logo标签列表

使用Ansible进行Packer在AWS CodeBuild中的配置失败

amazon-web-servicesansiblepackeraws-codebuild
3

我的 CodeBuild 项目使用 Packer 和 Ansible provisioner 创建 AMI。

这个 Packer 设置在我本地环境和 Amazon Linux2 EC2 环境中都成功了。但是,当我使用 AWS CodeBuild 并选择 aws/codebuild/amazonlinux2-x86_64-standard:1.0 镜像时,它就失败了。

我已经尝试了这些设置 remote_tmp = /tmp 或者 remote_tmp = /tmp/.ansible-${USER}/tmp,但都没有起作用。

认证或权限失败,在远程目录上没有权限

version: 0.2

phases:
  install:
    runtime-versions:
      python: 3.7
  pre_build:
    commands:
      - python --version
      - pip --version
      - curl -qL -o packer.zip https://releases.hashicorp.com/packer/1.4.3/packer_1.4.3_linux_amd64.zip && unzip packer.zip
      - ./packer version
      - pip install --user ansible==2.8.5
      - ansible --version
      - echo 'Validate packer json'
      - ./packer validate packer.json
  build:
    commands:
      - ./packer build -color=false packer.json | tee build.log


{
    "builders": [{
        "type": "amazon-ebs",
        "region": "ap-northeast-1",
        "ami_regions": "ap-northeast-1",
        "source_ami": "ami-0ff21806645c5e492",
        "instance_type": "t2.micro",
        "ssh_username": "ec2-user",
        "ami_name": "packer-quick-start {{timestamp}}",
        "ami_description": "created by packer at {{timestamp}}",
        "ebs_optimized": false,
        "tags": {
            "OS_Version": "Amazon Linux AMI 2018.03",
            "timestamp": "{{timestamp}}",
            "isotime": "{{isotime \"2006-01-02 03:04:05\"}}"
        },
        "disable_stop_instance": false
    }],
    "provisioners": [
        {
            "type" : "ansible",
            "extra_arguments": [
                "-vvv"
            ],
            "playbook_file" : "ansible/main.yaml"
        }
    ]
}


