InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller:缺少凭据
InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Missing credentials
我正在尝试使用 AWS CodeDeploy 将 GitHub 项目部署到 EC2 实例。在学习了 2 个视频教程和一堆 Google 答案后,我仍然收到以下错误:
2017-02-01 12:20:08 INFO [codedeploy-agent(1379)]: master 1379: Spawned child 1/1
2017-02-01 12:20:09 INFO [codedeploy-agent(1383)]: On Premises config file does not exist or not readable
2017-02-01 12:20:09 INFO [codedeploy-agent(1383)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandExecutor: Archives to retain is: 5}
2017-02-01 12:20:09 INFO [codedeploy-agent(1383)]: Version file found in /opt/codedeploy-agent/.version.
2017-02-01 12:20:09 ERROR [codedeploy-agent(1383)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Missing credentials - please check if this instance was started with an IAM instance profile
我有两个 IAM:
- CodeDeployInstanceRole
- CodeDeployServiceRole
EC2 实例的 CodeDeployInstanceRole
策略名称:AmazonEC2RoleforAWSCodeDeploy
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion",
"s3:ListObjects"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
策略名称:AutoScalingNotificationAccessRole
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Resource": "*",
"Action": [
"sqs:SendMessage",
"sqs:GetQueueUrl",
"sns:Publish"
]
}
]
}
信任关系
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"codedeploy.amazonaws.com",
"ec2.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
CodeDeploy 的 CodeDeployServiceRole
策略名称:AWSCodeDeployRole
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"autoscaling:CompleteLifecycleAction",
"autoscaling:DeleteLifecycleHook",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeLifecycleHooks",
"autoscaling:PutLifecycleHook",
"autoscaling:RecordLifecycleActionHeartbeat",
"autoscaling:CreateAutoScalingGroup",
"autoscaling:UpdateAutoScalingGroup",
"autoscaling:EnableMetricsCollection",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribePolicies",
"autoscaling:DescribeScheduledActions",
"autoscaling:DescribeNotificationConfigurations",
"autoscaling:DescribeLifecycleHooks",
"autoscaling:SuspendProcesses",
"autoscaling:ResumeProcesses",
"autoscaling:AttachLoadBalancers",
"autoscaling:PutScalingPolicy",
"autoscaling:PutScheduledUpdateGroupAction",
"autoscaling:PutNotificationConfiguration",
"autoscaling:PutLifecycleHook",
"autoscaling:DescribeScalingActivities",
"autoscaling:DeleteAutoScalingGroup",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:TerminateInstances",
"tag:GetTags",
"tag:GetResources",
"sns:Publish",
"cloudwatch:DescribeAlarms",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer"
],
"Resource": "*"
}
]
}
信任关系
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"codedeploy.amazonaws.com",
"ec2.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
EC2 实例
我旋转我自己创建的基于 Debian 的图像,所以我已经安装了 NodeJS。当我旋转新实例时,我还将以下代码粘贴到 User data 文本区域以确保安装了 CodeDeploy。
#!/bin/bash -x
REGION=$(curl 169.254.169.254/latest/meta-data/placement/availability-zone/ | sed 's/[a-z]$//') &&
sudo apt-get update -y &&
sudo apt-get install -y python-pip &&
sudo apt-get install -y ruby &&
sudo apt-get install -y wget &&
cd /home/admin &&
wget https://aws-codedeploy-$REGION.s3.amazonaws.com/latest/install &&
chmod +x ./install &&
sudo ./install auto &&
sudo apt-get remove -y wget &&
sudo service codedeploy-agent start
调试
如果我登录我创建的EC2实例,执行以下命令:
echo $(curl http://169.254.169.254/latest/meta-data/iam/security-credentials/)
我收到以下回复 CodeDeployInstanceRole
当我执行
curl http://169.254.169.254/latest/meta-data/iam/security-credentials/CodeDeployInstanceRole
我收到以下回复
{
"Code" : "Success",
"LastUpdated" : "2017-02-01T12:38:07Z",
"Type" : "AWS-HMAC",
"AccessKeyId" : "THE_KEY",
"SecretAccessKey" : "SECRET",
"Token" : "TOKEN",
"Expiration" : "2017-02-01T19:08:43Z"
}
在 GitHub 我看到 CodeDeploy 从不访问我的存储库,即使我 select 使用 GitHub 部署,我设置了正确的存储库名称和提交 ID。
问题
我错过了什么?
我觉得实例角色权限不错。但 IAM 实例配置文件仅在实例启动时的第一次添加。在启动实例之前,您能否确保实例角色具有正确的权限?
事实证明默认情况下 Debian 没有安装 curl。在发出 curl 请求以获取服务器 运行 所在的区域之前安装 curl 是 Bash 脚本中缺少的部分。
我运行遇到了同样的问题。简要说明问题的原因:
- 启动一个没有附加任何角色的实例
- 然后在那台机器上安装一个codedeploy-agent
- 最后才将 IAM 角色附加到机器
结果:我收到错误:Missing credentials - please check if this instance was started with an IAM instance profile
解决方法:重启codedeploy代理。使用:
sudo service codedeploy-agent restart
错误现在应该消失了!
