I have the following set-up:
A script updatecreds.py runs, which updates AWS credentials in my Ansible creds file using STS.
Now, I took those creds to run AWS-related tasks in Ansible, and they run smoothly. But, the CLI commands give me an error.
When I use the same credentials in the ~/.aws/config file, I get the following error when executing CLI commands: A client error (InvalidClientTokenId) occurred when calling the ListAccessKeys operation: The security token included in the request is invalid.
As some of my Ansible tasks run shell commands which are AWS cli commands, this behaviour is messing with my Ansible run too.
Why is AWS behaving so weirdly? Or did I do something wrong here?
PS : My ~/.aws/config looks like this:
[default]
aws_access_key_id=<>
aws_secret_access_key=<>
aws_session_token=<>
region=us-east-1
There is a confusion in session/security terms, see this issue.
To make both boto and aws cli work correctly, duplicate them:
[default]
aws_access_key_id=KEY
aws_secret_access_key=SECRET
aws_session_token=TOKEN
aws_security_token=TOKEN
region=REGION
Try without
aws_session_token=<>
Mine works fine with only aws_access_key_id and aws_secret_access_key in ~/.aws.credentials
Related
when using ansible-podman, I am unable to output the std-out of the container run command as I might do when using the command line. This means that I don't get to see the automatically generated password and keystore password, along with other details.
Even when using the tty parameter of the ansible-podman-container, the logs report:
Auto-configuration will not generate a password for the elastic built-in superuser, as we cannot determine if there is a terminal attached to the elasticsearch process. You can use the bin/elasticsearch-reset-password tool to set the password for the elastic user."
There is no elastic user created, and when I exec into the container, the bin/elasticsearch-reset-password tool fails with:
ROR: Failed to reset password for the [elasticsearch] user
As https is standard on the 8.5 image, I am unable to use it, as I cannot set up auth properly. Also, I cannot use apt to install an editor, as the user elasticsearch does not have sufficient permissions.
If you think this is a podman error then please let me know, and I will hassle the devs, and see if I can't get better output and tty detection etc.
An alternative I have tried is using ansible to run a shell command, but the output is no different.
What I really want is to be able to obtain the password to output to an ansible variable so that I can spin up a pod of containers, including elasticsearch, for running tests.
Alternatively, I can use elasticsearch 7.17.7 with http, but I am going to need encryption for production, and there doesn't seem to be a way to do it with ansible.
Perhaps there is an environment variable that I am missing that I could set to create the password? I have tried setting ELASTIC_PASSWORD, but it is of no help.
I am connecting from django using django-elasticsearch-dsl, and get the following error, when verify_cert is set to false:
AuthenticationException(401, 'security_exception', 'missing authentication credentials for REST request [/forum_posts_index/_search]')
Any help gratefully received...
I am running Teamcity on a windows VM and have installed the awscli.
I am trying to pull a zip from aws S3. But I get this error:
" aws : The term 'aws' is not recognized as the name of a cmdlet, function, script file"
When I run the command in both cmd and powershell it works just fine.
I have also checked that the awscli path is in both user and system paths.
Any ideas?
I figured it out.
The build agent was not running as a service and was running as a user account that didn't have the correct permissions. Installed a new agent, ran it as a windows service and as a service account.
I hope this helps someone in the future that faces this frustrating issue.
I am trying to automate packer commands on gitlab-ci , so basically i am running a docker container ubuntu:latest and trying to build an image using packer. How can i specify the user as root? or how should i solve this error
please help!
when i try to execute this command
packer_log=1 packer build image.json
i am getting the below error:
amazon-ebs output will be in this color.
1 error(s) occurred:
* user: could not determine current user from environment.
ERROR: Job failed: exit code 1
For some reason you don't have the USER environment variable set. You either need to set it correctly or use the user configuration option in the ansible provisioner, see ansible: user in the documentation.
Please find the below attachment. I am working on the Ansible integration with OpenStack. While running with playbook I got the below connection failed error.
) I am using nova_compute module in ansible. While running the ansible playbook it gave pyhton_novaclient module required. I installed the python_novaclient using pip.
But after I ran the playbook, it gave the same python_novaclient required error.
) After the installation of python_novaclient, nova command is working fine.
I checked the below command
Root>nova --os-username admin --os-password MiracleIT --os-project-name admin --os-auth-URL http://192.168.8.25:5000/v3/ service-list
It gave below attached error
attachment: 2
attachment 2
) I am using on os_server module in ansible. While working on the ansible playbook, it gave RegionOne (Inner Exception: problem with authorization parameters) error. I attached the screen shot.
Attachment: 3
I got the Answer well. I did not enter the Controller IP into /etc/hosts file.
After put the IP into the /etc/hosts My playbook create an instance in Openstack and working fine.
Thank you.
I'm using Vagrant and Ansible to create my Bitbucket Server on Ubuntu 15.10. I have the server setup complete and working but I have to manually run the start-webapp.sh script to start the server each time I reprovision the server.
I have the following task in my Bitbucket role in Ansible and when I increase the verbosity I can see that I get a positive response from the server saying it will be running at http://localhost/ but when I go to the URL the server isn't on. If I then SSH in to the server and run the script myself, getting the exact same response after running the script I can see the startup webpage.
- name: Start the Bitbucket Server
become: yes
shell: /bitbucket-server/atlassian-bitbucket-4.7.1/bin/start-webapp.sh
Any advice would be great on how to fix this.
Thanks,
Sam
Probably better to change that to an init script and use the service module to start it. For example, see this role for installing bitbucket...
Otherwise, you're subject to HUP and other issues from running processes under an ephemeral session.