==> amazon-ebs: Prevalidating AMI Name: packer-quick-start 1569943272 
    amazon-ebs: Found Image ID: ami-0ff21806645c5e492 
==> amazon-ebs: Creating temporary keypair: packer_5d936ee8-541f-5c9a-6955-9672526afc1a 
==> amazon-ebs: Creating temporary security group for this instance: packer_5d936ef1-6546-d9d0-60ff-2dc4c011036f 
==> amazon-ebs: Authorizing access to port 22 from [0.0.0.0/0] in the temporary security groups... 
==> amazon-ebs: Launching a source AWS instance... 
==> amazon-ebs: Adding tags to source instance 
    amazon-ebs: Adding tag: "Name": "Packer Builder" 
    amazon-ebs: Instance ID: i-04b00db56a8b3b6d0 
==> amazon-ebs: Waiting for instance (i-04b00db56a8b3b6d0) to become ready... 
==> amazon-ebs: Using ssh communicator to connect: 3.112.61.8 
==> amazon-ebs: Waiting for SSH to become available... 
==> amazon-ebs: Connected to SSH! 
==> amazon-ebs: Provisioning with Ansible... 
==> amazon-ebs: Executing Ansible: ansible-playbook --extra-vars packer_build_name=amazon-ebs packer_builder_type=amazon-ebs -o IdentitiesOnly=yes -i /tmp/packer-provisioner-ansible244097143 /codebuild/output/src965785042/src/github.com/repoUsername/reponame/ansible/main.yaml -e ansible_ssh_private_key_file=/tmp/ansible-key242793848 -vvv 
    amazon-ebs: ansible-playbook 2.8.5 
    amazon-ebs:   config file = /codebuild/output/src965785042/src/github.com/repoUsername/reponame/ansible.cfg 
    amazon-ebs:   configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] 
    amazon-ebs:   ansible python module location = /root/.local/lib/python3.7/site-packages/ansible 
    amazon-ebs:   executable location = /root/.local/bin/ansible-playbook 
    amazon-ebs:   python version = 3.7.4 (default, Sep 20 2019, 22:55:10) [GCC 7.3.1 20180303 (Red Hat 7.3.1-5)] 
    amazon-ebs: Using /codebuild/output/src965785042/src/github.com/repoUsername/reponame/ansible.cfg as config file 
    amazon-ebs: host_list declined parsing /tmp/packer-provisioner-ansible244097143 as it did not pass it's verify_file() method 
    amazon-ebs: script declined parsing /tmp/packer-provisioner-ansible244097143 as it did not pass it's verify_file() method 
    amazon-ebs: auto declined parsing /tmp/packer-provisioner-ansible244097143 as it did not pass it's verify_file() method 
    amazon-ebs: Parsed /tmp/packer-provisioner-ansible244097143 inventory source with ini plugin 
    amazon-ebs: 
    amazon-ebs: PLAYBOOK: main.yaml ************************************************************ 
    amazon-ebs: 1 plays in /codebuild/output/src965785042/src/github.com/repoUsername/reponame/ansible/main.yaml 
    amazon-ebs: 
    amazon-ebs: PLAY [all] ********************************************************************* 
    amazon-ebs: META: ran handlers 
    amazon-ebs: 
    amazon-ebs: TASK [be sure httpd is installed] ********************************************** 
    amazon-ebs: task path: /codebuild/output/src965785042/src/github.com/repoUsername/reponame/ansible/main.yaml:6 
    amazon-ebs: <127.0.0.1> ESTABLISH SSH CONNECTION FOR USER: root 
    amazon-ebs: <127.0.0.1> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=35595 -o 'IdentityFile="/tmp/ansible-key242793848"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/02aaab1733 127.0.0.1 '/bin/sh -c '"'"'echo ~root && sleep 0'"'"'' 
    amazon-ebs: <127.0.0.1> (0, b'/root\n', b"Warning: Permanently added '[127.0.0.1]:35595' (RSA) to the list of known hosts.\r\n") 
    amazon-ebs: <127.0.0.1> ESTABLISH SSH CONNECTION FOR USER: root 
    amazon-ebs: <127.0.0.1> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=35595 -o 'IdentityFile="/tmp/ansible-key242793848"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/02aaab1733 127.0.0.1 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1569943320.4544108-49329379039882 `" && echo ansible-tmp-1569943320.4544108-49329379039882="` echo /root/.ansible/tmp/ansible-tmp-1569943320.4544108-49329379039882 `" ) && sleep 0'"'"'' 
    amazon-ebs: <127.0.0.1> (1, b'', b'mkdir: cannot create directory \xe2\x80\x98/root\xe2\x80\x99: Permission denied\n') 
    amazon-ebs: <127.0.0.1> Failed to connect to the host via ssh: mkdir: cannot create directory ‘/root’: Permission denied 
    amazon-ebs: fatal: [default]: UNREACHABLE! => { 
    amazon-ebs:     "changed": false, 
    amazon-ebs:     "msg": "Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\". Failed command was: ( umask 77 && mkdir -p \"` echo /root/.ansible/tmp/ansible-tmp-1569943320.4544108-49329379039882 `\" && echo ansible-tmp-1569943320.4544108-49329379039882=\"` echo /root/.ansible/tmp/ansible-tmp-1569943320.4544108-49329379039882 `\" ), exited with result 1", 
    amazon-ebs:     "unreachable": true 
    amazon-ebs: } 
    amazon-ebs: 
    amazon-ebs: PLAY RECAP ********************************************************************* 
    amazon-ebs: default                    : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0 
    amazon-ebs: 
==> amazon-ebs: Terminating the source AWS instance... 
==> amazon-ebs: Cleaning up any extra volumes... 
==> amazon-ebs: No volumes to clean up, skipping 
==> amazon-ebs: Deleting temporary security group... 
==> amazon-ebs: Deleting temporary keypair...

我知道它失败了,因为它尝试创建 /root 目录而被拒绝权限。但我不知道它为什么要尝试创建 /root 目录。我该如何更改这种行为?
很可能是由于Ansible通信所需的SSH代理引起的。这很可能是一个Ansible问题,而不是Packer或AWS的问题。 - Matt Schuchard
谢谢。也许我应该尝试调试并查看我的笔记本电脑和代码构建之间的差异。 - db099u
看起来更像是ansible playbook的问题。你能共享“ansible/main.yaml”吗? - shariqmaws
1个回答
8

我解决了,而且很简单。 因为AWS Codebuild是由root用户构建的,所以ansible使用root用户进行连接。我只需像这样编写代码就可以解决问题。

    "provisioners": [
        {
            "type" : "ansible",
            "user": "ec2-user",
            "playbook_file" : "ansible/main.yaml"
        }
    ]

我的 Ansible 文件很简单,只是为了测试。
---
- hosts: all
  become: yes
  gather_facts: no
  tasks:
    - name: be sure httpd is installed
      yum: name=httpd state=installed
    - name: be sure httpd is running and enabled
      service: name=httpd state=started enabled=yes
我不确定你是如何到达这一步的,因为作为root用户,我发现Ansible在路径上存在问题(我还使用codebuild和packer)。"在$PATH中找不到可执行文件"。 - openCivilisation
谢谢!由于某种原因,这在 macOS 上有效,但在我的 Jenkins Kubernetes 构建的 pod 中无效。我很困惑,因为我的用户名不是“ubuntu”,所以我甚至不知道为什么它第一次在我的机器上运行成功了。我认为出于某种原因,这在本地工作是因为我在我的 source.pkr.hcl 文件中指定了 ssh_username。:/ - Robert J
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接