stackoom
  简体   繁体   中英

Packer | Ansible | NoCredentialsError: Unable to locate credentials

 原文  2019-06-12 11:23:37       amazon-web-services/ ansible/ packer/ efs

Question

I am trying to execute ansible script via Packer to Obtain EFS facts. Within my packer.json I am passing AWS_ACCESS_KEY_ID/KEY/TOKEN. My facts.yml works fine if I execute it individually by passing -sts_assume_role in my code.

As suggested by @error404 I have added sts_assume_role task and received updated logs to the question.

tasks/facts.yml:- 

# Get all RDS instances
---

- sts_assume_role:
    region: "central"
    role_arn: "arn:aws:iam::12345678919:role/jenkins"
    role_session_name: "ansible-connect"
  register: assumed_role

- name: Obtain all EFS facts
  efs_facts:
    aws_access_key: "{{ assumed_role.sts_creds.access_key }}"
    aws_secret_key: "{{ assumed_role.sts_creds.secret_key }}"
    security_token: "{{ assumed_role.sts_creds.session_token }}"
    region: "eu-central-1"
  register: airflow_efs_facts

- debug:
    var: airflow_efs_facts.ansible_facts.efs[0].filesystem_address

my packer.json 

{
  "variables": {
    "aws_region": "eu-central-1",
    "kms_key_id": "{{env `KEY`}}",
    "aws_access_key": "{{env `AWS_ACCESS_KEY_ID`}}",
    "aws_secret_key": "{{env `AWS_SECRET_ACCESS_KEY`}}",
    "aws_session_token": "{{env `AWS_SESSION_TOKEN`}}",
    "subnet_id": "{{env `SUBNET`}}",
    "vpc_id": "{{env `VPC`}}"
  },
  "builders": [
    {
      "type": "amazon-ebs",
      "access_key": "{{user `aws_access_key`}}",
      "secret_key": "{{user `aws_secret_key`}}",
      "token": "{{user `aws_session_token`}}",
      "region": "{{user `aws_region`}}",
      "vpc_id": "{{user `vpc_id`}}",
      "subnet_id": "{{user `subnet_id`}}",

      "source_ami_filter": {
        "filters": {
            "name": "ec2-*",
            "virtualization-type": "hvm",
            "root-device-type": "ebs"
        },
        "owners": "self",
        "most_recent": true
      },
      "encrypt_boot": "true",
      "kms_key_id": "{{user `kms_key_id`}}",
      "instance_type": "t2.large",
      "ssh_username": "ec2-user",
      "ami_block_device_mappings": [
        {
          "device_name": "/dev/xvda",
          "volume_size": 20,
          "volume_type": "gp2",
          "delete_on_termination": true
        }
      ],
      "launch_block_device_mappings": [
         {
            "device_name": "/dev/xvda",
            "volume_size": 20,
            "volume_type": "gp2",
            "delete_on_termination": true
         }
    ],
      "ami_description": "Master AMI to be used to build Server",
      "ami_name": "master-{{isotime \"2006-01-02\"}}",
      "tags": {
        "Name": "master-baseline",
        "ami_version": "{{isotime \"2006-01-02\"}}",
        "ami_cis_benchmark_version": "1.0.0",
        "ami_os": "amazon"
      }
    }
  ],
  "provisioners": [
    {
      "inline": [
        "sudo yum -y install bzip2 python-pip vim wget curl mlocate unzip git  java-1.8.0-openjdk-devel java-1.8.0-openjdk jq",
        "sudo updatedb",
        "sudo pip install ansible",
        "sudo yum -y install python3 python3-pip python3-devel python3-setuptools",
        "sudo yum -y update"
      ],
      "type": "shell"
    },
    {
      "type": "ansible-local",
      "playbook_file": "ansible/plays/install.yml",
      "role_paths": [
            "ansible/roles/master"
      ]
    }
  ]
}

Below is the error message:- 

    [0;32m    amazon-ebs: TASK [roles/airflow-master : sts_assume_role] **********************************[0m
[0;32m    amazon-ebs: [0;31mAn exception occurred during task execution. To see the full traceback, use -vvv. The error was: botocore.exceptions.NoCredentialsError: Unable to locate credentials[0m[0m
[0;32m    amazon-ebs: [0;31mfatal: [127.0.0.1]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n  File \"/home/ec2-user/.ansible/tmp/ansible-tmp-1560349713.84-28986519228608/AnsiballZ_sts_assume_role.py\", line 114, in <module>\n    _ansiballz_main()\n  File \"/home/ec2-user/.ansible/tmp/ansible-tmp-1560349713.84-28986519228608/AnsiballZ_sts_assume_role.py\", line 106, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/home/ec2-user/.ansible/tmp/ansible-tmp-1560349713.84-28986519228608/AnsiballZ_sts_assume_role.py\", line 49, in invoke_module\n

1 answers

solution1
 0  2019-06-12 14:27:43

Within my packer.json I am passing AWS_ACCESS_KEY_ID/KEY/TOKEN

You are just setting these as Packer user variables . This only means that packer can access them in the template with {{user `aws_access_key`}} .

A good way to solve this is to create an EC2 Instance Profile which is authorised to access the EFS api and reference it with iam_instance_profile .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS - NoCredentialsError: Unable to locate credentials Amazon Web Services: NoCredentialsError: Unable to locate credentials botocore.exceptions.NoCredentialsError: Unable to locate credentials AWS CloudWatch Agent: NoCredentialsError: Unable to locate credentials NoCredentialsError botocore.exceptions.NoCredentialsError: Unable to locate credentials even after passing credentials Cognito AWS login with Python as a user - NoCredentialsError: Unable to locate credentials botocore.exceptions.NoCredentialsError: Unable to locate credentials - Github Actions How to solve botocore.exceptions.NoCredentialsError: Unable to locate credentials botocore.exceptions.NoCredentialsError: Unable to locate credentials in AWS ECS NoCredentialsError : Unable to locate credentials - python module boto3
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM