search

ansible-collections / community.aws

Ansible Collection for Community AWS
GNU General Public License v3.0
186 stars 396 forks source link

aws_ssm remote directory / #2054

Closed gxvigo closed 6 months ago

gxvigo commented 6 months ago

Summary

Hello, I have a playbook (see below) where I just run a ping in a remote machine.

My hosts file just contains 1 remote server:

[myhosts]
my-instance ansible_host=i-03b08f4axxxxxxxxx

When I run the playbook, the remote server try to save the object from S3 into /, the user has no permission and the command fails: <i-03b08f4a82658ba99> EXEC: curl -o '/AnsiballZ_setup.py' 'https://s3.ap-southeast-2.amazonaws.com/ansible-20240212/i-03b08f4a82658ba99/%1B%5B%3F2004h%1B%5B%3F2004l/AnsiballZ ... ... fatal: [my-instance]: FAILED! => { "msg": "failed to transfer file to /home/ec2-user/.ansible/tmp/ansible-local-66503y5171c4/tmp5xmirp9u \u001b[?2004h\u001b[?2004l/AnsiballZ_setup.py:\n\u001b[?2004h\u001b[?2004l\r\r\r\n % Total % Received % Xferd Average Speed Time Time Time Current\r\r\n The playbook has the temp directory, but it seems it's not used by curl

Issue Type

Bug Report

Component Name

aws_ssm

Ansible Version

$ ansible --version

ansible [core 2.15.9]
  config file = None
  configured module search path = ['/home/ec2-user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/ec2-user/.local/lib/python3.9/site-packages/ansible
  ansible collection location = /home/ec2-user/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/ec2-user/.local/bin/ansible
  python version = 3.9.16 (main, Sep  8 2023, 00:00:00) [GCC 11.4.1 20230605 (Red Hat 11.4.1-2)] (/usr/bin/python3)
  jinja version = 3.1.3
  libyaml = True

Collection Versions

$ ansible-galaxy collection list

Collection                    Version
----------------------------- -------
amazon.aws                    6.5.0  
ansible.netcommon             5.3.0  
ansible.posix                 1.5.4  
ansible.utils                 2.12.0 
ansible.windows               1.14.0 
arista.eos                    6.2.2  
awx.awx                       22.7.0 
azure.azcollection            1.19.0 
check_point.mgmt              5.1.1  
chocolatey.chocolatey         1.5.1  
cisco.aci                     2.8.0  
cisco.asa                     4.0.3  
cisco.dnac                    6.9.0  
cisco.intersight              1.0.27 
cisco.ios                     4.6.1  
cisco.iosxr                   5.0.3  
cisco.ise                     2.6.2  
cisco.meraki                  2.17.0 
cisco.mso                     2.5.0  
cisco.nso                     1.0.3  
cisco.nxos                    4.4.0  
cisco.ucs                     1.10.0 
cloud.common                  2.1.4  
cloudscale_ch.cloud           2.3.1  
community.aws                 6.4.0  
community.azure               2.0.0  
community.ciscosmb            1.0.7  
community.crypto              2.16.1 
community.digitalocean        1.24.0 
community.dns                 2.6.4  
community.docker              3.4.11 
community.fortios             1.0.0  
community.general             7.5.2  
community.google              1.0.0  
community.grafana             1.6.1  
community.hashi_vault         5.0.1  
community.hrobot              1.8.2  
community.libvirt             1.3.0  
community.mongodb             1.6.3  
community.mysql               3.8.0  
community.network             5.0.2  
community.okd                 2.3.0  
community.postgresql          2.4.3  
community.proxysql            1.5.1  
community.rabbitmq            1.2.3  
community.routeros            2.11.0 
community.sap                 1.0.0  
community.sap_libs            1.4.1  
community.skydive             1.0.0  
community.sops                1.6.7  
community.vmware              3.11.1 
community.windows             1.13.0 
community.zabbix              2.2.0  
containers.podman             1.11.0 
cyberark.conjur               1.2.2  
cyberark.pas                  1.0.23 
dellemc.enterprise_sonic      2.2.0  
dellemc.openmanage            7.6.1  
dellemc.powerflex             1.9.0  
dellemc.unity                 1.7.1  
f5networks.f5_modules         1.27.1 
fortinet.fortimanager         2.3.0  
fortinet.fortios              2.3.4  
frr.frr                       2.0.2  
gluster.gluster               1.0.2  
google.cloud                  1.3.0  
grafana.grafana               2.2.3  
hetzner.hcloud                1.16.0 
hpe.nimble                    1.1.4  
ibm.qradar                    2.1.0  
ibm.spectrum_virtualize       1.12.0 
ibm.storage_virtualize        2.1.0  
infinidat.infinibox           1.3.12 
infoblox.nios_modules         1.5.0  
inspur.ispim                  1.3.0  
inspur.sm                     2.3.0  
junipernetworks.junos         5.3.1  
kubernetes.core               2.4.0  
lowlydba.sqlserver            2.2.2  
microsoft.ad                  1.4.1  
netapp.aws                    21.7.1 
netapp.azure                  21.10.1
netapp.cloudmanager           21.22.1
netapp.elementsw              21.7.0 
netapp.ontap                  22.8.3 
netapp.storagegrid            21.11.1
netapp.um_info                21.8.1 
netapp_eseries.santricity     1.4.0  
netbox.netbox                 3.15.0 
ngine_io.cloudstack           2.3.0  
ngine_io.exoscale             1.1.0  
ngine_io.vultr                1.1.3  
openstack.cloud               2.2.0  
openvswitch.openvswitch       2.1.1  
ovirt.ovirt                   3.2.0  
purestorage.flasharray        1.24.0 
purestorage.flashblade        1.14.0 
purestorage.fusion            1.6.0  
sensu.sensu_go                1.14.0 
servicenow.servicenow         1.0.6  
splunk.es                     2.1.2  
t_systems_mms.icinga_director 1.33.1 
telekom_mms.icinga_director   1.35.0 
theforeman.foreman            3.15.0 
vmware.vmware_rest            2.3.1  
vultr.cloud                   1.11.0 
vyos.vyos                     4.1.0  
wti.remote                    1.0.5

