There are a couple ways to provide credentials to the ec2 modules / boto
... https://gist.github.com/jctanner/7467100#credentials
1) IAM roles
2) boto config files
3) create vars via the password lookup
http://www.ansibleworks.com/docs/playbooks_lookups.html#the-password-lookup
On 12/04/2013 05:46 AM, Nicolas G. wrote:
Thanks for the reply Krzysztof.
The problem is I'm using this approach on new Amazon EC2 instances and
the only thing I have baked in the AMI along with Ansible installation
and the ansible-pull cron is the ssh git in order to access the git
server.
Therefore the AWS credentials are been checkout from git after the
cronjob starts so I can't know or specify them before the cronjob. As
a temporary solution I have the AWS credentials in every S3 task as an
argument but still I don't think this is the best way to do it..
On Tue, Dec 3, 2013 at 6:32 PM, Krzysztof Warzecha
<[email protected] <mailto:[email protected]>> wrote:
~/.bashrc will not be sourced from cron task. .bashrc is sourced only
when bash is started as interactive shell (see man bash), but cron
tasks are started with sh -c (not bash nor interactive).
You can source your .bashrc manually or you can setup your
AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY:
*/5 * * * * ...; AWS_ACCESS_KEY_ID=id AWS_SECRET_ACCESS_KEY=secret
ansible-pull ...
or:
*/5 * * * * ...; source /path/to/your/.bashrc; ansible-pull ...
2013/11/29 Nicolas G <[email protected] <mailto:[email protected]>>:
> Hi All,
>
> This is a simple playbook I have to test the S3 module which is
working fine
> but I'm having problems when I run the same in pull mode from cron:
>
> # s3example.yml
> ---
> - hosts: localhost
> connection: local
> user: root
> tasks:
> - name: download file from s3
> s3: bucket=my-bucket object=packages/my-package.tar.gz
> dest=/my-package.tar.gz mode=get
>
>
>
> # Ansible push works OK , the files get's downloaded from S3
> ansible-playbook zabbix-agent.yml
>
>
> # manually running the same playbook in pull mode also works OK
> ansible-pull -U [email protected]:my-company/myRepo.git -d
/tmp/testing -o
> --checkout=test s3example.yml
>
>
> # The problem is when using ansible-pull from cron
> # /etc/cron.d/ansible-pull :
> */5 * * * * root source /opt/ansible/hacking/env-setup >&
/dev/null;
> ansible-pull -U [email protected]:my-company/myRepo.git -d
/tmp/testing -o
> --checkout=test s3example.yml >>/var/log/test-ansible-pull.log 2>&1
>
>
> # this is what I see in /var/log/test-ansible-pull.log
> TASK: [ download file from s3]
**************************************
> failed: [localhost] => {"failed": true}
> msg: No handler was ready to authenticate. 1 handlers were checked.
> ['HmacAuthV1Handler'] Check your credentials
>
> FATAL: all hosts have already failed -- aborting
>
> This is happening in ansible 1.5 (devel 44ca015d87) last updated
2013/11/29
> 11:20:12 (GMT +000) .
>
> I have AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY defined in
my ~/.bashrc
> .
>
> Any clue ?
>
> Thanks in advance,
> Nicolas.
>
> --
> You received this message because you are subscribed to the
Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from
it, send an
> email to [email protected]
<mailto:ansible-project%[email protected]>.
> For more options, visit https://groups.google.com/groups/opt_out.
--
Krzysztof Warzecha
--
You received this message because you are subscribed to a topic in
the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/ansible-project/RcPVlWRRbUQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email
to [email protected]
<mailto:ansible-project%[email protected]>.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google
Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups "Ansible
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
