I'm using Ansible: 2.2.0.0
I have 3 machines:
Two vagrant boxes (one CentOS 7.x and one Ubuntu 14.04) and
3rd box is an EC2 Amazon Linux instance (Amazon Linux AMI release
2016.03).
On these boxes, I'm running the following command and getting valid output (as listed below):
CentOS:
[vagrant#myvagrant ~] $ ansible all -m setup -i "`hostname`," --connection=local -a "filter=ansible_distribution*"
myvagrant | SUCCESS => {
"ansible_facts": {
"ansible_distribution": "CentOS",
"ansible_distribution_major_version": "7",
"ansible_distribution_release": "Core",
"ansible_distribution_version": "7.2.1511"
},
"changed": false
}
Ubuntu:
vagrant#myubuntuvagrant:~$ ansible all -m setup -i "`hostname`," --connection=local -a "filter=ansible_distribution*"
myubuntuvagrant | SUCCESS => {
"ansible_facts": {
"ansible_distribution": "Ubuntu",
"ansible_distribution_major_version": "14",
"ansible_distribution_release": "trusty",
"ansible_distribution_version": "14.04"
},
"changed": false
}
vagrant#myubuntuvagrant:~$
Amazon EC2 instance/box:
$ ansible all -m setup -i "`hostname`," --connection=local -a "filter=ansible_distribution*"
ip-10-200-1-145 | SUCCESS => {
"ansible_facts": {
"ansible_distribution": "Amazon",
"ansible_distribution_major_version": "NA",
"ansible_distribution_release": "NA",
"ansible_distribution_version": "2016.03"
},
"changed": false
}
In one of my Ansible playbook / templates/yum.repos.d.file.j2 file, I'm using {{ ansible_distribution_major_version }} variable and using it's value in a .repo file for the baseurl property's value for CentOS/Amazon EC2 instance only i.e. when: ansible_distribution == "CentOS" or ansible_distribution == "Amazon".
baseurl=https://packagecloud.io/company/packages/telegraf/el/6/$basearch
PS: I'm not looking for Ubuntu (as that part is working fine with using apt-get in my playbook for both setting the apt-get source list and installing the package).
My question:
Why ansible facter variable is not setting any valid valid for ansible_distribution_major_release version for Amazon EC2 instance? What facter_*/ansible_* can I use which will work in all 3 OS types.
PS: When I used baseurl's value with ../el/6/.. in it (inside the yum.repos.d/target-pacakge.amazon-os.repo file), yum install worked fine for installing the package on Amazon linux box (though, using ../el/7/.. in baseurl didn't work). See here for more details: https://packagecloud.io/docs#os_distro_version (under heading: Enterprise Linux (CentOS, RedHat, Amazon Linux))
If you use following, set_fact, you don't have to specifically handle ansible_distribution_major_version in tasks for all three OS types.
pre_tasks:
- set_fact: ansible_distribution_major_version=6
when: ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"
Here's some relevant values from an Amazon Linux 2 docker image:
# docker images|grep amazon
amazonlinux 2 d656eea421ba 4 weeks ago 162MB
amazonlinux latest d656eea421ba 4 weeks ago 162MB
# docker run --init --rm -it amazonlinux:2 cat /etc/os-release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
After installing ansible within the docker image:
# ansible --version
ansible 2.7.2
# Relevant items from output of 'ansible -m setup'
ansible_distribution: Amazon
ansible_distribution_file_parsed: true
ansible_distribution_file_path: /etc/system-release
ansible_distribution_file_variety: Amazon
ansible_distribution_major_version: NA
ansible_distribution_release: NA
ansible_distribution_version: 2
ansible_os_family: RedHat
ansible_pkg_mgr: yum
ansible_service_mgr: sysvinit # should this be 'systemd'?
ansible_system_vendor: NA
ansible_virtualization_role: guest
ansible_virtualization_type: docker
and on an actual EC2 Amazon Linux 2 instance:
[root#ip-xxx ~]# ansible --version
ansible 2.7.2
ansible_os_family: RedHat
ansible_pkg_mgr: yum
ansible_service_mgr: systemd
ansible_system: Linux
ansible_system_vendor: Xen
ansible_virtualization_role: guest
ansible_virtualization_type: xen
Related
I'm trying to deploy a django application on elasticbeanstalk. It has been working fine then suddenly stopped and I cannot figure out why.
