From fbff0449ce08fe2a57724e66938886e203173611 Mon Sep 17 00:00:00 2001 From: Steve Gargan Date: Sun, 15 Mar 2015 12:20:34 +0000 Subject: [PATCH 1/2] fix for issue #10422. outputs informative error message when AWS credentials are not available --- plugins/inventory/ec2.py | 57 ++++++++++++++++++++++++---------------- 1 file changed, 35 insertions(+), 22 deletions(-) diff --git a/plugins/inventory/ec2.py b/plugins/inventory/ec2.py index 0f7c198575..617463355f 100755 --- a/plugins/inventory/ec2.py +++ b/plugins/inventory/ec2.py @@ -334,23 +334,24 @@ class Ec2Inventory(object): self.write_to_cache(self.inventory, self.cache_path_cache) self.write_to_cache(self.index, self.cache_path_index) + def connect(self, region): + ''' create connection to api server''' + if self.eucalyptus: + conn = boto.connect_euca(host=self.eucalyptus_host) + conn.APIVersion = '2010-08-31' + else: + conn = ec2.connect_to_region(region) + # connect_to_region will fail "silently" by returning None if the region name is wrong or not supported + if conn is None: + raise Exception("region name: %s likely not supported, or AWS is down. connection to region failed." % region) + return conn def get_instances_by_region(self, region): ''' Makes an AWS EC2 API call to the list of instances in a particular region ''' try: - if self.eucalyptus: - conn = boto.connect_euca(host=self.eucalyptus_host) - conn.APIVersion = '2010-08-31' - else: - conn = ec2.connect_to_region(region) - - # connect_to_region will fail "silently" by returning None if the region name is wrong or not supported - if conn is None: - print("region name: %s likely not supported, or AWS is down. connection to region failed." % region) - sys.exit(1) - + conn = self.connect(region) reservations = [] if self.ec2_instance_filters: for filter_key, filter_values in self.ec2_instance_filters.iteritems(): @@ -363,6 +364,9 @@ class Ec2Inventory(object): self.add_instance(instance, region) except boto.exception.BotoServerError, e: + if e.error_code == 'AuthFailure': + self.display_auth_error() + if not self.eucalyptus: print "Looks like AWS is down again:" print e @@ -379,23 +383,33 @@ class Ec2Inventory(object): for instance in instances: self.add_rds_instance(instance, region) except boto.exception.BotoServerError, e: + if e.error_code == 'AuthFailure': + self.display_auth_error() + if not e.reason == "Forbidden": print "Looks like AWS RDS is down: " print e sys.exit(1) - def get_instance(self, region, instance_id): - ''' Gets details about a specific instance ''' - if self.eucalyptus: - conn = boto.connect_euca(self.eucalyptus_host) - conn.APIVersion = '2010-08-31' + def display_auth_error(self): + ''' Raise an error with an informative message if there is an issue authenticating''' + errors = ["Authentication error retrieving ec2 inventory."] + if None in [os.environ.get('AWS_ACCESS_KEY_ID'), os.environ.get('AWS_SECRET_ACCESS_KEY')]: + errors.append(' - No AWS_ACCESS_KEY_ID or AWS_SECRET_ACCESS_KEY environment vars found') else: - conn = ec2.connect_to_region(region) + errors.append(' - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment vars found but may not be correct') - # connect_to_region will fail "silently" by returning None if the region name is wrong or not supported - if conn is None: - print("region name: %s likely not supported, or AWS is down. connection to region failed." % region) - sys.exit(1) + boto_paths = ['/etc/boto.cfg', '~/.boto', '~/.aws/credentials'] + boto_config_found = list(p for p in boto_paths if os.path.isfile(os.path.expanduser(p))) + if len(boto_config_found) > 0: + errors.append(" - Boto configs found at '%s', but the credentials contained may not be correct" % ', '.join(boto_config_found)) + else: + errors.append(" - No Boto config found at any expected location '%s'" % ', '.join(boto_paths)) + + raise Exception('\n'.join(errors)) + + def