community.aws
community.aws copied to clipboard
ssm connection caught exception(Unable to locate credentials)
Summary
After upgrading community.aws
to 4.1.1
and amazon.aws
to 4.1.0
, my playbooks are not able to connect via ssm anymore.
Extract of the logs
redirecting (type: connection) ansible.builtin.aws_ssm to community.aws.aws_ssm
wait_for_connection: attempting ping module test
<i-redacted> ESTABLISH SSM CONNECTION TO: i-redacted
<i-redacted> SSM CONNECTION ID: redacted
<i-redacted> EXEC ( umask 77 && mkdir -p "` echo /tmp/.ansible-ssm `"&& mkdir "` echo /tmp/.ansible-ssm/ansible-tmp-1660641811.7266405-78-7676503826330 `" && echo ansible-tmp-1660641811.7266405-78-7676503826330="` echo /tmp/.ansible-ssm/ansible-tmp-1660641811.7266405-78-7676503826330 `" )
<i-redacted> (0, 'ansible-tmp-1660641811.7266405-78-7676503826330=/tmp/.ansible-ssm/ansible-tmp-1660641811.7266405-78-7676503826330\r\r', '')
Using module file /usr/local/lib/python3.10/dist-packages/ansible/modules/ping.py
<i-redacted> PUT /home/ansible/.ansible/tmp/ansible-local-74qpntduf7/tmp1nopxxve TO /tmp/.ansible-ssm/ansible-tmp-1660641811.7266405-78-7676503826330/AnsiballZ_ping.py
<i-redacted> ssm_retry: attempt: 0, caught exception(Unable to locate credentials) from cmd (/home/ansible/.ansible/tmp/ansible-local-74qpntduf7/tmp1nopxxve...), pausing for 0 seconds
<i-redacted> CLOSING SSM CONNECTION TO: i-redacted
<i-redacted> ssm_retry: attempt: 1, caught exception(Unable to locate credentials) from cmd (/home/ansible/.ansible/tmp/ansible-local-74qpntduf7/tmp1nopxxve...), pausing for 1 seconds
<i-redacted> ssm_retry: attempt: 2, caught exception(Unable to locate credentials) from cmd (/home/ansible/.ansible/tmp/ansible-local-74qpntduf7/tmp1nopxxve...), pausing for 3 seconds
reverting to community.aws
to 4.0.0
and amazon.aws
to 4.0.0
works.
Issue Type
Bug Report
Component Name
aws_ssm
Ansible Version
$ ansible --version
2.13.1
Collection Versions
$ ansible-galaxy collection list
Collection Version
----------------- -------
amazon.aws 4.0.0
ansible.posix 1.4.0
community.aws 4.0.0
community.docker 2.7.0
community.general 5.2.0
AWS SDK versions
$ pip show boto boto3 botocore
Executing pip show boto boto3 botocore
WARNING: Package(s) not found: boto
Name: boto3
Version: 1.24.24
Summary: The AWS SDK for Python
Home-page: https://github.com/boto/boto3
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /usr/local/lib/python3.10/dist-packages
Requires: botocore, jmespath, s3transfer
Required-by:
---
Name: botocore
Version: 1.27.47
Summary: Low-level, data-driven core of boto 3.
Home-page: https://github.com/boto/botocore
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /usr/local/lib/python3.10/dist-packages
Requires: jmespath, python-dateutil, urllib3
Required-by: boto3, s3transfer
Configuration
$ ansible-config dump --only-changed
OS / Environment
No response
Steps to Reproduce
- name: Wait for instance to be ready
hosts: all
serial: 1
gather_facts: no
tasks:
- name: Wait for instance to be ready
wait_for_connection:
Expected Results
Expect a connection to the instance
Actual Results
redirecting (type: connection) ansible.builtin.aws_ssm to community.aws.aws_ssm
wait_for_connection: attempting ping module test
<i-redacted> ESTABLISH SSM CONNECTION TO: i-redacted
<i-redacted> SSM CONNECTION ID: redacted
<i-redacted> EXEC ( umask 77 && mkdir -p "` echo /tmp/.ansible-ssm `"&& mkdir "` echo /tmp/.ansible-ssm/ansible-tmp-1660641811.7266405-78-7676503826330 `" && echo ansible-tmp-1660641811.7266405-78-7676503826330="` echo /tmp/.ansible-ssm/ansible-tmp-1660641811.7266405-78-7676503826330 `" )
<i-redacted> (0, 'ansible-tmp-1660641811.7266405-78-7676503826330=/tmp/.ansible-ssm/ansible-tmp-1660641811.7266405-78-7676503826330\r\r', '')
Using module file /usr/local/lib/python3.10/dist-packages/ansible/modules/ping.py
<i-redacted> PUT /home/ansible/.ansible/tmp/ansible-local-74qpntduf7/tmp1nopxxve TO /tmp/.ansible-ssm/ansible-tmp-1660641811.7266405-78-7676503826330/AnsiballZ_ping.py
<i-redacted> ssm_retry: attempt: 0, caught exception(Unable to locate credentials) from cmd (/home/ansible/.ansible/tmp/ansible-local-74qpntduf7/tmp1nopxxve...), pausing for 0 seconds
<i-redacted> CLOSING SSM CONNECTION TO: i-redacted
<i-redacted> ssm_retry: attempt: 1, caught exception(Unable to locate credentials) from cmd (/home/ansible/.ansible/tmp/ansible-local-74qpntduf7/tmp1nopxxve...), pausing for 1 seconds
<i-redacted> ssm_retry: attempt: 2, caught exception(Unable to locate credentials) from cmd (/home/ansible/.ansible/tmp/ansible-local-74qpntduf7/tmp1nopxxve...), pausing for 3 seconds
Code of Conduct
- [X] I agree to follow the Ansible Code of Conduct
Files identified in the description:
- [
plugins/connection/aws_ssm.py
](https://github.com/['ansible-collections/amazon.aws', 'ansible-collections/community.aws', 'ansible-collections/community.vmware']/blob/main/plugins/connection/aws_ssm.py)
If these files are inaccurate, please update the component name
section of the description or use the !component
bot command.
I am also experiencing this issue.
This is caused by https://github.com/ansible-collections/community.aws/pull/1176, which creates and uses an S3 boto3 client without the credentials provided to the plugin.