For posterity... I downloaded a fresh copy of ec2.py today and this was no
longer an issue. In the new copy there was an 'if' that changed to an 'if
not' near the lines of the exception catch I had to comment out before, so
I'm assuming that was it.
On Wednesday, January 15, 2014 10:29:42 PM UTC-6, Mark Casey wrote:
>
> FWIW...here is that output...
>
> bobtheuser@ip-172-20-fake-124:~/jobs/thajob/workspace/bin/devtools/ansible$
> ./ec2.py --list --refresh-cache
> Looks like AWS is down again:
> EC2ResponseError: 401 Unauthorized
> <?xml version="1.0" encoding="UTF-8"?>
> <Response><Errors><Error><Code>AuthFailure</Code><Message>AWS was not able
> to validate the provided access
> credentials</Message></Error></Errors><RequestID>cefef..... ...
> ...</RequestID></Response>
> {
> "_meta": {
> "hostvars": {
> "54.fake.141.999": {
> "ec2__in_monitoring_element": false,
> "ec2_ami_launch_index": "0",
> "ec2_architecture": "x86_64",
> "ec2_client_token": "test9",
> "ec2_dns_name": "
> ec2-54-fake-141-999.us-west-2.compute.amazonaws.com",
> "ec2_ebs_optimized": false,
>
>
> On Wednesday, January 15, 2014 10:20:55 PM UTC-6, Mark Casey wrote:
>>
>> Heh, was just looking at this...
>>
>> I think boto is throwing a non-fatal exception that ec2.py is
>> interpreting as fatal. If I comment out the sys.exit call on line line
>> 288<https://github.com/ansible/ansible/blob/devel/plugins/inventory/ec2.py#L288>I
>> still get the error message, but then the script prints my ec2 inventory
>> as if nothing is wrong.
>>
>> I discovered this when I made a new test.py script and basically started
>> pulling out pieces of ec2.py to try and find where it was getting lost. I
>> was boiler-plating in the get_instances_by_region function but didn't have
>> add_instance yet, so I simply changed the call to add_instance to a print
>> statement instead. At that point I got output from the print that showed it
>> was working, but then the exception was still catching and exiting.
>>
>> It makes sense to me... but I just recently started learning python so if
>> this is in fact what is happening (while I'll be happy to try things on my
>> end) I don't think I'm yet comfortable enough with the try/except
>> particulars to do anything about it myself.
>>
>> As a final thought, the access keys I am using are in fact for an IAM
>> user. I keep wanting to wonder if perhaps my account is only allowed to
>> query certain regions... but again, I don't have this problem on the other
>> host I'm using to test with. On that host I can use these same access keys
>> work with stock ec2.py and ec2.ini, querying all regions without issue.
>>
>> HTH,
>> Mark
>>
>>
>> On Wednesday, January 15, 2014 9:59:02 PM UTC-6, Jharrod LaFon wrote:
>>>
>>> First, verify that the IAM role credentials are present by querying them
>>> from the metadata service:
>>> curl http://169.254.169.254/latest/meta-data/iam/security-credentials/
>>> <role-name>
>>>
>>> Install the aws cli:
>>>
>>> pip install aws
>>>
>>> Then, using the credentials returned from the metadata service, query
>>> EC2:
>>>
>>> aws ec2 describe-instances
>>>
>>> That should help you determine if the problem is indeed with the
>>> credentials, or with ec2.py.
>>>
>>> -Jharrod
>>>
>>> On Wednesday, January 15, 2014 10:41:47 AM UTC-7, Mark Casey wrote:
>>>>
>>>> Mmkay, so...
>>>>
>>>>
>>>> - No outbound firewalls (within the OS or at the security group
>>>> level)
>>>> - As far as DNS, I assumed the console url is the same as the
>>>> endpoint and tried digging ec2.us-west-2.amazonaws.com. The
>>>> response only lists one IP at a time in an alternating fashion, but
>>>> after
>>>> running it numerous times I've seen a few IPs show up as return values
>>>> on
>>>> both the host that is working and the host that is not working, so I am
>>>> pretty sure they're resolving to the same list of addresses.
>>>> - I've run 'sudo pip install boto --upgrade' and got version 2.23.0
>>>> - I was actually pretty hopeful about this last one :).... but I've
>>>> confirmed I get a different error (No handler was ready to
>>>> authenticate. 1
>>>> handlers were checked. Check your credentials) whenever the credentials
>>>> are
>>>> exported to the wrong var names or are not exported at all. I also made
>>>> sure and they are exported as the same names on the host that is
>>>> working.
>>>>
>>>> Finally, I downloaded a new copy of ec2.py and ec2.ini today from
>>>> GitHub, but it didn't change anything.
>>>>
>>>> On Tuesday, January 14, 2014 4:49:53 PM UTC-6, Mark Casey wrote:
>>>>>
>>>>> Thanks for all the great suggestions! Not sure if it will be today but
>>>>> I'll try them and post back how I get on.
>>>>
>>>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/82eb4a53-2f08-4b8c-a57a-33aaf31e8627%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
