I'm getting the same error when following the tutorial. Any idea how to solve it?
On Thursday, March 20, 2014 8:41:05 PM UTC+2, Dan Testa wrote: > > Hi, > > I am following the elasticsearch chef cookbook tutorial here: > > http://www.elasticsearch.org/tutorials/deploying-elasticsearch-with-chef-solo/ > > I am getting stuck on this step: > > time ssh -t $SSH_OPTIONS $HOST "sudo chef-solo --node-name > elasticsearch-test-1 -j /tmp/node.json" > > Here is the error I am getting. It seems that my AWS key is lacking the > necessary permissions to create an EBS volume. I added "ec2:CreateVolume" > and "ec2:AttachVolume" to no avail. I cannot find any info on what > permissions I need to run this. Can anyone point me to this info? > > [testadadmin@uspetddebspoc01 elasticsearch-test]$ time ssh -t $SSH_OPTIONS > $HOST "sudo chef-solo --node-name elasticsearch-test-1 -j /tmp/node.json" > Warning: Permanently added > 'ec2-23-20-247-88.compute-1.amazonaws.com,23.20.247.88' > (RSA) to the list of known hosts. > Starting Chef Client, version 11.6.0 > Compiling Cookbooks... > Recipe: elasticsearch::ebs > * package[gcc] action upgrade (up to date) > * package[gcc-c++] action upgrade (up to date) > * package[make] action upgrade (up to date) > * package[libxslt-devel] action upgrade (up to date) > * package[libxml2-devel] action upgrade (up to date) > * chef_gem[fog] action install (up to date) > [2014-03-20T18:29:18+00:00] WARN: Cloning resource attributes for > directory[/usr/local/var/data/elasticsearch/disk1] from prior resource > (CHEF-3694) > [2014-03-20T18:29:18+00:00] WARN: Previous > directory[/usr/local/var/data/elasticsearch/disk1]: > /var/chef-solo/cookbooks/elasticsearch/recipes/data.rb:16:in `block in > from_file' > [2014-03-20T18:29:18+00:00] WARN: Current > directory[/usr/local/var/data/elasticsearch/disk1]: > /var/chef-solo/cookbooks/elasticsearch/recipes/data.rb:39:in `block in > from_file' > Converging 50 resources > Recipe: monit::default > * package[monit] action install (up to date) > * service[monit] action start (up to date) > * template[/etc/monit/monitrc] action create (up to date) > Recipe: elasticsearch::curl > * package[curl] action install (up to date) > Recipe: ark::default > * package[unzip] action install (up to date) > * package[libtool] action install (up to date) > * package[autoconf] action install (up to date) > Recipe: elasticsearch::default > * group[elasticsearch] action create (up to date) > * user[elasticsearch] action create (up to date) > * bash[remove the elasticsearch user home] action run (skipped due to > not_if) > * directory[/usr/local/etc/elasticsearch] action create (up to date) > * directory[/usr/local/var/log/elasticsearch] action create (up to date) > * directory[/usr/local/var/run] action create (up to date) > * directory[/usr/local/var/data/elasticsearch] action create (up to date) > * template[/etc/init.d/elasticsearch] action create (up to date) > * service[elasticsearch] action enable (up to date) > * ark[elasticsearch] action install (skipped due to not_if) > * bash[enable user limits] action run (skipped due to not_if) > * log[increase limits for the elasticsearch user] action write > > * file[/etc/security/limits.d/10-elasticsearch.conf] action create (up > to date) > * template[elasticsearch-env.sh] action create (up to date) > * template[elasticsearch.yml] action create (up to date) > * template[logging.yml] action create (up to date) > Recipe: elasticsearch::plugins > * directory[/usr/local/elasticsearch-0.90.12/plugins/] action create (up > to date) > * ruby_block[Install plugin: karmi/elasticsearch-paramedic] action run > (skipped due to not_if) > Recipe: elasticsearch::ebs > * package[gcc] action nothing (skipped due to action :nothing) > * package[gcc-c++] action nothing (skipped due to action :nothing) > * package[make] action nothing (skipped due to action :nothing) > * package[libxslt-devel] action nothing (skipped due to action :nothing) > * package[libxml2-devel] action nothing (skipped due to action :nothing) > * chef_gem[fog] action install (up to date) > * ruby_block[Create EBS volume on /dev/sda2 (size: 25GB)] action run > > ================================================================================ > Error executing action `run` on resource 'ruby_block[Create EBS volume on > /dev/sda2 (size: 25GB)]' > > ================================================================================ > > > Fog::Compute::AWS::Error > ------------------------ > UnauthorizedOperation => You are not authorized to perform this operation. > > > Cookbook Trace: > --------------- > /var/chef-solo/cookbooks/elasticsearch/libraries/create_ebs.rb:41:in > `block (2 levels) in create_ebs' > > > Resource Declaration: > --------------------- > # In /var/chef-solo/cookbooks/elasticsearch/libraries/create_ebs.rb > > 16: ruby_block "Create EBS volume on #{device} (size: > #{params[:ebs][:size]}GB)" do > 17: > 18: block do > 19: require 'fog' > 20: require 'open-uri' > 21: > 22: region = params[:region] || > node.elasticsearch[:cloud][:aws][:region] > 23: instance_id = open(' > http://169.254.169.254/latest/meta-data/instance-id'){|f| f.gets} > 24: raise "[!] Cannot get instance id from AWS meta-data API" > unless instance_id > 25: > 26: Chef::Log.debug("Region: #{region}, instance ID: > #{instance_id}") > 27: > 28: fog_options = { :provider => 'AWS', :region => region } > 29: if (access_key = > node.elasticsearch[:cloud][:aws][:access_key]) && > 30: (secret_key = > node.elasticsearch[:cloud][:aws][:secret_key]) > 31: fog_options.merge!