When I do eb deploy I get
INFO: Environment update is starting.
INFO: Deploying new version to instance(s).
INFO: New application version was deployed to running EC2 instances.
INFO: Environment update completed successfully.
Alert: An update to the EB CLI is available. Run "pip install --upgrade awsebcli" to get the latest version.
INFO: Attempting to open port 22.
INFO: SSH port 22 open.
INFO: Running ssh -i /home/ubuntu/.ssh/web-cdi_011017.pem ec2-user#54.188.214.227 if ! grep -q 'WSGIApplicationGroup %{GLOBAL}' /etc/httpd/conf.d/wsgi.conf ; then echo -e 'WSGIApplicationGroup %{GLOBAL}' | sudo tee -a /etc/httpd/conf.d/wsgi.conf; fi;
INFO: Attempting to open port 22.
INFO: SSH port 22 open.
INFO: Running ssh -i /home/ubuntu/.ssh/web-cdi_011017.pem ec2-user#54.188.214.227 sudo /etc/init.d/httpd reload
Reloading httpd: [ OK ]
When I then run eb health, I get
Incorrect application version found on all instances. Expected version
"app-c56a-190604_135423" (deployment 300).
If I eb ssh and look in /opt/python/current there is nothing there so nothing is being copied across
I think something may be wrong with .elasticbeanstalk/config.yml. Somehow the directory was deleted and setup again. This is the config.yml
branch-defaults:
master:
environment: app-prod
scoring-dev:
environment: app-dev
environment-defaults:
app-prod:
branch: null
repository: null
global:
application_name: my-app
default_ec2_keyname: am-app_011017
default_platform: arn:aws:elasticbeanstalk:us-west-2::platform/Python 2.7 running
on 64bit Amazon Linux/2.3.1
default_region: us-west-2
include_git_submodules: true
instance_profile: null
platform_name: null
platform_version: null
profile: null
sc: git
workspace_type: Application
Please, any ideas about how to troubleshoot?
I upgraded to the latest AWS stack for python 2.7 and that sorted it
I faced the same problem and the cause the command timeout
Default max deployment time -Command timeout- is 600 (10 minutes)
Your Environment → Configuration → Deployment preferences → Command timeout
Increase the Deployment preferences for example 1800
or upgrade the instance type to work faster
I have a simple Node app which sends messages to AWS SQS. For local development I am providing AWS SDK with region, queueUrl, accessKeyId, secretAccessKey.
Everything works fine until I dockerise the app and run as a container. Then whenever SQS wants to do something I get the following error
{ SignatureDoesNotMatch: Signature expired: 20161211T132303Z is now earlier than 20161211T142227Z (20161211T143727Z - 15 min.)
If I add correctClockSkew: true it corrects the problem.
What is docker doing to require the correctClockSkew: true but not when running Node in MacOS
Node app
process.env.TZ = 'Europe/London';
const AWS = require('aws-sdk');
AWS.config.update({
region: 'eu-west-1',
correctClockSkew: true //this has to be set when running inside a docker container?
});
const sqs = new AWS.SQS({
apiVersion: '2012-11-05',
});
sqs.sendMessage({
QueueUrl: 'https://sqs.eu-west-1.amazonaws.com/522682236448/logback-paddle-prod-errors',
MessageBody: 'HelloSQS',
}, (err, data) => {
if (err) throw err;
});
Dockerfile
FROM node
RUN mkdir -p /usr/lib/app
WORKDIR /usr/lib/app
COPY app/ /usr/lib/app/
RUN npm install
CMD ["node", "index.js"]
docker run -d user/image
Edit
Originally I created the question because I kept getting AWS incorrect time errors, now I am getting it with ElasticSearch too. Why is my container reliably out of sync with the host by about 15 mins.
