我已经在这个问题上呆了好几天了,似乎找不到任何与我遇到的问题完全相同的东西。目前,我有凭据和配置设置如下:
~/.aws/凭证
[default]
aws_access_key_id = ###########
aws_secret_access_key = ######################
[dev]
role_arn=arn:aws:iam::############:role/###AccessRole
source_profile=default
~/.aws/config
[default]
region = us-east-1
output = json
[profile dev]
role_arn = arn:aws:iam::############:role/###AccessRole
source_profile = default
当我运行aws-cli命令时,一切都运行良好。如果我最终使用了具有管理员权限的AWS信用证,它是有效的——但我不能在我们的系统中做到这一点。
目前,默认角色不能故意访问任何内容,它承担dev的角色。但是,我无法让Ansible识别dev。我配置了所有这些,它可以在Terraform、AWS CLI和Git中工作。目前,这是我使用ansible playbook时的输入和错误。我已经删除了某些信息/删除了下面的输出。正如你所看到的,我使用的是ec2.ini和ec2.py.
有人见过这个吗?这与在Ansible中使用role_arn有关吗?我已经尝试了很多方法来实现这一点,下面的状态是当前的状态。
提前感谢!
AWS_PROFILE=dev ansible-playbook -i ./inventory/ec2.py playbook.yml --private-key ###.pem
----
[WARNING]: * Failed to parse {home}/Ansible/Bastion/inventory/ec2.py with script
plugin: Inventory script ({home}/Ansible/Bastion/inventory/ec2.py) had an
execution error: Traceback (most recent call last): File
"{home}/Ansible/Bastion/inventory/ec2.py", line 1712, in <module>
Ec2Inventory() File "{home}Ansible/Bastion/inventory/ec2.py", line 285, in
__init__ self.do_api_calls_update_cache() File
"{home}/Ansible/Bastion/inventory/ec2.py", line 552, in do_api_calls_update_cache
self.get_instances_by_region(region) File
"{home}/Ansible/Bastion/inventory/ec2.py", line 608, in get_instances_by_region
conn = self.connect(region) File "{home}/Ansible/Bastion/inventory/ec2.py", line
570, in connect conn = self.connect_to_aws(ec2, region) File
"{home}/Ansible/Bastion/inventory/ec2.py", line 591, in connect_to_aws
sts_conn = sts.connect_to_region(region, **connect_args) File "{home}.local/lib/python2.7/site-
packages/boto/sts/__init__.py", line 51, in connect_to_region **kw_params) File
"{home}/.local/lib/python2.7/site-packages/boto/regioninfo.py", line 220, in connect return
region.connect(**kw_params) File "{home}/.local/lib/python2.7/site-packages/boto/regioninfo.py",
line 290, in connect return self.connection_cls(region=self, **kw_params) File
"{home}/.local/lib/python2.7/site-packages/boto/sts/connection.py", line 107, in __init__
provider=provider) File "{home}/.local/lib/python2.7/site-packages/boto/connection.py", line
1100, in __init__ provider=provider) File "{home}/.local/lib/python2.7/site-
packages/boto/connection.py", line 555, in __init__ profile_name) File
"{home}/.local/lib/python2.7/site-packages/boto/provider.py", line 201, in __init__
self.get_credentials(access_key, secret_key, security_token, profile_name) File
"{home}/.local/lib/python2.7/site-packages/boto/provider.py", line 297, in get_credentials
profile_name) boto.provider.ProfileNotFoundError: Profile "dev" not found!
[WARNING]: * Failed to parse {home}/Ansible/Bastion/inventory/ec2.py with ini
plugin: {home}/Ansible/Bastion/inventory/ec2.py:3: Error parsing host definition
''''': No closing quotation
[WARNING]: Unable to parse {home}/Ansible/Bastion/inventory/ec2.py as an inventory
source
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does
not match 'all'
PLAY [Create kp and access instance] *********************************************************
TASK [Setup variables] *************************************************************************************
ok: [localhost]
TASK [Backup previous key] *************************************************************************
changed: [localhost]
TASK [generate SSH key]
*******************************************************************
changed: [localhost]
TASK [Start and register instance] *****************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Profile given for AWS was not found. Please fix and retry."}
PLAY RECAP *************************************************************************************************
localhost : ok=3 changed=2 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
编辑:
Name Value Type Location
---- ----- ---- --------
profile dev manual --profile
access_key ****************#### assume-role
secret_key ****************#### assume-role
region <not set> None None
{
"UserId": "<ACCESS_KEY?>:botocore-session-##########",
"Account": "############",
"Arn": "arn:aws:sts::############:assumed-role/###AccessRole/botocore-session-##########"
}
ec2.py太旧了,它只使用boto,不能与角色一起工作。它也被弃用,现在使用aws动态清单的正确方法是使用aws集合中的aws_ec2。它使用了boto3,支持角色,最终更加灵活。如果需要,这里有一个兼容的ec2.py配置,但建议长期直接使用aws_ec2组和变量。
查看github中的此链接以了解完整的