brew install pipenv，然后运行pipenv shell，出现错误

Loading .env environment variables...
Launching subshell in virtual environment...
Traceback (most recent call last):
  File "/usr/local/Cellar/pipenv/2020.11.15/libexec/bin/pipenv", line 8, in <module>
    sys.exit(cli())
  File "/usr/local/Cellar/pipenv/2020.11.15/libexec/lib/python3.9/site-packages/pipenv/vendor/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/Cellar/pipenv/2020.11.15/libexec/lib/python3.9/site-packages/pipenv/vendor/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/usr/local/Cellar/pipenv/2020.11.15/libexec/lib/python3.9/site-packages/pipenv/vendor/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/Cellar/pipenv/2020.11.15/libexec/lib/python3.9/site-packages/pipenv/vendor/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/Cellar/pipenv/2020.11.15/libexec/lib/python3.9/site-packages/pipenv/vendor/click/core.py", line 610, in invoke …

当我运行 terraform apply 时，出现以下错误：

running "...terraform apply" in ".../aws-config": exit status 1
module.aws_config_role.aws_iam_policy.default: Modifying... [id=arn:aws:iam::10391031030:policy/my-aws-config-role]

Error: Error updating IAM policy arn:aws:iam::10391031030:policy/my-aws-config-role: LimitExceeded: Cannot exceed quota for PolicySize: 6144
    status code: 409, request id: 313b0l20-a29d-0121-la32-01210d0103c01

事实上这个任务会更新IAM策略并添加许多新项目，从terraform计划中得知：

~ update in-place

Terraform will perform the following actions:

  # module.aws_config_role.aws_iam_policy.default will be updated in-place
~ resource "aws_iam_policy" "default" {
        arn    = "arn:aws:iam::10391031030:policy/my-aws-config-role"
        id     = "arn:aws:iam::10391031030:policy/my-aws-config-role"
        name   = "my-aws-config-role"
        path   = "/"
      ~ policy = jsonencode(
          ~ {
              ~ Statement = [
                  ~ {
                      ~ …

我在同一个 AWS 账户中创建了一个 EC2 实例和一个 EKS 集群。为了使用 EC2 中的 EKS 集群，我必须向其授予必要的权限。

我添加了具有一些 EKS 操作权限的实例配置文件角色。其角色 arnarn:aws:iam::11111111:role/ec2-instance-profile-role在仪表板上是 (A)。但在EC2实例中，可以发现它是arn:aws:sts::11111111:assumed-role/ec2-instance-profile-role/i-00000000(B)。

$ aws sts get-caller-identity
{
    "Account": "11111111",
    "UserId": "AAAAAAAAAAAAAAA:i-000000000000",
    "Arn": "arn:aws:sts::11111111:assumed-role/ec2-instance-profile-role/i-00000000"
}

我还创建了一个aws-auth配置映射以设置到 EKS 中的 Kubernetes 系统配置中，以便可以注册和访问 EC2 实例配置文件角色。我尝试将 A 和 B 都设置到 mapRoles 中，但它们都遇到了相同的问题。当我在 EC2 上运行kubectl命令时：

$ aws eks --region aws-region update-kubeconfig --name eks-cluster-name

$ kubectl config view --minify
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://xxxxxxxxxxxxxxxxxxxxxxxxxxxx.aw1.aws-region.eks.amazonaws.com
  name: arn:aws:eks:aws-region:11111111:cluster/eks-cluster-name
contexts:
- context:
    cluster: arn:aws:eks:aws-region:11111111:cluster/eks-cluster-name …

我是这样设置的

resource "aws_ecs_service" "foo" {
  name             = "bar"
  cluster          = "hoge"
  desired_count    = 1
  launch_type      = "FARGATE"
  platform_version = "1.4.0"

  task_definition = "some_arn"

  network_configuration {
    # something
  }

  deployment_controller {
    type = "ECS"
  }

  enable_execute_command = true

  tags = local.tags

  lifecycle {
    ignore_changes = [
    ]
  }
}

地形图显示

Error: Unsupported argument
An argument named "enable_execute_command" is not expected here.

那么如何使用呢？

从文档中我发现它与deployment_controller. 是版本问题吗？

terraform的版本是0.14.x，aws提供商的版本是3.29.x

我在中创建了一个变量group_vars

组变量/全部

---
hostname: name1

我想将 name2 设置为真实主机（10.20.30.40），所以我创建了一个文件并在那里再次设置主机名

主机变量/10.20.30.40

---
hostname: name2

当我运行剧本时，它返回 name1 但不返回 name2：

角色/操作系统/任务/main.yml

- name: Print hostname
  ansible.builtin.debug:
    msg: "{{ hostname }}"

结果：

TASK [server : Print hostname] *************************************
ok: [web_server] => {
    "msg": "name1"
}

我想在每个要更新的主机中设置变量，这不是正确的用法吗？

而且，如果我在文件夹下以这种方式命名主机文件host_vars，它可以工作吗？

web_server

库存：

[web_server]
10.20.30.40

剧本：

---
- hosts: web_server
  become: true
  vars_files:
    - group_vars/all
  roles:
    - os

我正在使用 Terraform 创建 IAM 和 EC2，如下所示。

我想将一个名为ec2_roleEC2 实例配置文件的角色附加到该 EC2 实例配置文件中。但它似乎只能附加由 . 创建的一个aws_iam_instance_profile。

resource "aws_instance" "this" {
  # ..
  iam_instance_profile    = aws_iam_instance_profile.this.name
}

resource "aws_iam_instance_profile" "this" {
  name = "ec2-profile"
  role = aws_iam_role.ec2_role.name
}

关于ec2_role，它使用ec2_role_policy. 但如果我设置source_json = data.aws_iam_policy.amazon_ssm_managed_instance_core.policy为data "aws_iam_policy_document" "ec2_role_policy" {，它会引发错误。

resource "aws_iam_role" "ec2_role" {
  name               = "ec2-role"
  assume_role_policy = data.aws_iam_policy_document.ec2_role_policy.json
}

resource "aws_iam_policy" "ec2_policy" {
  name   = "ec2-policy"
  policy = data.aws_iam_policy_document.ec2_use_role_policy.json
}

resource "aws_iam_role_policy_attachment" "attach" {
  role       = …

将 postgres docker 配置文件设置为

Dockerfile

FROM postgres:12-alpine\n\nUSER postgres\n\nRUN chmod 0700 /var/lib/postgresql/data &&\\\n    initdb /var/lib/postgresql/data &&\\\n    echo "host all  all    0.0.0.0/0  md5" >> /var/lib/postgresql/data/pg_hba.conf &&\\\n    echo "listen_addresses='*'" >> /var/lib/postgresql/data/postgresql.conf\n    pg_ctl start &&\\\n    psql -c "ALTER USER postgres WITH ENCRYPTED PASSWORD 'mypassword';"\n\nEXPOSE 5432\n

使用 docker-compose 将其部署到服务器上

version: "3.8"\nservices:\n  postgresql:\n    build:\n      context: ./postgresql\n      dockerfile: Dockerfile\n    image: postgresql\n    container_name: postgresql\n    hostname: postgresql\n

构建完成后，即可成功完成。但当它起来时，得到了

docker-compose up postgresql\nCreating postgresql ... done\nAttaching to postgresql\npostgresql       | Error: Database is uninitialized and superuser …

我想将 ALB 443 端口设置为具有 Terraform 安全组规则的 EC2 80 端口。

resource "aws_security_group_rule" "allow_https" {
  security_group_id        = aws_security_group.ec2.id
  type                     = "ingress"
  protocol                 = "tcp"
  from_port                = 443
  to_port                  = 80
  source_security_group_id = data.aws_ssm_parameter.alb.value
}

申请的时候报错：

Error: Error authorizing security group rule type ingress: InvalidParameterValue: Invalid TCP/UDP port range(443:80)

不是可以把443路由到80吗？