我得到了 "please check if this instance was started with an IAM instance profile"。要检查您的实例是否在没有 IAM 配置文件的情况下启动,请转到 AWS 控制台 -> 您的实例 -> 检查 Description 选项卡 "IAM role" 值,如果它是空的,那么您已经在没有 IAM 的情况下启动了实例,这是解决该问题的方法问题:
转到 IAM 控制台 -> 角色 -> 创建新角色
Select AWS 服务 -> EC2 -> 下一步:权限(不要更改任何内容) -> 下一步:标签 -> 下一步:审查 -> 提供名称并单击创建角色。
转到 AWS EC2 控制台 -> select 实例 -> 操作 -> 实例设置 -> Attach/replace IAM 角色 -> Select IAM 角色你刚刚创建
重启codedeploy代理:sudo service codedeploy-agent restart
再次尝试部署,应该可以了
这就是 2021 年 Ubuntu 16.04
对我有用的方法
从 Python 3.5.2 升级到 3.6
https://www.rosehosting.com/blog/how-to-install-python-3-6-on-ubuntu-16-04/
用 sudo ...
cd /opt
wget https://www.python.org/ftp/python/3.6.3/Python-3.6.3.tgz
tar -xvf Python-3.6.3.tgz
cd Python-3.6.3
./configure
apt-get install zlib1g-dev
make
make install
安装最新版本的 aws cli v1
cd ~
curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"
unzip awscli-bundle.zip
sudo ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws
修改实例元数据
https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-metadata-options.html
aws ec2 modify-instance-metadata-options \
--instance-id ${FOO_ID} \
--http-tokens optional \
--http-endpoint enabled
为 Ubuntu 服务器安装 CodeDeploy 代理
sudo apt-get update
sudo apt-get install ruby
sudo apt-get install wget
cd /home/ubuntu
wget https://aws-codedeploy-us-west-2.s3.us-west-2.amazonaws.com/latest/install
chmod +x ./install
sudo ./install auto
sudo service codedeploy-agent restart
sudo service codedeploy-agent status
查看 Amazon Linux、RHEL 和 Ubuntu 服务器实例上的部署日志文件
https://docs.aws.amazon.com/codedeploy/latest/userguide/deployments-view-logs.html
tail -f /var/log/aws/codedeploy-agent/codedeploy-agent.log
tail -f /opt/codedeploy-agent/deployment-root/deployment-logs/codedeploy-agent-deployments.log
我正在尝试使用 AWS CodeDeploy 将 GitHub 项目部署到 EC2 实例。在学习了 2 个视频教程和一堆 Google 答案后,我仍然收到以下错误:
2017-02-01 12:20:08 INFO [codedeploy-agent(1379)]: master 1379: Spawned child 1/1
2017-02-01 12:20:09 INFO [codedeploy-agent(1383)]: On Premises config file does not exist or not readable
2017-02-01 12:20:09 INFO [codedeploy-agent(1383)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandExecutor: Archives to retain is: 5}
2017-02-01 12:20:09 INFO [codedeploy-agent(1383)]: Version file found in /opt/codedeploy-agent/.version.
2017-02-01 12:20:09 ERROR [codedeploy-agent(1383)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Missing credentials - please check if this instance was started with an IAM instance profile
我有两个 IAM:
- CodeDeployInstanceRole
- CodeDeployServiceRole
EC2 实例的 CodeDeployInstanceRole
策略名称:AmazonEC2RoleforAWSCodeDeploy
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion",
"s3:ListObjects"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
策略名称:AutoScalingNotificationAccessRole
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Resource": "*",
"Action": [
"sqs:SendMessage",
"sqs:GetQueueUrl",
"sns:Publish"
]
}
]
}
信任关系
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"codedeploy.amazonaws.com",
"ec2.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
CodeDeploy 的 CodeDeployServiceRole
策略名称:AWSCodeDeployRole
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"autoscaling:CompleteLifecycleAction",
"autoscaling:DeleteLifecycleHook",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeLifecycleHooks",
"autoscaling:PutLifecycleHook",
"autoscaling:RecordLifecycleActionHeartbeat",
"autoscaling:CreateAutoScalingGroup",
"autoscaling:UpdateAutoScalingGroup",
"autoscaling:EnableMetricsCollection",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribePolicies",
"autoscaling:DescribeScheduledActions",
"autoscaling:DescribeNotificationConfigurations",
"autoscaling:DescribeLifecycleHooks",
"autoscaling:SuspendProcesses",
"autoscaling:ResumeProcesses",
"autoscaling:AttachLoadBalancers",
"autoscaling:PutScalingPolicy",
