我正在使用Ansible来配置EC2服务器。下面是我到目前为止有:配置服务器时了解EC2凭据
- name: Launch instances
local_action:
module: ec2
key_name: my-key
aws_access_key: ***
aws_secret_key: ***
region: us-west-1
group: management
instance_type: m1.small
image: ami-8635a9b6
count: 2
wait: yes
register: ec2
,但我不能验证:
You are not authorized to perform this operation.
我想它,因为我不完全理解的凭据是如何工作的。我可以在EC2控制台中看到my-key是我运行的实例(安全服务器)中的关键名称,我知道access_key和secret_key是正确的。
我认为这更多的是我不理解key_name/keypair以及它如何工作/如何安装它,而不是直接与ansible相关的任何东西。
或许这更多的是与用户。我以root身份运行脚本。
这里是日志:
TASK: [Launch instances] ******************************************************
<127.0.0.1> REMOTE_MODULE ec2 image=ami-8635a9b6 ec2_secret_key=*** ec2_access_key=*** instance_type=m1.small region=us-west-1 key_name=ca-management group=management
<127.0.0.1> EXEC ['/bin/sh', '-c', 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1417702041.0-138277713680589 && echo $HOME/.ansible/tmp/ansible-tmp-1417702041.0-138277713680589']
<127.0.0.1> PUT /tmp/tmpFgUh1O TO /root/.ansible/tmp/ansible-tmp-1417702041.0-138277713680589/ec2
<127.0.0.1> EXEC ['/bin/sh', '-c', u'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /root/.ansible/tmp/ansible-tmp-1417702041.0-138277713680589/ec2; rm -rf /root/.ansible/tmp/ansible-tmp-1417702041.0-138277713680589/ >/dev/null 2>&1']
failed: [127.0.0.1 -> 127.0.0.1] => {"failed": true, "parsed": false}
Traceback (most recent call last):
File "/root/.ansible/tmp/ansible-tmp-1417702041.0-138277713680589/ec2", line 2959, in <module>
main()
File "/root/.ansible/tmp/ansible-tmp-1417702041.0-138277713680589/ec2", line 1191, in main
(instance_dict_array, new_instance_ids, changed) = create_instances(module, ec2)
File "/root/.ansible/tmp/ansible-tmp-1417702041.0-138277713680589/ec2", line 761, in create_instances
grp_details = ec2.get_all_security_groups()
File "/usr/lib/python2.6/site-packages/boto/ec2/connection.py", line 2969, in get_all_security_groups
[('item', SecurityGroup)], verb='POST')
File "/usr/lib/python2.6/site-packages/boto/connection.py", line 1182, in get_list
raise self.ResponseError(response.status, response.reason, body)
boto.exception.EC2ResponseError: EC2ResponseError: 403 Forbidden
<?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>UnauthorizedOperation</Code><Message>You are not authorized to perform this operation.</Message></Error></Errors><RequestID>f3b9044b-9f41-44dd-9d5e-b7b13215c14a</RequestID></Response>
FATAL: all hosts have already failed -- aborting
embarassingly,事实证明它给了我错误的用户。切换到正确的用户权限和瞧,它的工作。在下面保留有用答案的问题。
你能发布一个完整的日志吗?你有没有试过用'-vvvv'运行剧本来获得更多的调试输出? – j0nes 2014-12-04 08:09:08
@ j0nes - 添加了日志 – mtyson 2014-12-04 14:08:30