Docker runs inside of a VM on Windows and MacOS, and the clock of that VM can get out of sync with that of your laptop's OS. There are quite a few solutions I've seen, mostly one off commands including:
docker run -it --rm --privileged --pid=host debian nsenter -t 1 -m -u -n -i date -u $(date -u +%m%d%H%M%Y)
And from this answer there's:
docker-machine ssh default "sudo date -u $(date -u +%m%d%H%M%Y)"
The best solution I've seen for this is to run an ntp container in privledged mode so it can constantly adjust the time on your docker host:
docker run -d --restart unless-stopped --name ntp --privileged tutum/ntpd
See the docker hub repo for more details: https://hub.docker.com/r/tutum/ntpd/
When I try to deploy to amazon EC2 using salt cloud, I’m getting this error:
[root#salt salt]# salt-cloud -p ec2_private_win_r3.xlarge server00009
[ERROR ] AWS Response Status Code and Error: [401 401 Client Error: Unauthorized] {'Errors': {'Error': {'Message': 'AWS was not able to validate the provided access credentials', 'Code': 'AuthFailure'}}, 'RequestID': '33b43015-518e-4865-88e7-b6432e61b0db'}
[ERROR ] AWS Response Status Code and Error: [401 401 Client Error: Unauthorized] {'Errors': {'Error': {'Message': 'AWS was not able to validate the provided access credentials', 'Code': 'AuthFailure'}}, 'RequestID': '4b88b080-ad32-4388-a133-4322b1c08c04'}
[ERROR ] There was a profile error: 'NoneType' object has no attribute 'copy'
I’ve verified the AWS keys that I’m using and I’m able to list and even launch new instances using the aws command line with the keys that I’m using in the cloud provider file:
## Gov Cloud Non Prod environment
company-govcloud-nonprod-us-east-1:
# Set up the location of the salt master
minion:
master: 10.0.2.15
# Set up grains information, which will be common for all nodes
# using this driver
grains:
node_type: broker
# Valid options are:
# private_ips - The salt-cloud command is run inside the EC2
# public_ips - The salt-cloud command is run outside of EC2
#
ssh_interface: private_ips
# Optionally configure the Windows credential validation number of
# t-tdetries and delay between retries. This defaults to 10 retries
# with a one second delay betdwee retries
win_deploy_auth_retries: 10
win_deploy_auth_retry_delay: 1
# Set the EC2 access credentials (see below)
id: 'AKIAIATLQ4FTDDA6BV7A'
key: 'asdfasdsfadsadasasdafadsadfafasdasda’
# Make sure this key is owned by root with permissions 0400.
#
private_key: /etc/salt/company-timd
keyname: company-timd
#securitygroup: core-sg-default
# Optionally configure default region
# Use salt-cloud --list-locations <driver> to obtain valid regions
#
location: us-east-1
availability_zone: us-east-1c
# Configure which user to use to run the deploy script. This setting is
# dependent upon the AMI that is used to deploy. It is usually safer to
# configure this individually in a profile, than globally. Typical users
# are:
# Amazon Linux -> ec2-user
# RHEL -> ec2-user
# CentOS -> ec2-user
# Ubuntu -> ubuntu
#
ssh_username: root
# Optionally add an IAM profile
#iam_profile: 'arn:aws:iam::xxxxxxxxxxxx:role/rl-company-admin'
driver: ec2
And this is the profile that I’m trying to use:
## Windows Server 2012 Alteryx & Tableau
ec2_private_win_r3.xlarge:
provider: company-govcloud-nonprod-us-east-1
image: ami-xxxxxxx
size: r3.xlarge
network_interfaces:
- DeviceIndex: 0
SubnetId: subnet-xxxxxxx
SecurityGroupId: sg-xxxxxx
PrivateIpAddresses:
- Primary: True
AssociatePublicIpAddress: False
block_device_mappings:
- DeviceName: /dev/sda1
Ebs.VolumeSize: 120
Ebs.VolumeType: gp2
- DeviceName: /dev/sdf
Ebs.VolumeSize: 250
Ebs.VolumeType: gp2
tag: {'Engagement': '999999999999', 'Owner': 'Tim', 'Name': 'non-production', 'Environment': 'COMPANY-Grouper'}
I tried commenting out the IAM profile in the cloud provider definition. I’ve checked and the AWS credentials I’m using has administrator access in IAM.
