Unable to auth via ec2.py

[Rob Wilkerson]

I thought this would be the easiest part of creating a dynamic inventory, but I'm having a hell of a time connecting:

boto.exception.NoAuthHandlerFound: No handler was ready to authenticate. 1 handlers were checked. ['HmacAuthV4Handler'] Check your credentials

In my <project>/ansible/development/ directory, I have ec2.py and ec2.ini files:

# <project>/ansible/development/ec2.ini

-- snip --

boto_profile = Client

# ~/.aws/credentials

[DifferentClient]

aws_access_key_id = <DIFFERENT_CLIENT_ACCESS_KEY>

aws_secret_access_key = <DIFFERENT_CLIENT_SECRET_KEY>

region = us-east-1

output = json

[Client]

aws_access_key_id = <PROJECT_ACCESS_KEY>

aws_secret_access_key = <PROJECT_ACCESS_KEY>

The keys are for my IAM user with admin privileges and work just fine when specified directly in the ec2 module.

Any idea what I've got misconfigured here? I'm running Ansible 1.9.4.

Thanks.

[Rob Wilkerson]

Also, for whatever it's worth, I've tried putting the keys in ~/.boto, but the result is the same.

[Rob Wilkerson]

One more note on this that I just realized is that the profile only seems to fail for the ec2 module.

This works: 

- name: Key Pair | Ensure that the appropriate keypair exists

  ec2_key:

    profile: Socrates

    name: "soc-{{ env_short }}"

    region: "{{ aws_region }}"

    state: present

  register: keypair

This doesn't

- name: Instances | Create new instances

  ec2:

    profile: Socrates

    region: "{{ aws_region }}"

    instance_type: "{{ ec2.instance_type }}"

    image: "{{ ec2.ami_id }}"

    key_name: "soc-{{ env_short }}"

    group: "{{ env_short }}-{{ server_type }}"

    exact_count: "{{ ec2.instance_count }}"

    count_tag:

      Env: "{{ env }}"

      ManagedBy: Ansible

      ServerType: "{{ server_type }}"

    wait: yes

    assign_public_ip: no  # TODO: change to 'yes' to assign public ip

    instance_tags:

      Env: "{{ env }}"

      ManagedBy: "Ansible"

      ServerType: "{{ server_type }}"

      Projects: "{{ install_projects | join(',') }}"

    # termination_protection: yes

    volumes:

      - device_name: /dev/sda1

        snapshot: snap-2337bd2a

        # volume_type: gp2

        device_type: gp2

        volume_size: 100

        delete_on_termination: false

  register: ec2

The profile also works for ensuring a security group is present. Any chance it's a bug specific to the ec2 module? Maybe my options for the module (although these options do work if I remove the profile and include the aws_access_key and aws_secret_key directly)?

On Tuesday, November 24, 2015 at 2:03:51 PM UTC-5, Rob Wilkerson wrote:

[Rob Wilkerson]

Well, crap. Looks like this could be related to #981 (https://github.com/ansible/ansible-modules-core/issues/981) or #1701 (https://github.com/ansible/ansible-modules-core/issues/1701). Or both.

On Tuesday, November 24, 2015 at 2:03:51 PM UTC-5, Rob Wilkerson wrote:

[Stephen Granger]

Ansible 1.9.4

What version of boto are you using? I've noticed issues when using older versions and I'm wondering if the first bug was resolved by updating to a later version (2.38) version of boto.

Assuming you are running of OS X?

$ python -c "import boto; print boto.__version__"

Good job on the debugging so far.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/8839ecab-598a-4a3f-b7cb-7a1a01b9cfcd%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Steve

[Rob Wilkerson]

I'm up to date running boto 2.38.0 on OS X. My OS is Yosemite, but I'd be a little shocked if that were the issue.