[ClusterLabs] Antw: [EXT] issue with awscli profile for AWS resource agents

Ulrich Windl Ulrich.Windl at rz.uni-regensburg.de
Thu Jul 8 11:06:15 EDT 2021 

>>> Aaron Kennedy <aaron at tuxera.com> schrieb am 08.07.2021 um 15:18 in
Nachricht
<a8723de611e149a1badf5853cc641cb4 at tuxera-exch.ad.tuxera.com>:

> Hello,
> 
> I am trying to use AWS resource agents such as ‘awsvip’ and ‘awseip’ but my

> awscli profile “could not be found”
> 
> [ec2-user at ip-172-31-43-116 ~]$ sudo pcs resource debug-start --full privip
>  warning: unpack_rsc_op_failure:        Processing failed start of privip on

> ip-172-31-43-84.eu-west-1.compute.internal: not running | rc=7
> warning: unpack_rsc_op_failure:        Processing failed start of privip on

> ip-172-31-43-116.eu-west-1.compute.internal: not running | rc=7
> warning: unpack_rsc_op_failure:        Processing failed start of privip on

> ip-172-31-45-167.eu-west-1.compute.internal: not running | rc=7
> Operation start for privip (ocf:heartbeat:awsvip) returned: 'not running' 
> (7)
>>  stderr: + 12:47:21: 45: OCF_RESKEY_awscli_default=/usr/bin/aws
>>  stderr: + 12:47:21: 46: OCF_RESKEY_profile_default=default
>>  stderr: + 12:47:21: 47: OCF_RESKEY_api_delay_default=3
>>  stderr: + 12:47:21: 49: : /usr/bin/aws
>>  stderr: + 12:47:21: 50: : default
>>  stderr: + 12:47:21: 51: : 3
>>  stderr: + 12:47:21: 196: case $__OCF_ACTION in
>>  stderr: + 12:47:21: 203: AWSCLI=/usr/bin/aws
>>  stderr: + 12:47:21: 204: SECONDARY_PRIVATE_IP=172.31.45.5
>>  stderr: ++ 12:47:21: 205: curl -s 
> http://169.254.169.254/latest/meta-data/instance-id 
>>  stderr: + 12:47:21: 205: INSTANCE_ID=i-0ea1bfc7adcc6197e
>>  stderr: ++ 12:47:21: 206: /usr/bin/aws --profile default --output json ec2

> describe-instances --instance-id i-0ea1bfc7adcc6197e
>>  stderr: ++ 12:47:21: 206: awk '-F"' '{print$4}'
>>  stderr: ++ 12:47:21: 206: grep -m 1 eni
>>  stderr:
>>  stderr: The config profile (default) could not be found
>>  stderr: + 12:47:21: 206: NETWORK_ID=
>>  stderr: + 12:47:21: 208: case $__OCF_ACTION in
>>  stderr: + 12:47:21: 210: awsvip_validate
>>  stderr: + 12:47:21: awsvip_validate:181: check_binary /usr/bin/aws
>>  stderr: + 12:47:21: check_binary:56: have_binary /usr/bin/aws
>>  stderr: + 12:47:21: have_binary:68: '[' '' = 1 ']'
>>  stderr: ++ 12:47:21: have_binary:71: echo /usr/bin/aws
>>  stderr: ++ 12:47:21: have_binary:71: sed -e 's/ -.*//'
>>  stderr: + 12:47:21: have_binary:71: local bin=/usr/bin/aws
>>  stderr: ++ 12:47:21: have_binary:72: which /usr/bin/aws
>>  stderr: + 12:47:21: have_binary:72: test -x /usr/bin/aws
>>  stderr: + 12:47:21: awsvip_validate:183: '[' -z default ']'
>>  stderr: + 12:47:21: awsvip_validate:188: '[' -z i-0ea1bfc7adcc6197e ']'
>>  stderr: + 12:47:21: awsvip_validate:193: return 0
>>  stderr: + 12:47:21: 211: awsvip_start
>>  stderr: + 12:47:21: awsvip_start:132: awsvip_monitor
>>  stderr: + 12:47:21: awsvip_monitor:171: /usr/bin/aws --profile default ec2

> describe-instances --instance-id i-0ea1bfc7adcc6197e
>>  stderr: + 12:47:21: awsvip_monitor:171: grep -q 172.31.45.5
>>  stderr:
>>  stderr: The config profile (default) could not be found
> <truncated>
> 
> But if I simply run the binary with the same options there is no issue:
> 
> [ec2-user at ip-172-31-43-116 ~]$ /usr/bin/aws --profile default --output json

> ec2 describe-instances --instance-id i-0ea1bfc7adcc6197e
> {
>     "Reservations": [
>         {
>             "Instances": [
>                 {
>                     "Monitoring": {
>                         "State": "disabled"
>                     },
>                     "PublicDnsName": 
> "ec2-34-243-96-249.eu-west-1.compute.amazonaws.com",
>                     "State": {
>                         "Code": 16,
>                         "Name": "running"
>                     },
>                     "EbsOptimized": true,
>                     "LaunchTime": "2021-07-07T11:10:57.000Z",
>                     "PublicIpAddress": "34.243.96.249",
>                     "PrivateIpAddress": "172.31.43.116",
>                     "ProductCodes": [],
>                     "VpcId": "vpc-58799c3f",
>                    "CpuOptions": {
>                         "CoreCount": 1,
>                         "ThreadsPerCore": 2
>                     },
> <truncated>
> 
> I’ve tried recreating the awscli profile with a named option (instead of 
> default) and create the resource with the same named option (instead of 
> default) but I get the same result, eg “The config profile (aaron) could not

> be found.” I’m not sure how to troubleshoot this further since the RA is 
> leveraging /usr/bin/aws which is using a properly configured profile.
> 
> Thanks for any helpful suggestions!

Prefix the call of "aws" in the script with something like "strace -f -o ..."
;-)

> 
> Best regards,
> Aaron

More information about the Users mailing list