Here's my version report
[root#salt ~]# salt-cloud --versions-report
Salt Version:
Salt: 2016.11.5
Dependency Versions:
Apache Libcloud: 0.20.1
cffi: 1.6.0
cherrypy: 3.2.2
dateutil: 2.6.0
docker-py: Not Installed
gitdb: Not Installed
gitpython: Not Installed
ioflo: Not Installed
Jinja2: 2.7.2
libgit2: Not Installed
libnacl: Not Installed
M2Crypto: Not Installed
Mako: Not Installed
msgpack-pure: Not Installed
msgpack-python: 0.4.8
mysql-python: Not Installed
pycparser: 2.14
pycrypto: 2.6.1
pycryptodome: 3.4.3
pygit2: Not Installed
Python: 2.7.5 (default, Nov 6 2016, 00:28:07)
python-gnupg: Not Installed
PyYAML: 3.11
PyZMQ: 15.3.0
RAET: Not Installed
smmap: Not Installed
timelib: Not Installed
Tornado: 4.2.1
ZMQ: 4.1.4
System Versions:
dist: centos 7.2.1511 Core
machine: x86_64
release: 3.10.0-327.el7.x86_64
system: Linux
version: CentOS Linux 7.2.1511 Core
How can I solve this problem?
Are you trying to launch a windows EC2 instance with a ssh_username? That may be breaking it.
Im new to Devops and im learning the Ansible as a beginner with AWS EC2 Ubuntu 16.04 LTS.
initially i have launched 2 EC2 instances with SSH port 22 open in security group, i named the instances as Master and Slave.
I ssh'ed into Master Instances when all is up and running.
I will list steps one by one as follow
1. I created a user called ansible and issued password
ubuntu#ip-172-31-17-94:~$ sudo su
root#ip-172-31-17-94:/home/ubuntu# adduser ansible
Adding user `ansible' ...
Adding new group `ansible' (1001) ...
Adding new user `ansible' (1001) with group `ansible' ...
Creating home directory `/home/ansible' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for ansible
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n]
2. uncommented PermitRootLogin yes and PasswordAuthentication yes in /etc/ssh/sshd_config and restarted ssh
3.Changed the Visudo file adding root access to ansible user
root#ip-172-31-17-94:/home/ubuntu# visudo
edited
# User privilege specification
root ALL=(ALL:ALL) ALL
ansible ALL=(ALL:ALL) ALL
saved and closed
4.Generated ssh keygen
ansible#ip-172-31-17-94:~$ ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ansible/.ssh/id_rsa):
Created directory '/home/ansible/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ansible/.ssh/id_rsa.
Your public key has been saved in /home/ansible/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:wah0yD9Ngf7hzLIihkEFvNYjPNrzcLubNxGnqFKYrik ansible#ip-172-31-17-94
The key's randomart image is:
+---[RSA 4096]----+
|... .. |
| . o ..o . |
|. + +.o + |
| B + +ooo. |
|++o o.oOS. |
|= = o +.= |
|.+ * . + |
|Eo+ +.+ |
|=o .+= . |
+----[SHA256]-----+
5. Installing Ansible packages
$ sudo apt-get install software-properties-common
$ sudo apt-add-repository ppa:ansible/ansible
$ sudo apt-get update
$ sudo apt-get install ansible
Awesome!.. all is up and ansible is install in master server
I issued a command to test the ansible
ansible#ip-172-31-17-94:~$ ansible --version
ansible 2.3.0.0
config file = /etc/ansible/ansible.cfg
configured module search path = Default w/o overrides
python version = 2.7.12 (default, Nov 19 2016, 06:48:10) [GCC 5.4.0 20160609]
6. Edited the /etc/ansible/hosts and added my slave server private ip (My ec2 are in same subnet in same availability zone ) so i used private Ip
[my]
172.31.29.197
.save and closed
7.ssh'ed in Slave Server and repeated the 1, 2 ,3 steps and logout
8.shh'ed into Master server
local#host $ shh ansible#<Master Ip>
9.Copying public Key to the Slave Server from Master server
ansible#ip-172-31-17-94:~$ ssh-copy-id 172.31.29.197
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/ansible/.ssh/id_rsa.pub"
The authenticity of host '172.31.29.197 (172.31.29.197)' can't be established.
