EC2 用户数据无法通过 python boto 命令工作
[英]EC2 User Data not working via python boto command
问题描述
I am trying to launch an instance, have a script run the first time it launches as part of userdata.
我正在尝试启动一个实例,让脚本在第一次作为用户数据的一部分启动时运行。 The following code was used (python boto3 library):使用了以下代码(python boto3 库):
import boto3
ec2 = boto3.resource('ec2')
instance = ec2.create_instances(DryRun=False, ImageId='ami-abcd1234', MinCount=1, MaxCount=1, KeyName='tde', Placement={'AvailabilityZone': 'us-west-2a'}, SecurityGroupIds=['sg-abcd1234'], UserData=user_data, InstanceType='c3.xlarge', SubnetId='subnet-abcd1234')
I have been playing around with the user_data and have had no success.我一直在玩弄 user_data 但没有成功。 I have been trying to echo some string to a new file in an existing directory.我一直在尝试将一些字符串回显到现有目录中的新文件。 Below is the latest version I attempted.以下是我尝试的最新版本。
user_data = '''
#!/bin/bash
echo 'test' > /home/ec2/test.txt
'''
The ami is a CentOS based private AMI. ami 是一个基于 CentOS 的私有 AMI。 I have tested the commands locally on the server and gotten them to work.我已经在服务器上本地测试了命令并让它们工作。 But when I put the same command on the userdata (tweaked slightly to match the userdata format), it does not work.但是当我在用户数据上放置相同的命令时(稍微调整以匹配用户数据格式),它不起作用。 Instance launches successfully but the file I specified is not present.实例成功启动,但我指定的文件不存在。
I looked at other examples ( https://github.com/coresoftwaregroup/boto-examples/blob/master/32-create-instance-enhanced-with-user-data.py ) and even copied their commands.我查看了其他示例 ( https://github.com/coresoftwaregroup/boto-examples/blob/master/32-create-instance-enhanced-with-user-data.py ),甚至复制了它们的命令。
Your help is appreciated: Thanks :)感谢您的帮助:谢谢 :)
4 个解决方案
解决方案1
11 2017-05-26 00:55:29
For User Data to be recognized as a script, the very first characters MUST be #!要使用户数据被识别为脚本,第一个字符必须是#! (at least for Linux instances). (至少对于 Linux 实例而言)。
However, your user_data variable is being defined as:但是,您的user_data变量被定义为:
"\n #!/bin/bash\n echo 'test' > /home/ec2/test.txt\n "
You should define it like this:你应该这样定义它:
user_data = '''#!/bin/bash
echo 'test' > /tmp/hello'''
Which produces:其中产生:
"#!/bin/bash\necho 'test' > /tmp/hello"
That works correctly.这工作正常。
So, here's the final product:所以,这是最终产品:
import boto3
ec2 = boto3.resource('ec2')
user_data = '''#!/bin/bash
echo 'test' > /tmp/hello'''
instance = ec2.create_instances(ImageId='ami-abcd1234', MinCount=1, MaxCount=1, KeyName='my-key', SecurityGroupIds=['sg-abcd1234'], UserData=user_data, InstanceType='t2.nano', SubnetId='subnet-abcd1234')
After logging in:登录后:
[ec2-user@ip-172-31-2-151 ~]$ ls /tmp
hello hsperfdata_root
解决方案2
0 2020-10-11 15:27:41
Maybe your script did not worked because you typed the wrong user path.也许您的脚本没有工作,因为您输入了错误的用户路径。
The correct user path is /home/ec2-user , and not /home/ec2 as supposed in your script.正确的用户路径是/home/ec2-user ,而不是脚本中假设的/home/ec2 。
Try this as user data:试试这个作为用户数据:
user_data = '''
#!/bin/bash
echo 'test' > /home/ec2-user/test.txt
'''
解决方案3
0 2021-08-12 04:15:52
I believe you need to specify an instance profile.我相信您需要指定一个实例配置文件。 Have a look at this page: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html#user-data-api-cli看看这个页面: https : //docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html#user-data-api-cli
The steps to do this include:执行此操作的步骤包括:
- Create a role创建角色
- Attach the appropriate policy document to that role (note: AmazonEC2FullAccess policy as used in the example might not be it, I just haven't found a better alternative yet)将适当的策略文档附加到该角色(注意:示例中使用的 AmazonEC2FullAccess 策略可能不是这样,我只是还没有找到更好的替代方案)
- Create an instance profile创建实例配置文件
- Attach the role to the instance profile将角色附加到实例配置文件
- Create instances using the instance profile使用实例配置文件创建实例
Additionally as mentioned in other answers start your user data with此外,正如其他答案中提到的那样开始您的用户数据
#!/bin/bash #!/bin/bash
Here is a "simplified" code snippet, I'm using to do the same.这是一个“简化”的代码片段,我正在做同样的事情。 This skips over other initialization steps such as picking a machine image, and setting up a security group and such.这会跳过其他初始化步骤,例如选择机器映像和设置安全组等。
iam_client = boto3.client('iam')
# create assume role policy document
assume_role_policy_document = json.dumps({
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
})
# create ec2 full access role
role_response = iam_client.create_role(
RoleName='ec2_full_access_role',
AssumeRolePolicyDocument=assume_role_policy_document,
Description='AmazonEC2FullAccess',
MaxSessionDuration=3600,
)
# get policy arm
policy_arn = policies_df[policies_df.PolicyName=='AmazonEC2FullAccess'].Arn.iloc[0]
# attach policy
role_attach_response = iam_client.attach_role_policy(
RoleName='ec2_full_access_role',
PolicyArn=policy_arn
)
# create instance profile
instance_profile_response = iam_client.create_instance_profile(
InstanceProfileName='ec2_instance_profile',
)
# attach role to instance profile
attach_role_response = iam_client.add_role_to_instance_profile(
InstanceProfileName='ec2_instance_profile',
RoleName='ec2_full_access_role'
)
# define user data
user_data = """#!/bin/bash
touch test.txt
"""
# create instance
instance_params = {
'ImageId': image_id,
'InstanceType': instance_type,
'KeyName': key_name,
'SecurityGroups': (sg_name, ),
'UserData': user_data,
'IamInstanceProfile':{'Name': 'ec2_instance_profile'},
'MinCount': 1,
'MaxCount': 1
}
instances = ec2_res.create_instances(**instance_params)
解决方案4
0 2022-06-16 19:16:29
In case anyone is attempting to make user_data work with the amazon.aws.ec2_instance Ansible module, for bootstrapping EKS worker nodes:如果有人试图让user_data与 amazon.aws.ec2_instance Ansible 模块一起工作,以引导 EKS 工作节点:
user_data: "#!/bin/bash \n
sudo /etc/eks/bootstrap.sh
--apiserver-endpoint {{ CLUSTER_ENDPOINT }}
--b64-cluster-ca {{ CERTIFICATE_AUTHORITY_DATA }}
{{ CLUSTER_NAME }}"
The newline is the important part here.换行符是这里的重要部分。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.