"autoscaling:PutScheduledUpdateGroupAction",
"autoscaling:PutNotificationConfiguration",
"autoscaling:PutLifecycleHook",
"autoscaling:DescribeScalingActivities",
"autoscaling:DeleteAutoScalingGroup",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:TerminateInstances",
"tag:GetTags",
"tag:GetResources",
"sns:Publish",
"cloudwatch:DescribeAlarms",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer"
],
"Resource": "*"
}
]
}
信任关系
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"codedeploy.amazonaws.com",
"ec2.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
EC2 实例
我旋转我自己创建的基于 Debian 的图像,所以我已经安装了 NodeJS。当我旋转新实例时,我还将以下代码粘贴到 User data 文本区域以确保安装了 CodeDeploy。
#!/bin/bash -x
REGION=$(curl 169.254.169.254/latest/meta-data/placement/availability-zone/ | sed 's/[a-z]$//') &&
sudo apt-get update -y &&
sudo apt-get install -y python-pip &&
sudo apt-get install -y ruby &&
sudo apt-get install -y wget &&
cd /home/admin &&
wget https://aws-codedeploy-$REGION.s3.amazonaws.com/latest/install &&
chmod +x ./install &&
sudo ./install auto &&
sudo apt-get remove -y wget &&
sudo service codedeploy-agent start
调试
如果我登录我创建的EC2实例,执行以下命令:
echo $(curl http://169.254.169.254/latest/meta-data/iam/security-credentials/)
我收到以下回复 CodeDeployInstanceRole
当我执行
curl http://169.254.169.254/latest/meta-data/iam/security-credentials/CodeDeployInstanceRole
我收到以下回复
{
"Code" : "Success",
"LastUpdated" : "2017-02-01T12:38:07Z",
"Type" : "AWS-HMAC",
"AccessKeyId" : "THE_KEY",
"SecretAccessKey" : "SECRET",
"Token" : "TOKEN",
"Expiration" : "2017-02-01T19:08:43Z"
}
在 GitHub 我看到 CodeDeploy 从不访问我的存储库,即使我 select 使用 GitHub 部署,我设置了正确的存储库名称和提交 ID。
问题
我错过了什么?
我觉得实例角色权限不错。但 IAM 实例配置文件仅在实例启动时的第一次添加。在启动实例之前,您能否确保实例角色具有正确的权限?
事实证明默认情况下 Debian 没有安装 curl。在发出 curl 请求以获取服务器 运行 所在的区域之前安装 curl 是 Bash 脚本中缺少的部分。
我运行遇到了同样的问题。简要说明问题的原因:
- 启动一个没有附加任何角色的实例
- 然后在那台机器上安装一个codedeploy-agent
- 最后才将 IAM 角色附加到机器
结果:我收到错误:Missing credentials - please check if this instance was started with an IAM instance profile
解决方法:重启codedeploy代理。使用:
sudo service codedeploy-agent restart
错误现在应该消失了!
我得到了 "please check if this instance was started with an IAM instance profile"。要检查您的实例是否在没有 IAM 配置文件的情况下启动,请转到 AWS 控制台 -> 您的实例 -> 检查 Description 选项卡 "IAM role" 值,如果它是空的,那么您已经在没有 IAM 的情况下启动了实例,这是解决该问题的方法问题:
转到 IAM 控制台 -> 角色 -> 创建新角色
Select AWS 服务 -> EC2 -> 下一步:权限(不要更改任何内容) -> 下一步:标签 -> 下一步:审查 -> 提供名称并单击创建角色。
转到 AWS EC2 控制台 -> select 实例 -> 操作 -> 实例设置 -> Attach/replace IAM 角色 -> Select IAM 角色你刚刚创建
重启codedeploy代理:sudo service codedeploy-agent restart
再次尝试部署,应该可以了
这就是 2021 年 Ubuntu 16.04
对我有用的方法从 Python 3.5.2 升级到 3.6
https://www.rosehosting.com/blog/how-to-install-python-3-6-on-ubuntu-16-04/ 用 sudo ...
cd /opt
wget https://www.python.org/ftp/python/3.6.3/Python-3.6.3.tgz
tar -xvf Python-3.6.3.tgz
cd Python-3.6.3
./configure
apt-get install zlib1g-dev
make
make install
安装最新版本的 aws cli v1
cd ~
curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"
unzip awscli-bundle.zip
sudo ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws
修改实例元数据
https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-metadata-options.html
aws ec2 modify-instance-metadata-options \
--instance-id ${FOO_ID} \
--http-tokens optional \
--http-endpoint enabled
为 Ubuntu 服务器安装 CodeDeploy 代理
sudo apt-get update
sudo apt-get install ruby
sudo apt-get install wget
cd /home/ubuntu
wget https://aws-codedeploy-us-west-2.s3.us-west-2.amazonaws.com/latest/install
chmod +x ./install
sudo ./install auto
sudo service codedeploy-agent restart
sudo service codedeploy-agent status
查看 Amazon Linux、RHEL 和 Ubuntu 服务器实例上的部署日志文件
https://docs.aws.amazon.com/codedeploy/latest/userguide/deployments-view-logs.html
tail -f /var/log/aws/codedeploy-agent/codedeploy-agent.log
tail -f /opt/codedeploy-agent/deployment-root/deployment-logs/codedeploy-agent-deployments.log