Ec2 Module doesn't seem to take up / use environment variables - AWS_SECRET_KEY / AWS_ACCESS_KEY

Archives Ansible Project
1

Am using Ansible 1.3.2 (on Ubuntu 12.04)

I’ve the following lines in my playbook.

  • name: Launch instance
    local_action: ec2 keypair={{ ec2_keypair_name }} group={{ ec2_security_group_name }} instance_type={{ ec2_instance_type }} image={{ ec2_ami_id }} wait=yes region={{ ec2_region }}
    register: ec2

And I’ve these in my .bashrc

export AWS_ACCESS_KEY=XXX

export AWS_SECRET_KEY=YYY
export aws_access_key=XXX
export aws_secret_key=YYY
export ec2_access_key=XXX
export ec2_secret_key=YYY
export EC2_ACCESS_KEY=XXX
export EC2_SECRET_KEY=YYY
export EC2_REGION=ap-southeast-1

And I did a reload of env variables for the current session.
. .bashrc
and verified that the env variables are available using printenv

But still, while running the playbook, it throws this error,

msg: No handler was ready to authenticate. 1 handlers were checked. [‘QuerySignatureV2AuthHandler’] Check your credentials

am I missing something here?

Also would like to know, which env variable would ansible use → ec2_access_key & similar or aws_access_key & similar (only in upper case?)

Thank you.

2

Sundar,

I think the best explanation for how the ec2 module finds credentials is the code …

https://github.com/ansible/ansible/blob/devel/library/cloud/ec2

Within main(), the module checks for passed in arguments …


def main():
    module = AnsibleModule(
        argument_spec = dict(

            region = dict(aliases=['aws_region', 'ec2_region'], choices=AWS_REGIONS),
            zone = dict(aliases=['aws_zone', 'ec2_zone']),

            ec2_url = dict(),
            aws_secret_key = dict(aliases=['ec2_secret_key', 'secret_key'], no_log=True),

            aws_access_key = dict(aliases=['ec2_access_key', 'access_key']),
        )

    )



    ec2_url = module.params.get('ec2_url')
    aws_secret_key = module.params.get('aws_secret_key')

    aws_access_key = module.params.get('aws_access_key')
    region = module.params.get('region')

So it populates region, zone, ec2_url, aws_secret_key and aws_access_key based on input parameters OR if variables exist in the play by those names.

Next, the module checks your environment variables if any of the parameters are unset …


    # allow eucarc environment variables to be used if ansible vars aren't set
    if not ec2_url and 'EC2_URL' in os.environ:

        ec2_url = os.environ['EC2_URL']

    if not aws_secret_key:

        if  'AWS_SECRET_KEY' in os.environ:
            aws_secret_key = os.environ['AWS_SECRET_KEY']

        elif 'EC2_SECRET_KEY' in os.environ:
            aws_secret_key = os.environ['EC2_SECRET_KEY']

    if not aws_access_key:
        if 'AWS_ACCESS_KEY' in os.environ:

            aws_access_key = os.environ['AWS_ACCESS_KEY']
        elif 'EC2_ACCESS_KEY' in os.environ:

            aws_access_key = os.environ['EC2_ACCESS_KEY']

    if not region:
        if 'AWS_REGION' in os.environ:
            region = os.environ['AWS_REGION']

        elif 'EC2_REGION' in os.environ:
            region = os.environ['EC2_REGION']

You mentioned that you are trying to set all of your ec2 parameters in your bashrc, but do you also set any variables in your plays that match the parameters the module looks for?

3

Hi,

This is Sundar (with my personal id).

Thanks James, for the details.

Wrt your question → Yes, only ec2_region in group_vars/all.yml.

Copying the code (as it was executed) below for clarity.

------------------------------------------------------ Copy Starts -------------------------------------------------------------------------------------------------------------------------------------------------------

scale_up.yml

4

Hi,

Any lights on this one?