AWS SDK versions

$ pip show boto boto3 botocore

Name: boto3
Version: 1.34.39
Summary: The AWS SDK for Python
Home-page: https://github.com/boto/boto3
Author: Amazon Web Services
Author-email: 
License: Apache License 2.0
Location: /home/ec2-user/.local/lib/python3.9/site-packages
Requires: botocore, jmespath, s3transfer
Required-by: 
---
Name: botocore
Version: 1.34.39
Summary: Low-level, data-driven core of boto 3.
Home-page: https://github.com/boto/botocore
Author: Amazon Web Services
Author-email: 
License: Apache License 2.0
Location: /home/ec2-user/.local/lib/python3.9/site-packages
Requires: jmespath, python-dateutil, urllib3
Required-by: boto3, s3transfer

Configuration

$ ansible-config dump --only-changed

CONFIG_FILE() = None

OS / Environment

Amazon Linux 2023

Steps to Reproduce


- name: My first play
  vars:
    ansible_connection: aws_ssm
    ansible_aws_ssm_bucket_name: ansible-xxxxxx
    ansible_aws_ssm_region: ap-southeast-2
    ansible_remote_tmp: /tmp
  hosts: myhosts
  tasks:
   - name: Ping my hosts
     ansible.builtin.ping:

Expected Results

No errors from the playbook run

Actual Results


<i-03b08f4a82658ba99> ESTABLISH SSM CONNECTION TO: i-03b08f4a82658ba99
<i-03b08f4a82658ba99> EXEC: curl -o '/AnsiballZ_setup.py' 'https://s3.ap-southeast-2.amazonaws.com/ansible-20240212/i-03b08f4a82658ba99/%1B%5B%3F2004h%1B%5B%3F2004l/AnsiballZ_setup.py?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAY2JKN62PDO5IE3MU%2F20240214%2Fap-southeast-2%2Fs3%2Faws4_request&X-Amz-Date=20240214T002432Z&X-Amz-SignedHeaders=host&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEKj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaDmFwLXNvdXRoZWFzdC0yIkgwRgIhAKzuiGzWzfyNAzcsC1%2F3JyYebAIBF2dMH8NwMEyYy0C%2FAiEA2ieVrjAy9ezQH%2FjRbcpqSGJXKQd%2B1wrqdayx8uJfmQoq0QUIgf%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw2MDYyMTYyNTUxMzQiDL2z8hG8HKnn9%2FLjjSqlBQI1K5uMRuGx1MdnA3b3EqAPwYRlBZho6%2B51XTQ8z5X5MFDL6ZByP259lZu8me2YkvdKi428BaAURixZN7cdkzql3kDfFThqUsOxUJyXXHQ2lRHXPTsCrf6cDwUN1P7q3pfdfGnxKnGz7qxMumniocCN6IrY6mH0mXhHU08GOcIVSZ7%2BF88jc4%2Fr6%2Fu%2FCUzfV4FjggrrcTm1Jkqfd5q8E30k8SSdEzcmPCIr9nE62WzkVqOYp0AAklG82M9Now6DhZvM784z2iwkvnB4DiA0kNy9XgjQSo0UIYuXWPaWn3xCK%2B%2FqOMILQaMotAZgnuf5dKPqt2DeoJFIGzT6u3PC5vGwRR%2F5n6J6MM3GvJ9sD%2F03jXHPdsAlttYASXVo9akphX%2FRT0ie33WL9r0JWEFA3xMfhPLjbMFZft9U7d5xl73j5ZH1ruDPJcgCcYoeQA1OFlRjujpeqbL%2By%2FC8A8zFbToVmqpeiouUgYm2JPTnXTEwOppciE%2FHW5aX45jp01WcC6jJCOrIgTCJw7lLspKTmQyYiVgmT34jZfTOCQE4B%2BQ9G8rpiMFHokVv4wuSFf8caxheqQHNfHfX42HUPJnfaTH6Ugs7jYX5%2B1iAVjHuHvPwitQz3T7IuL2hgtFymANe12KptM%2BTJ0CUe0txBQQC9MASruDHArlNRCHIRQg4%2FsBW1ib8enDPIrC4rMbrcPsKtCIDQSLe4%2FbCYYsPNCM9anT3xkrlBWgeaHZvWnDLNctjn8Q4HW6Spm5eune%2B8hY%2FLV6yvLWOhuL9AFmladx%2Flz5J1jQ3m81s2v9S%2Ff26%2F4nszZKnLQGG1wFMLT9%2F%2FVdG5%2BPZvlJyHykpP05aZLCt2QPpdyhE7GqcuHEIomKAVQau4NshR9VgF0RrjWK%2BFxyuh6%2FxRQRRMKaCsK4GOrAB%2FP6GayYOYy%2F45NktCjjncFYqMVl298y0NUVqj8%2Be4QSPQtZqK%2FP9JzJHQirOyReKKcumW3SXhu73xr%2F7mNlmYsYyBafpjt5lS1%2FzeHc0WAnLYFoI1%2BY2fg7VWCSoodN%2FwZLyHmi%2FUxeMidhqRp%2F8wdUk%2Bs2K7gmIWuCn1Yi1vt45xkKlYIgH%2BuxMWnrGhEwgiTndYKmK%2FC%2Fz2%2FUPGEx3Bxq4mjbE4XFr35ChD%2FiXSic%3D&X-Amz-Signature=73962b7c2824dd0c735f18eaae190787fd2b116f797c8134db5711fd6a20396c'
