Ansible无法从〜/ .aws / credentials中读取凭证
[英]Ansible not reading credentials from ~/.aws/credentials
问题描述
I am running ansible with dynamic inventory . 
我正在用dynamic inventory运行ansible。 When the aws cli was setup with aws configure command than the ansible commands with dynamic invetory was running properly. 使用aws configure命令设置aws cli时,带有动态invetory的ansible命令正常运行。 But I want to have multiple profiles to be used by dynamic inventory so I have added profile in ~/.aws/credentials 但是我希望动态库存可以使用多个配置文件,因此我在~/.aws/credentials添加了配置文件
[personal]
aws_access_key_id = XXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXX
[default]
aws_access_key_id = XXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXX
ansible not picking up these credentials and on running ./ec2.py --list it is giving the error: 无法获取这些凭据并在运行./ec2.py --list时出现错误:
Looks like AWS is down again:
EC2ResponseError: 401 Unauthorized
<?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>AuthFailure</Code><Message>Authorization header or parameters are not formatted correctly.</Message></Error></Errors><RequestID>349d5311-54db-4e79-9bbc-2d60b9f15da5</RequestID></Response>
3 个解决方案
解决方案1
0 2016-10-02 14:49:57
您是否尝试过将--profile PROFILE开关添加到ec2.py,如下所示。
./ec2.py --list --profile personal
解决方案2
0 2016-10-03 01:44:09
After @uptime365's answer, this is most likely not an Ansible/ec2.py problem. 在@ uptime365回答之后,这很可能不是Ansible / ec2.py问题。 Here's my troubleshooting steps: 这是我的故障排除步骤:
Can you use the awscli with those credentials? 您可以将awscli与这些凭据一起使用吗?
aws ec2 describe-instances --page-size 5
aws ec2 describe-instances --page-size 5 --profile personal
Can you use awscli with the credentials manually included? 您可以将awscli与手动包含的凭据一起使用吗?
Note there's no need to use profile since you are specifying the keys. 请注意,由于您要指定密钥,因此无需使用profile 。
AWS_ACCESS_KEY_ID="AKIA.." AWS_SECRET_ACCESS_KEY=".." aws ec2 describe-instances --page-size 5
If it complains about the region, add AWS_DEFAULT_REGION="us-east-1" or the region of your choice. 如果它抱怨该区域,请添加AWS_DEFAULT_REGION="us-east-1"或您选择的区域。
Neither of these work 这些工作都不
You have a problem with your access key or secret. 您的访问密钥或机密有问题。 How many characters are in each? 每个中有几个字符? The key should be 20 characters, all uppercase letters and numbers. 密钥应为20个字符,所有大写字母和数字。 The secret is 40 characters, upper/lower/numbers/punctuation. 机密为40个字符,上下/数字/标点符号。
解决方案3
0 2017-07-28 07:19:53
I ran into this issue too, and eventually solved it; 我也遇到了这个问题,并最终解决了这个问题。 the problem was that the clock on my machine had drifted by a couple of minutes. 问题是我的机器上的时钟偏移了几分钟。 Setting the time correctly fixed the issue. 正确设置时间可以解决此问题。
Along the way I learned that aws cli uses boto3, whereas ec2.py uses boto. 一路上,我了解到aws cli使用boto3,而ec2.py使用boto。 It seems that boto3 works slightly differently for authentication, because like @drishti the CLI was working for me even when ec2.py was not. 似乎boto3的身份验证工作略有不同,因为就像@drishti一样,即使没有ec2.py,CLI也会为我工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.