get_instance(self, region, instance_id): + conn = self.connect(region) reservations = conn.get_all_instances([instance_id]) for reservation in reservations: @@ -785,4 +799,3 @@ class Ec2Inventory(object): # Run the script Ec2Inventory() - From ada2567dfb912428b4b23f2de9e91ac6b2cbb4b3 Mon Sep 17 00:00:00 2001 From: Steve Gargan Date: Mon, 16 Mar 2015 20:00:18 +0000 Subject: [PATCH 2/2] log errors and explicitly exit rather than raising exceptions --- plugins/inventory/ec2.py | 43 ++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 21 deletions(-) diff --git a/plugins/inventory/ec2.py b/plugins/inventory/ec2.py index 617463355f..5f7bd061d7 100755 --- a/plugins/inventory/ec2.py +++ b/plugins/inventory/ec2.py @@ -343,7 +343,7 @@ class Ec2Inventory(object): conn = ec2.connect_to_region(region) # connect_to_region will fail "silently" by returning None if the region name is wrong or not supported if conn is None: - raise Exception("region name: %s likely not supported, or AWS is down. connection to region failed." % region) + self.fail_with_error("region name: %s likely not supported, or AWS is down. connection to region failed." % region) return conn def get_instances_by_region(self, region): @@ -365,12 +365,11 @@ class Ec2Inventory(object): except boto.exception.BotoServerError, e: if e.error_code == 'AuthFailure': - self.display_auth_error() - - if not self.eucalyptus: - print "Looks like AWS is down again:" - print e - sys.exit(1) + error = self.get_auth_error_message() + else: + backend = 'Eucalyptus' if self.eucalyptus else 'AWS' + error = "Error connecting to %s backend.\n%s" % (backend, e.message) + self.fail_with_error(error) def get_rds_instances_by_region(self, region): ''' Makes an AWS API call to the list of RDS instances in a particular @@ -384,15 +383,13 @@ class Ec2Inventory(object): self.add_rds_instance(instance, region) except boto.exception.BotoServerError, e: if e.error_code == 'AuthFailure': - self.display_auth_error() - + error = self.get_auth_error_message() if not e.reason == "Forbidden": - print "Looks like AWS RDS is down: " - print e - sys.exit(1) + error = "Looks like AWS RDS is down:\n%s" % e.message + self.fail_with_error(error) - def display_auth_error(self): - ''' Raise an error with an informative message if there is an issue authenticating''' + def get_auth_error_message(self): + ''' create an informative error message if there is an issue authenticating''' errors = ["Authentication error retrieving ec2 inventory."] if None in [os.environ.get('AWS_ACCESS_KEY_ID'), os.environ.get('AWS_SECRET_ACCESS_KEY')]: errors.append(' - No AWS_ACCESS_KEY_ID or AWS_SECRET_ACCESS_KEY environment vars found') @@ -406,7 +403,12 @@ class Ec2Inventory(object): else: errors.append(" - No Boto config found at any expected location '%s'" % ', '.join(boto_paths)) - raise Exception('\n'.join(errors)) + return '\n'.join(errors) + + def fail_with_error(self, err_msg): + '''log an error to std err for ansible-playbook to consume and exit''' + sys.stderr.write(err_msg) + sys.exit(1) def get_instance(self, region, instance_id): conn = self.connect(region) @@ -506,9 +508,8 @@ class Ec2Inventory(object): if self.nested_groups: self.push_group(self.inventory, 'security_groups', key) except AttributeError: - print 'Package boto seems a bit older.' - print 'Please upgrade boto >= 2.3.0.' - sys.exit(1) + self.fail_with_error('\n'.join(['Package boto seems a bit older.', + 'Please upgrade boto >= 2.3.0.'])) # Inventory: Group by tag keys if self.group_by_tag_keys: @@ -601,9 +602,9 @@ class Ec2Inventory(object): self.push_group(self.inventory, 'security_groups', key) except AttributeError: - print 'Package boto seems a bit older.' - print 'Please upgrade boto >= 2.3.0.' - sys.exit(1) + self.fail_with_error('\n'.join(['Package boto seems a bit older.', + 'Please upgrade boto >= 2.3.0.'])) + # Inventory: Group by engine if self.group_by_rds_engine: