Thanks Tim. I will try to run export commands using sudo and let you know. If you have any idea on ansible vault please let me know, I tried to use that initially but I am not able to use vault file in my playbook
Amit On Fri, Aug 23, 2019, 9:38 AM Tim <[email protected]> wrote: > I had something like this happen to me recently when using 'become' in my > playbook. It may be you're having a similar problem with your use of sudo. > > You're logged in as the ubuntu user (presumably where you have these env > vars set..via a bash unit script or via export or something) but your use > of sudo is causing the playbook to be executed as the root user when > Ansible runs the play. > > Presumably there are no env vars configured for root and thus the modules > inability to find anything. > > So suggest you export your env vars in the root users config. > Alternatively, create .aws/config and .aws/credentials as the root user. > Or, try removing your use of sudo if your org's security policy allows > > -tim > > > On Fri, Aug 23, 2019, 2:05 AM Dick Visser <[email protected]> wrote: > >> Not sure but could it be an issue that your environment vars are >> lowercase? >> I know that the awscli tools expect them in uppercase. >> >> On Fri, 23 Aug 2019 at 02:27, Amit Kulkarni <[email protected]> >> wrote: >> > >> > Hi All, >> > >> > Need urgent help I am getting below error while creating S3 bucket >> using playbook. >> > >> > AWS keys I have set up as Environmental variables. >> > >> > Let me know if I am missing anything. >> > >> > Below is the playbbok >> > >> > --- >> > - hosts: localhost >> > tasks: >> > - name: Create an empty bucket >> > aws_s3: >> > aws_access_key: "{{ lookup('env','aws_key') }}" >> > aws_secret_key: "{{ lookup('env','aws_secret') }}" >> > bucket: mybucket >> > mode: create >> > permission: public-read >> > -------------------------------------------------------------- >> > >> > ubuntu@ip-172-31-42-232:/etc/ansible$ sudo ansible-playbook s3.yml -vvv >> > ansible-playbook 2.8.3 >> > config file = /etc/ansible/ansible.cfg >> > configured module search path = >> [u'/home/ubuntu/.ansible/plugins/modules', >> u'/usr/share/ansible/plugins/modules'] >> > ansible python module location = >> /usr/lib/python2.7/dist-packages/ansible >> > executable location = /usr/bin/ansible-playbook >> > python version = 2.7.12 (default, Nov 12 2018, 14:36:49) [GCC 5.4.0 >> 20160609] >> > Using /etc/ansible/ansible.cfg as config file >> > host_list declined parsing /etc/ansible/hosts as it did not pass it's >> verify_file() method >> > script declined parsing /etc/ansible/hosts as it did not pass it's >> verify_file() method >> > auto declined parsing /etc/ansible/hosts as it did not pass it's >> verify_file() method >> > Parsed /etc/ansible/hosts inventory source with ini plugin >> > PLAYBOOK: s3.yml >> ******************************************************************************************************************************************************* >> > 1 plays in s3.yml >> > PLAY [localhost] >> ******************************************************************************************************************************************************* >> > TASK [Gathering Facts] >> ************************************************************************************************************************************************* >> > task path: /etc/ansible/s3.yml:2 >> > <127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: root >> > <127.0.0.1> EXEC /bin/sh -c 'echo ~root && sleep 0' >> > <127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo >> /root/.ansible/tmp/ansible-tmp-1566352417.53-61320358842100 `" && echo >> ansible-tmp-1566352417.53-61320358842100="` echo >> /root/.ansible/tmp/ansible-tmp-1566352417.53-61320358842100 `" ) && sleep 0' >> > Using module file >> /usr/lib/python2.7/dist-packages/ansible/modules/system/setup.py >> > <127.0.0.1> PUT >> /home/ubuntu/.ansible/tmp/ansible-local-16195TKTGUm/tmpzD3QiP TO >> /root/.ansible/tmp/ansible-tmp-1566352417.53-61320358842100/AnsiballZ_setup.py >> > <127.0.0.1> EXEC /bin/sh -c 'chmod u+x >> /root/.ansible/tmp/ansible-tmp-1566352417.53-61320358842100/ >> /root/.ansible/tmp/ansible-tmp-1566352417.53-61320358842100/AnsiballZ_setup.py >> && sleep 0' >> > <127.0.0.1> EXEC /bin/sh -c '/usr/bin/python >> /root/.ansible/tmp/ansible-tmp-1566352417.53-61320358842100/AnsiballZ_setup.py >> && sleep 0' >> > <127.0.0.1> EXEC /bin/sh -c 'rm -f -r >> /root/.ansible/tmp/ansible-tmp-1566352417.53-61320358842100/ > /dev/null >> 2>&1 && sleep 0' >> > ok: [localhost] >> > META: ran handlers >> > TASK [Create an empty bucket] >> ****************************************************************************************************************************************** >> > task path: /etc/ansible/s3.yml:4 >> > <127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: root >> > <127.0.0.1> EXEC /bin/sh -c 'echo ~root && sleep 0' >> > <127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo >> /root/.ansible/tmp/ansible-tmp-1566352418.34-246931485115878 `" && echo >> ansible-tmp-1566352418.34-246931485115878="` echo >> /root/.ansible/tmp/ansible-tmp-1566352418.34-246931485115878 `" ) && sleep >> 0' >> > Using module file >> /usr/lib/python2.7/dist-packages/ansible/modules/cloud/amazon/aws_s3.py >> > <127.0.0.1> PUT >> /home/ubuntu/.ansible/tmp/ansible-local-16195TKTGUm/tmpleczvh TO >> /root/.ansible/tmp/ansible-tmp-1566352418.34-246931485115878/AnsiballZ_aws_s3.py >> > <127.0.0.1> EXEC /bin/sh -c 'chmod u+x >> /root/.ansible/tmp/ansible-tmp-1566352418.34-246931485115878/ >> /root/.ansible/tmp/ansible-tmp-1566352418.34-246931485115878/AnsiballZ_aws_s3.py >> && sleep 0' >> > <127.0.0.1> EXEC /bin/sh -c '/usr/bin/python >> /root/.ansible/tmp/ansible-tmp-1566352418.34-246931485115878/AnsiballZ_aws_s3.py >> && sleep 0' >> > <127.0.0.1> EXEC /bin/sh -c 'rm -f -r >> /root/.ansible/tmp/ansible-tmp-1566352418.34-246931485115878/ > /dev/null >> 2>&1 && sleep 0' >> > The full traceback is: >> > Traceback (most recent call last): >> > File "/tmp/ansible_aws_s3_payload_6bl3f1/__main__.py", line 384, in >> bucket_check >> > s3.head_bucket(Bucket=bucket) >> > File "/usr/local/lib/python2.7/dist-packages/botocore/client.py", >> line 357, in _api_call >> > return self._make_api_call(operation_name, kwargs) >> > File "/usr/local/lib/python2.7/dist-packages/botocore/client.py", >> line 648, in _make_api_call >> > operation_model, request_dict, request_context) >> > File "/usr/local/lib/python2.7/dist-packages/botocore/client.py", >> line 667, in _make_request >> > return self._endpoint.make_request(operation_model, request_dict) >> > File "/usr/local/lib/python2.7/dist-packages/botocore/endpoint.py", >> line 102, in make_request >> > return self._send_request(request_dict, operation_model) >> > File "/usr/local/lib/python2.7/dist-packages/botocore/endpoint.py", >> line 132, in _send_request >> > request = self.create_request(request_dict, operation_model) >> > File "/usr/local/lib/python2.7/dist-packages/botocore/endpoint.py", >> line 116, in create_request >> > operation_name=operation_model.name) >> > File "/usr/local/lib/python2.7/dist-packages/botocore/hooks.py", line >> 356, in emit >> > return self._emitter.emit(aliased_event_name, **kwargs) >> > File "/usr/local/lib/python2.7/dist-packages/botocore/hooks.py", line >> 228, in emit >> > return self._emit(event_name, kwargs) >> > File "/usr/local/lib/python2.7/dist-packages/botocore/hooks.py", line >> 211, in _emit >> > response = handler(**kwargs) >> > File "/usr/local/lib/python2.7/dist-packages/botocore/signers.py", >> line 90, in handler >> > return self.sign(operation_name, request) >> > File "/usr/local/lib/python2.7/dist-packages/botocore/signers.py", >> line 157, in sign >> > auth.add_auth(request) >> > File "/usr/local/lib/python2.7/dist-packages/botocore/auth.py", line >> 425, in add_auth >> > super(S3SigV4Auth, self).add_auth(request) >> > File "/usr/local/lib/python2.7/dist-packages/botocore/auth.py", line >> 357, in add_auth >> > raise NoCredentialsError >> > NoCredentialsError: Unable to locate credentials >> > fatal: [localhost]: FAILED! => { >> > "boto3_version": "1.9.212", >> > "botocore_version": "1.12.212", >> > "changed": false, >> > "invocation": { >> > "module_args": { >> > "aws_access_key": "", >> > "aws_secret_key": "", >> > "bucket": "mybucket", >> > "debug_botocore_endpoint_logs": false, >> > "dest": null, >> > "dualstack": false, >> > "ec2_url": null, >> > "encrypt": true, >> > "encryption_kms_key_id": null, >> > "encryption_mode": "AES256", >> > "expiry": 600, >> > "headers": null, >> > "ignore_nonexistent_bucket": false, >> > "marker": "", >> > "max_keys": 1000, >> > "metadata": null, >> > "mode": "create", >> > "object": null, >> > "overwrite": "always", >> > "permission": [ >> > "public-read" >> > ], >> > "prefix": "", >> > "profile": null, >> > "region": null, >> > "retries": 0, >> > "rgw": false, >> > "s3_url": null, >> > "security_token": null, >> > "src": null, >> > "validate_certs": true, >> > "version": null >> > } >> > }, >> > "msg": "Failed while looking up bucket (during bucket_check) >> mybucket.: Unable to locate credentials" >> > } >> > PLAY RECAP >> ************************************************************************************************************************************************************* >> > localhost : ok=1 changed=0 unreachable=0 >> failed=1 skipped=0 rescued=0 ignored=0 >> > >> > -- >> > You received this message because you are subscribed to the Google >> Groups "Ansible Project" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an email to [email protected]. >> > To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/6f4720f9-66bc-4af9-be2c-e677128488ba%40googlegroups.com >> . >> >> >> >> -- >> Dick Visser >> Trust & Identity Service Operations Manager >> GÉANT >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/CAL8fbwO0SEdvtfoWxPxPBsXw76BmJQdLqV5g09%2BBKSexEwaM0Q%40mail.gmail.com >> . >> > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAB0Zv8jBtqJAbkVnpAsFjoEcHEfyHcKR6jVTamFXeWecioNwvA%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CAB0Zv8jBtqJAbkVnpAsFjoEcHEfyHcKR6jVTamFXeWecioNwvA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAON3ZR231GpMZqLE3JFSmMdJrB%3D4HJ0FONus2yY843eGU4XtPw%40mail.gmail.com.