ECDSA key fingerprint is SHA256:qOW0ZktetcpTNmxRsubxn1kcr8egyNmcA5Uk9+oWc7A.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
ansible#172.31.29.197's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '172.31.29.197'"
and check to make sure that only the key(s) you wanted were added
ansible#ip-172-31-17-94:~$ ssh 172.31.29.197
Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-1013-aws x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
14 packages can be updated.
12 updates are security updates.
Last login: Sat Apr 22 06:27:15 2017 from 42.109.141.238
ansible#ip-172-31-29-197:~$ logout
Connection to 172.31.29.197 closed.
And successfully configured the Mater to Slave password-less ssh connection
Till then i haven't faced any issue.
when i issued a command Ansible -m ping all
i got an error
172.31.29.197 | FAILED! => {
"changed": false,
"failed": true,
"module_stderr": "Shared connection to 172.31.29.197 closed.\r\n",
"module_stdout": "/bin/sh: 1: /usr/bin/python: not found\r\n",
"msg": "MODULE FAILURE",
"rc": 0
}
later when i gooogled i got some chunks i followed listed step by the solution.
the solution is i repeated step no.5 from above list in slave server. when issued ansible -m ping from the Master server i got success Message
My question that how to install agent-less anible in a Slave, The main feature of ansible agent-less!
Help me if i missed any of step
You need to install Python 2 on 172.31.29.197.
Or (in a less likely case) if it is installed in a path different than /usr/bin/python you need to add ansible_python_interpreter parameter pointing to the right executable to your inventory file.
I am using openshift-ansible (https://github.com/openshift/openshift-ansible) that was partially customized for our needs. The part launching the instances was modified to set the group_id nothing more was changed in it.
When creating a master openshift all works fine. However when creating 2 nodes of openshift I can see the 2 instances being created in the "Running instance" panel of the EC2 Dashboard. The instances are for a few seconds in state Initializing and they automatically switch to "Shutting down"
Ansible on its side was still in the task of launching the instances. So my question is:
Is there a way to analyze logs of the instances of AWS when new instances are being created ?
Log of the last ansible task:
TASK: [Launch instance(s)]
**************************************************** REMOTE_MODULE ec2 region=eu-west-1 keypair=ggkey1-eu-west
state=present instance_type=m3.large user_data='#cloud-config mounts:
- [ xvdb ] - [ ephemeral0 ] write_files: - content: | DEVS=/dev/xvdb VG=docker_vg path: /etc/sysconfig/docker-storage-setup owner:
root:root permissions: '"'"'0644'"'"' ' vpc_subnet_id=subnet-60cf1205
image=ami-33ba2a44 count=2 EXEC ['/bin/sh', '-c', 'mkdir
-p $HOME/.ansible/tmp/ansible-tmp-1441977401.88-262307796372076 && echo $HOME/.ansible/tmp/ansible-tmp-1441977401.88-262307796372076']
PUT /tmp/tmp4r8qve TO
/root/.ansible/tmp/ansible-tmp-1441977401.88-262307796372076/ec2
EXEC ['/bin/sh', '-c', u'LANG=C LC_CTYPE=C /usr/bin/env
python2
/root/.ansible/tmp/ansible-tmp-1441977401.88-262307796372076/ec2; rm
-rf /root/.ansible/tmp/ansible-tmp-1441977401.88-262307796372076/ >/dev/null 2>&1'] failed: [localhost] => {"failed": true} msg: wait for instances running timeout on Fri Sep 11 13:21:43 2015
$ ansible --version
ansible 1.9.2
configured module search path = None
$ uname -a
Linux ip-172-31-42-45 3.10.0-123.8.1.el7.x86_64 #1 SMP Mon Sep 22 19:06:58 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
root#ip-172-31-42-45 : ~/uha-rbox-spawner$
Thanks,
Is there a way to analyze logs of the instances of AWS when new instances are being created ?
You are looking for "get console output". You can see it in the AWS (http) console, or you can fetch it from awscli or the API of your choice.
"get console output" is slightly confusing since the AWS Console is also a "console". Think of it as "system logs" (as the Console does), or simply "what would show on a screen in a datacenter".