boto EC2区域即使在环境和.boto中设置也是错误的

时间:2014-12-08 19:10:23

标签: amazon-web-services amazon-ec2 boto ansible

我正在尝试运行EC2 Ansible主机脚本(/ etc / ansible / hosts),这是以前工作的。这个问题似乎与ansible没有关系,它似乎只是一个boto问题。

我们已经将问题提炼为不考虑所设置的ec2_region。这是错误,其中boto显示它正在尝试使用us-east-1(boto默认值):

/etc/ansible/hosts
    send: 'POST / HTTP/1.1\r\nAccept-Encoding: identity\r\nContent-Length: 217\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nHost: ec2.us-east-1.amazonaws.com\r\nUser-Agent: Boto/2.34.0 Python/2.6.9 Linux/3.14.20-20.44.amzn1.x86_64\r\n\r\n'
    send: '***&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2014-12-08T18%3A56%3A08Z&Version=2014-05-01&Signature=***%3D'
    reply: 'HTTP/1.1 403 Forbidden\r\n'
    header: Transfer-Encoding: chunked
    header: Date: Mon, 08 Dec 2014 18:56:08 GMT
    header: Server: AmazonEC2
    Looks like AWS is down again:
    EC2ResponseError: 403 Forbidden
    <?xml version="1.0" encoding="UTF-8"?>
    <Response><Errors><Error><Code>UnauthorizedOperation</Code><Message>You are not authorized to perform this operation.</Message></Error></Errors><RequestID>e0a4a474-e422-47ea-b9c7-3231d1a328dd</RequestID></Response>

区域变量似乎已正确设置:

declare -x EC2_REGION="us-west-1"

还设置了.boto区域:

ec2_region_name = us-west-1
ec2_region_endpoint = ec2.us-west-1.amazonaws.com

我在bashrc中注释了.boto an中的设置时尝试了它(其中设置了env)。

从命令行运行ec2-describe-instances命令可以正常工作。

1 个答案:

答案 0 :(得分:0)

找到它。

我不得不调整以下旋钮(在/etc/ansible/ec2.ini中):

# This is the normal destination variable to use. If you are running Ansible
# from outside EC2, then 'public_dns_name' makes the most sense. If you are
# running Ansible from within EC2, then perhaps you want to use the internal
# address, and should set this to 'private_dns_name'. The key of an EC2 tag
# may optionally be used; however the boto instance variables hold precedence
# in the event of a collision.
destination_variable = private_dns_name

# For server inside a VPC, using DNS names may not make sense. When an instance
# has 'subnet_id' set, this variable is used. If the subnet is public, setting
# this to 'ip_address' will return the public IP address. For instances in a
# private subnet, this should be set to 'private_ip_address', and Ansible must
# be run from within EC2. The key of an EC2 tag may optionally be used; however
# the boto instance variables hold precedence in the event of a collision.
vpc_destination_variable = private_ip_address

这让我们可以看到没有公共网址的实例。

相关问题
最新问题