在配置 VPC 后,我尝试在 EC2 Ubuntu 实例上安装 Ansible 来配置 EC2 实例。这是我的
bastion-instance.yml- name: Setup Vprofile Bastion Host
hosts: localhost
connection: local
gather_facts: False
tasks:
- name: Import bastion setup variables
include_vars: vars/bastion_setup
- name: Import VPC output variables
include_vars: vars/output_vars
- name: Create vprofile ec2 keys
ec2_key:
name: vprofile-key
region: "{{region}}"
register: key_out
- name: Save private key into file bastion-key-pem
copy:
content: "{{key_out.key.private_key}}"
dest: "./bastion-key.pem"
mode: 0600
when: key_out.changed
- name: Create sec grp for bastion hosts
ec2_group:
name: Bastion-host-sg
description: Allow port 22 from everywhere and all port within sg
region: "{{region}}"
vpc_id: "{{vpcid}}"
rules:
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: "{{MYIP}}"
register: BastionSG_out
- name: creating Bastion Host
ec2:
key_name: vprofile-key
region: "{{region}}"
instance_type: t2.micro
image: "{{bastion_ami}}"
group_id: "{{BastionSG_out.group_id}}"
vpc_subnet_id: "{{pubsub1id}}"
wait: yes #wait until healthcheck is ok
wait_timeout: 300
instance_tags:
Name: "Bastion_host"
Project: Vprofile
Owner: DevOps Team
exact_count: 1 #to make sure we wont create ec2 instance every run
count_tag: Name #count matched tags
register: BastionHost_out
当我运行此剧本时,安全组和密钥对已成功配置,但我收到以下实例配置错误:
任务执行过程中出现异常。要查看完整的回溯,请使用 -vvv。错误是:
参数MetadataOptions无法识别082b8b0f-bf75-409e-985c-386068293e5f 致命:[localhost]:失败! => {"boto3_version": "1.20.34", "botocore_version": "1.23.34", "changed": false, "msg": "实例创建失败:参数MetadataOptions无法识别"}UnknownParameter
我尝试仅使用所需参数运行基本测试 EC2 实例,但也没有成功。我不明白这个
MetadataOptions使用
-vvvThe full traceback is:
Traceback (most recent call last):
File "/tmp/ansible_ec2_payload_zt20ipz8/ansible_ec2_payload.zip/ansible_collections/amazon/aws/plugins/modules/ec2.py", line 1171, in create_instances
File "/usr/lib/python3/dist-packages/boto/ec2/connection.py", line 976, in run_instances
return self.get_object('RunInstances', params, Reservation,
File "/usr/lib/python3/dist-packages/boto/connection.py", line 1208, in get_object
raise self.ResponseError(response.status, response.reason, body)
boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request
<?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>UnknownParameter</Code><Message>The parameter MetadataOptions is not recognized</Message></Error></Errors><RequestID>f37105b6-56ef-4add-9aed-6a9f78bdb830</RequestID></Response>
fatal: [localhost]: FAILED! => {
"boto3_version": "1.20.34",
"botocore_version": "1.23.34",
"changed": false,
"invocation": {
"module_args": {
"assign_public_ip": null,
"aws_access_key": null,
"aws_ca_bundle": null,
"aws_config": null,
"aws_secret_key": null,
"count": 1,
"count_tag": {
"Name": "Bastion_host",
"Owner": "DevOps Team",
"Project": "Vprofile"
},
"debug_botocore_endpoint_logs": false,
"ebs_optimized": false,
"ec2_url": null,
"exact_count": 1,
"group": null,
"group_id": [
"sg-088e3d11d4742c693"
],
"id": null,
"image": "ami-022e1a32d3f742bd8",
"instance_ids": null,
"instance_initiated_shutdown_behavior": "stop",
"instance_profile_name": null,
"instance_tags": {
"Name": "Bastion_host",
"Owner": "DevOps Team",
"Project": "Vprofile"
},
"instance_type": "t2.micro",
"kernel": null,
"key_name": "vprofile-key",
"monitoring": false,
"network_interfaces": null,
"placement_group": null,
"private_ip": null,
"profile": null,
"ramdisk": null,
"region": "us-east-1",
"security_token": null,
"source_dest_check": null,
"spot_launch_group": null,
"spot_price": null,
"spot_type": "one-time",
"spot_wait_timeout": 600,
"state": "present",
"tenancy": "default",
"termination_protection": null,
"user_data": null,
"validate_certs": true,
"volumes": null,
"vpc_subnet_id": "subnet-0c755f0ccdf5face2",
"wait": true,
"wait_timeout": 300,
"zone": null
}
},
"msg": "Instance creation failed: The parameter MetadataOptions is not recognized"
}
我在互联网上搜索了该问题的解决方案,但没有找到类似的内容。我使用的是 Ansible 版本 2.10。有谁知道导致此问题的原因是什么?
任何帮助将不胜感激
解决方法是设置更新的 API 版本。 有很多方法可以做到这一点:
此处所述编写
boto配置文件。例子:
[Boto]
ec2_version = 2016-11-15
bashBOTO_CONFIG=<(echo '[Boto]\nec2_version = 2016-11-15')
boto3botoapi_versionEC2Connection该问题是由于使用
ImdsSupport="v2.0"此类较新版本无法与较旧的 AWS API 版本一起启动
2014-10-01boto APIVersion = boto.config.get('Boto', 'ec2_version', '2014-10-01')
(这是版本 2.49.0,这是
botoboto3IMDSv2 很重要,因为 v1 不安全(仅在攻击者可以迫使 EC2 实例上运行的应用程序查询 IMDS 的情况下)。
错误
The parameter MetadataOptions is not recognized
由 AWS 引发,因为在上传 AMI 期间启用 IMDSv2 在启动期间添加了隐式参数
MetadataOptionsRunInstances这可以说只是 AWS 编写的错误消息。它确实应该这样说:
The parameter MetadataOptions is not recognized (automatically added by the AMI due to the enabling of IMDSv2)
https://github.com/benaco/nixops/commit/de0b958b37030c4b4b78e3e69908ad0700d6ae57
https://github.com/boto/botocore/tree/b5ed2ef6dd45f338b59095b4f4ce34a1488ac1b4/botocore/data/ec2
感谢@arianvp帮助我解决了这个问题。