puppetlabs-aws icon indicating copy to clipboard operation
puppetlabs-aws copied to clipboard

Published 20 hours ago verified publisher icon puppetlabs-toy-chest

Error: Failed to apply catalog: unable to sign request without credentials set

Open mvernimmen-CG opened this issue 8 years ago • 1 comments
trafficstars

Hi,

With puppet 3 we could create AWS ec2 instances, now that we are on puppet 4 this no longer works because the credentials are not being read or not being used.

I have the credentials in:

~/.aws/credentials (root user, which executes the puppet command)
/etc/puppetlabs/puppet/puppetlabs_aws_credentials.ini

Our puppet version runs on a centos 7.3 host:

$ rpm -qa|grep puppet
puppet-agent-1.10.4-1.el7.x86_64
mcollective-puppet-common-1.11.1-1.el7.noarch
puppetserver-2.7.2-1.el7.noarch
mcollective-puppet-agent-1.11.1-1.el7.noarch
mcollective-puppet-client-1.11.1-1.el7.noarch

The required gems are installed:

$ sudo /opt/puppetlabs/puppet/bin/gem list | egrep 'aws|retries'
aws-sdk-core (2.10.11)
aws-sigv4 (1.0.1)
retries (0.0.5)

[m.vernimmen@zd024 aws]$ sudo /opt/puppetlabs/bin/puppetserver gem list | egrep 'aws|retries'
aws-sdk-core (2.10.11)
aws-sigv4 (1.0.1)
retries (0.0.5)

the AWS module was installed with ` sudo puppet module install puppetlabs-aws --version 2.0.0

When executing, this happens:

$ sudo puppet apply /etc/puppet/aws/tba005-2.pp --hiera_config /etc/puppet/aws/hiera.yaml
Notice: Compiled catalog for zd024.cgnet.nl in environment production in 0.45 seconds
Error: Failed to apply catalog: unable to sign request without credentials set

I verified that the puppet conf dir is indeed /etc/puppetlabs/puppet, where I've placed the file with the credentials:

$ sudo puppet config print|grep -i conf
confdir = /etc/puppetlabs/puppet

I also tried to set the credentials as environment variables, but that resulted in the same:

# export AWS_ACCESS_KEY_ID=<KEYID>
# export AWS_SECRET_ACCESS_KEY=<ACCESSKEY>
# puppet apply /etc/puppet/aws/tba005-2.pp --hiera_config /etc/puppet/aws/hiera.yaml
Notice: Compiled catalog for zd024.cgnet.nl in environment production in 0.18 seconds
Error: Failed to apply catalog: unable to sign request without credentials set

now what?

mvernimmen-CG avatar Jul 14 '17 12:07 mvernimmen-CG

We just found the root cause to this problem. In puppetlabs_aws_credentials.ini we had the settings prefixed with 2 spaces for some reason. My guess is the spaces are being read as part of the configuration key.

Removing the spaces fixed the problem; this issue can be closed.

wilbertpol avatar Nov 06 '17 16:11 wilbertpol