community.aws icon indicating copy to clipboard operation
community.aws copied to clipboard

Published 20 hours ago verified publisher icon ansible-collections

ssm connection caught exception(Unable to locate credentials)

Open fab-10 opened this issue 1 year ago • 3 comments

Summary

After upgrading community.aws to 4.1.1 and amazon.aws to 4.1.0, my playbooks are not able to connect via ssm anymore. Extract of the logs

redirecting (type: connection) ansible.builtin.aws_ssm to community.aws.aws_ssm
wait_for_connection: attempting ping module test
<i-redacted> ESTABLISH SSM CONNECTION TO: i-redacted
<i-redacted> SSM CONNECTION ID: redacted
<i-redacted> EXEC ( umask 77 && mkdir -p "` echo /tmp/.ansible-ssm `"&& mkdir "` echo /tmp/.ansible-ssm/ansible-tmp-1660641811.7266405-78-7676503826330 `" && echo ansible-tmp-1660641811.7266405-78-7676503826330="` echo /tmp/.ansible-ssm/ansible-tmp-1660641811.7266405-78-7676503826330 `" )
<i-redacted> (0, 'ansible-tmp-1660641811.7266405-78-7676503826330=/tmp/.ansible-ssm/ansible-tmp-1660641811.7266405-78-7676503826330\r\r', '')
Using module file /usr/local/lib/python3.10/dist-packages/ansible/modules/ping.py
<i-redacted> PUT /home/ansible/.ansible/tmp/ansible-local-74qpntduf7/tmp1nopxxve TO /tmp/.ansible-ssm/ansible-tmp-1660641811.7266405-78-7676503826330/AnsiballZ_ping.py
<i-redacted> ssm_retry: attempt: 0, caught exception(Unable to locate credentials) from cmd (/home/ansible/.ansible/tmp/ansible-local-74qpntduf7/tmp1nopxxve...), pausing for 0 seconds
<i-redacted> CLOSING SSM CONNECTION TO: i-redacted
<i-redacted> ssm_retry: attempt: 1, caught exception(Unable to locate credentials) from cmd (/home/ansible/.ansible/tmp/ansible-local-74qpntduf7/tmp1nopxxve...), pausing for 1 seconds
<i-redacted> ssm_retry: attempt: 2, caught exception(Unable to locate credentials) from cmd (/home/ansible/.ansible/tmp/ansible-local-74qpntduf7/tmp1nopxxve...), pausing for 3 seconds

reverting to community.aws to 4.0.0 and amazon.aws to 4.0.0 works.

Issue Type

Bug Report

Component Name

aws_ssm

Ansible Version

$ ansible --version
2.13.1

Collection Versions

$ ansible-galaxy collection list

Collection        Version
----------------- -------
amazon.aws        4.0.0
ansible.posix     1.4.0
community.aws     4.0.0
community.docker  2.7.0
community.general 5.2.0

AWS SDK versions

$ pip show boto boto3 botocore
Executing pip show boto boto3 botocore
WARNING: Package(s) not found: boto
Name: boto3
Version: 1.24.24
Summary: The AWS SDK for Python
Home-page: https://github.com/boto/boto3
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /usr/local/lib/python3.10/dist-packages
Requires: botocore, jmespath, s3transfer
Required-by:
---
Name: botocore
Version: 1.27.47
Summary: Low-level, data-driven core of boto 3.
Home-page: https://github.com/boto/botocore
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /usr/local/lib/python3.10/dist-packages
Requires: jmespath, python-dateutil, urllib3
Required-by: boto3, s3transfer

Configuration

$ ansible-config dump --only-changed

OS / Environment

No response

Steps to Reproduce

- name: Wait for instance to be ready
  hosts: all
  serial: 1
  gather_facts: no
  tasks:
    - name: Wait for instance to be ready
      wait_for_connection:

Expected Results

Expect a connection to the instance

Actual Results

redirecting (type: connection) ansible.builtin.aws_ssm to community.aws.aws_ssm
wait_for_connection: attempting ping module test
<i-redacted> ESTABLISH SSM CONNECTION TO: i-redacted
<i-redacted> SSM CONNECTION ID: redacted
<i-redacted> EXEC ( umask 77 && mkdir -p "` echo /tmp/.ansible-ssm `"&& mkdir "` echo /tmp/.ansible-ssm/ansible-tmp-1660641811.7266405-78-7676503826330 `" && echo ansible-tmp-1660641811.7266405-78-7676503826330="` echo /tmp/.ansible-ssm/ansible-tmp-1660641811.7266405-78-7676503826330 `" )
<i-redacted> (0, 'ansible-tmp-1660641811.7266405-78-7676503826330=/tmp/.ansible-ssm/ansible-tmp-1660641811.7266405-78-7676503826330\r\r', '')
Using module file /usr/local/lib/python3.10/dist-packages/ansible/modules/ping.py
<i-redacted> PUT /home/ansible/.ansible/tmp/ansible-local-74qpntduf7/tmp1nopxxve TO /tmp/.ansible-ssm/ansible-tmp-1660641811.7266405-78-7676503826330/AnsiballZ_ping.py
<i-redacted> ssm_retry: attempt: 0, caught exception(Unable to locate credentials) from cmd (/home/ansible/.ansible/tmp/ansible-local-74qpntduf7/tmp1nopxxve...), pausing for 0 seconds
<i-redacted> CLOSING SSM CONNECTION TO: i-redacted
<i-redacted> ssm_retry: attempt: 1, caught exception(Unable to locate credentials) from cmd (/home/ansible/.ansible/tmp/ansible-local-74qpntduf7/tmp1nopxxve...), pausing for 1 seconds
<i-redacted> ssm_retry: attempt: 2, caught exception(Unable to locate credentials) from cmd (/home/ansible/.ansible/tmp/ansible-local-74qpntduf7/tmp1nopxxve...), pausing for 3 seconds

Code of Conduct

  • [X] I agree to follow the Ansible Code of Conduct

fab-10 avatar Aug 16 '22 09:08 fab-10

Files identified in the description:

  • [plugins/connection/aws_ssm.py](https://github.com/['ansible-collections/amazon.aws', 'ansible-collections/community.aws', 'ansible-collections/community.vmware']/blob/main/plugins/connection/aws_ssm.py)

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibullbot avatar Aug 16 '22 09:08 ansibullbot

I am also experiencing this issue.

phene avatar Aug 29 '22 23:08 phene

This is caused by https://github.com/ansible-collections/community.aws/pull/1176, which creates and uses an S3 boto3 client without the credentials provided to the plugin.

phene avatar Aug 30 '22 00:08 phene