<i-03b08f4a82658ba99> CLOSING SSM CONNECTION TO: i-03b08f4a82658ba99
fatal: [my-instance]: FAILED! => {
    "msg": "failed to transfer file to /home/ec2-user/.ansible/tmp/ansible-local-66503y5171c4/tmp5xmirp9u \u001b[?2004h\u001b[?2004l/AnsiballZ_setup.py:\n\u001b[?2004h\u001b[?2004l\r\r\r\n  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current\r\r\n                                 Dload  Upload   Total   Spent    Left  Speed\r\r\n\r  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0Warning: Failed to open the file 2004h2004l/AnsiballZ_setup.py: No such file \r\r\nWarning: or directory\r\r\n\r  0  290k    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0\r\r\ncurl: (23) Failure writing output to destination\r\r\n\u001b[?2004h\u001b[?2004l\r\r\r\n"
}

Code of Conduct

tremble commented 6 months ago

Thanks for taking the time to open this issue.

This looks like a duplicate of #1756 please try upgrading to community.aws 7.1.0 or later.

gxvigo commented 6 months ago

Thank you for your prompt answer. I updated the amazon.aws collection 

$ ansible-galaxy collection install  amazon.aws --force

$ ansible-galaxy collection list

 /home/ec2-user/.ansible/collections/ansible_collections
Collection                    Version
----------------------------- -------
amazon.aws                    7.3.0  

 /home/ec2-user/.local/lib/python3.9/site-packages/ansible_collections
Collection                    Version
----------------------------- -------
amazon.aws                    7.3.0  
ansible.netcommon             5.3.0  
ansible.posix                 1.5.4  
ansible.utils                 2.12.0

But I see the same behavior. 

...
<i-03b08f4a82658ba99> CLOSING SSM CONNECTION TO: i-03b08f4a82658ba99
<i-03b08f4a82658ba99> ESTABLISH SSM CONNECTION TO: i-03b08f4a82658ba99
<i-03b08f4a82658ba99> EXEC: curl -o '/AnsiballZ_setup.py' 'https://s3.ap-southeast-2.amazonaws.com/ansible-20240212/i-03b08f4a82658ba99/%1B%5B%3F2004h%1B%5B%3F2004l/AnsiballZ_setup.py?X-Amz-Algorithm=AWS4-HM
...
gxvigo commented 6 months ago

Actually, my bad, I did update the amazon.aws and not community.aws. After updating community.aws I don't see the same behavior anymore. I have other errors... but that's for me to spend more time investigating.

$ ansible-galaxy collection install community.aws --force

$ ansible-galaxy collection list

 /home/ec2-user/.ansible/collections/ansible_collections
Collection                    Version
----------------------------- -------
amazon.aws                    7.3.0  
community.aws                 7.1.0  

 /home/ec2-user/.local/lib/python3.9/site-packages/ansible_collections
Collection                    Version
----------------------------- -------
amazon.aws                    7.3.0  
ansible.netcommon             5.3.0

Now it writes to a temporary folder:

<i-03b08f4a82658ba99> EXEC: curl -o '/tmp/ansible-tmp-1707937573.1657295-3126-193316081225605/AnsiballZ_setup.py'
tremble commented 6 months ago

Closing as duplicate