Unable to auth via ec2.py

Archives Ansible Project
1

I thought this would be the easiest part of creating a dynamic inventory, but I’m having a hell of a time connecting:

boto.exception.NoAuthHandlerFound: No handler was ready to authenticate. 1 handlers were checked. [‘HmacAuthV4Handler’] Check your credentials

In my /ansible/development/ directory, I have ec2.py and ec2.ini files:

/ansible/development/ec2.ini

– snip –
boto_profile = Client

~/.aws/credentials

[DifferentClient]

aws_access_key_id = <DIFFERENT_CLIENT_ACCESS_KEY>
aws_secret_access_key = <DIFFERENT_CLIENT_SECRET_KEY>
region = us-east-1
output = json

[Client]
aws_access_key_id = <PROJECT_ACCESS_KEY>
aws_secret_access_key = <PROJECT_ACCESS_KEY>

The keys are for my IAM user with admin privileges and work just fine when specified directly in the ec2 module.

Any idea what I’ve got misconfigured here? I’m running Ansible 1.9.4.

Thanks.

2

Also, for whatever it’s worth, I’ve tried putting the keys in ~/.boto, but the result is the same.

3

One more note on this that I just realized is that the profile only seems to fail for the ec2 module.

This works:

  • name: Key Pair | Ensure that the appropriate keypair exists
    ec2_key:
    profile: Socrates
    name: “soc-{{ env_short }}”
    region: “{{ aws_region }}”
    state: present
    register: keypair

This doesn’t

  • name: Instances | Create new instances
    ec2:
    profile: Socrates
    region: “{{ aws_region }}”
    instance_type: “{{ ec2.instance_type }}”
    image: “{{ ec2.ami_id }}”
    key_name: “soc-{{ env_short }}”
    group: “{{ env_short }}-{{ server_type }}”
    exact_count: “{{ ec2.instance_count }}”
    count_tag:
    Env: “{{ env }}”
    ManagedBy: Ansible
    ServerType: “{{ server_type }}”
    wait: yes
    assign_public_ip: no # TODO: change to ‘yes’ to assign public ip
    instance_tags:
    Env: “{{ env }}”
    ManagedBy: “Ansible”
    ServerType: “{{ server_type }}”
    Projects: “{{ install_projects | join(‘,’) }}”

termination_protection: yes

volumes:

  • device_name: /dev/sda1
    snapshot: snap-2337bd2a

volume_type: gp2

device_type: gp2
volume_size: 100
delete_on_termination: false
register: ec2

The profile also works for ensuring a security group is present. Any chance it’s a bug specific to the ec2 module? Maybe my options for the module (although these options do work if I remove the profile and include the aws_access_key and aws_secret_key directly)?

4

Well, crap. Looks like this could be related to #981 (https://github.com/ansible/ansible-modules-core/issues/981) or #1701 (https://github.com/ansible/ansible-modules-core/issues/1701). Or both.

5

Ansible 1.9.4

What version of boto are you using? I’ve noticed issues when using older versions and I’m wondering if the first bug was resolved by updating to a later version (2.38) version of boto.

Assuming you are running of OS X?

$ python -c “import boto; print boto.version

Good job on the debugging so far.

6

I’m up to date running boto 2.38.0 on OS X. My OS is Yosemite, but I’d be a little shocked if that were the issue.