(:aws_access_key_id => access_key, > :aws_secret_access_key => secret_key) > 32: else # Lack of credentials implies a IAM role will provide > keys > 33: fog_options.merge!(:use_iam_profile => true) > 34: end > 35: aws = Fog::Compute.new(fog_options) > 36: > 37: server = aws.servers.get instance_id > 38: > 39: # Create EBS volume if the device is free > 40: ebs_device = params[:ebs][:device] || device > 41: unless server.volumes.map(&:device).include?(ebs_device) > 42: options = { :device => ebs_device, > 43: :size => params[:ebs][:size], > 44: :delete_on_termination => > params[:ebs][:delete_on_termination], > 45: :availability_zone => > server.availability_zone, > 46: :server => server } > 47: > 48: options[:type] = params[:ebs][:type] if params[:ebs][:type] > 49: options[:iops] = params[:ebs][:iops] if params[:ebs][:iops] > and params[:ebs][:type] == "io1" > 50: > 51: if params[:ebs][:snapshot_id] > 52: if snapshot = > aws.snapshots.get(params[:ebs][:snapshot_id]) > 53: Chef::Log.info "Creating EBS from snapshot: #{ > snapshot.id} (" + > 54: "Tags: #{snapshot.tags.inspect}, " > + > 55: "Description: #{snapshot.description})" > 56: options[:snapshot_id] = snapshot.id > 57: else > 58: __message = "[!] Cannot find snapshot: > #{params[:ebs][:snapshot_id]}" > 59: Chef::Log.fatal __message > 60: raise __message > 61: end > 62: end > > > > Compiled Resource: > ------------------ > # Declared in > /var/chef-solo/cookbooks/elasticsearch/libraries/create_ebs.rb:16:in > `create_ebs' > > ruby_block("Create EBS volume on /dev/sda2 (size: 25GB)") do > action "run" > retries 0 > retry_delay 2 > block_name "Create EBS volume on /dev/sda2 (size: 25GB)" > cookbook_name :elasticsearch > recipe_name "ebs" > block > #<Proc:0x0000000164ec58@/var/chef-solo/cookbooks/elasticsearch/libraries/create_ebs.rb:18> > end > > > > [2014-03-20T18:29:20+00:00] ERROR: Running exception handlers > [2014-03-20T18:29:20+00:00] ERROR: Exception handlers complete > [2014-03-20T18:29:20+00:00] FATAL: Stacktrace dumped to > /var/chef-solo/chef-stacktrace.out > Chef Client failed. 1 resources updated > [2014-03-20T18:29:20+00:00] FATAL: Chef::Exceptions::ChildConvergeError: > Chef run process exited unsuccessfully (exit code 1) > Connection to ec2-23-20-247-88.compute-1.amazonaws.com closed. > > real 0m7.060s > user 0m0.013s > sys 0m0.005s > > > > Here is my node.json configuration: > > { > "run_list": [ "recipe[monit]", > "recipe[elasticsearch]", > "recipe[elasticsearch::plugins]", > "recipe[elasticsearch::ebs]", > "recipe[elasticsearch::data]", > "recipe[elasticsearch::aws]", > "recipe[elasticsearch::nginx]", > "recipe[elasticsearch::proxy]", > "recipe[elasticsearch::monit]" ], > > "elasticsearch" : { > "cluster_name" : "elasticsearch_test_with_chef", > "bootstrap" : { "mlockall" : false }, > > "discovery" : { "type": "ec2" }, > > "path": { > "data": ["/usr/local/var/data/elasticsearch/disk1"] > }, > > "data" : { > > "devices" : { > "/dev/sda2" : { > "file_system" : "ext3", > "mount_options" : "rw,user", > "mount_path" : "/usr/local/var/data/elasticsearch/disk1", > "format_command" : "mkfs.ext3", > "fs_check_command" : "dumpe2fs", > "ebs" : { > "size" : 25, > "delete_on_termination" : true, > "type" : "io1", > "iops" : 100 > } > } > } > }, > > "cloud" : { > "aws" : { > "access_key" : "xxxxxxx", > "secret_key" : "xxxxxxxxxxxxxxxxxxx", > "region" : "us-east-1" > }, > "ec2" : { > "security_group": "elasticsearch-test" > } > }, > > "plugins" : { > "karmi/elasticsearch-paramedic" : {} > }, > > "nginx" : { > "users" : [ { "username" : "estest", "password" : "@estest!" } ], > "allow_cluster_api" : true > } > }, > > "monit" : { > "notify_email" : "xxxxxxx", > "mail_format" : { "from" : "xxxxxx", "subject" : "[monit] $SERVICE > $EVENT on $HOST", "message" : "$SERVICE $ACTION: $DESCRIPTION" } > } > > > Here is my AWS key configuration: > > { > "Version": "2012-10-17", > "Statement": [ > { > "Sid": "Stmt1394573401000", > "Effect": "Allow", > "Action": [ > "ec2:DescribeAvailabilityZones", > "ec2:DescribeInstances", > "ec2:DescribeRegions", > "ec2:DescribeSecurityGroups", > "ec2:DescribeTags", > "ec2:AttachVolume", > "ec2:CreateVolume" > ], > "Resource": [ > "*" > ] > } > ] > } > > Apologies for not putting all this into a gist. I am not yet initiated > with github. > > Thanks, > Dan > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/299f58bb-4dd7-47a8-9c65-fee942d8bc4a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.