IMDS V2 Unauthorised Error || Guidance Required

[SARANSH BANKIWAL]

Hello all, 
Currently i was working on migration from IMDS v1 to IMDS v2 in AWS and got the below error. 

FAILED! => {"changed": false, "msg": "Failed to retrieve metadata from AWS: HTTP Error 401: Unauthorized", "response": {"body": "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?>\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n\t\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\n <head>\n  <title>401 - Unauthorized</title>\n </head>\n <body>\n  <h1>401 - Unauthorized</h1>\n </body>\n</html>\n", "connection": "close", "content-length": "343", "content-type": "text/html", "date": "Mon, 25 Jul 2022 23:26:11 GMT", "msg": "HTTP Error 401: Unauthorized", "server": "EC2ws", "status": 401, "url": "http://169.254.169.254/latest/meta-data/"}}

My ansible version on this Instance is : (ansible --version)

ansible 2.9.15
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.17 (default, Jul  1 2022, 15:56:32) [GCC 7.5.0]

Can someone please in this as stuck on this.
Thanks in advance. 

[Rilindo Foster]

Hi Saransh,

I am going to guess that it has to do with your version of ansible as it appears 2.9 does not yet support  IMDS v2, where as latest version (at least 5 and above) doesdoes, as noted in this link:

"The module is configured to utilize the session oriented Instance Metadata Service v2 (IMDSv2) https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html."

https://docs.ansible.com/ansible/latest/collections/amazon/aws/ec2_metadata_facts_module.html

https://docs.ansible.com/ansible/5/collections/amazon/aws/ec2_metadata_facts_module.html

- Rilindo

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/d6328c61-380e-4c9d-b043-2203d81385a5n%40googlegroups.com.

[SARANSH BANKIWAL]

Hi , thanks for the prompt response, 
I read the article previously as well but was not able to install Ansible to a version of 5 or above because of less available resources. Can you please help in the same. 
Thanks in advance.

[Rilindo Foster]

You probably won’t be able to upgrade as long as you are using Python 2.7. You will have to figure out a way to get a newer version of Python on the machine if you intend to upgrade to the most recent version of Ansible.

- Rilindo

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9207373f-4a95-49a1-8894-e8e8ee79d81en%40googlegroups.com.

[SARANSH BANKIWAL]

Hi Rilindo, 
As stated by you i upgraded the python version and ansible version as well. Attaching screenshots for the reference. But still the same issue persists in the Metadata fetch.

[rilindo foster]

At this point with a supported ansible version, can you paste in the code you were using to query the metadata service?

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/194477c3-d565-4331-a0fa-21e03dff1a13n%40googlegroups.com.

[SARANSH BANKIWAL]

PFB the used code for checking the IMDS V2 instance.