Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

msg: The following modules failed to execute: ansible.legacy.setup #1421

Closed
vjrk83 opened this issue Aug 24, 2022 · 17 comments
Closed

msg: The following modules failed to execute: ansible.legacy.setup #1421

vjrk83 opened this issue Aug 24, 2022 · 17 comments
Labels
bot_broken bug This issue/PR relates to a bug needs_triage python3

Comments

@vjrk83
Copy link

vjrk83 commented Aug 24, 2022
edited
Loading

Summary

Hello,

First time set to aws_ssm for both linux and windows using the community.aws.aws_ssm plugin to connect to the ec2 instances. The connection looks ok, but failing with the weird syntax error which im not able to figure it out.

I have created a S3 with SSE enabled for temp copy to execute the ansible playbooks.

Issue Type

Bug Report

Component Name

community.aws.aws_ssm, ansible.legacy.setup

Ansible Version

$ ansible --version

```$  ansible --version
/usr/local/Cellar/ansible/5.7.1/libexec/lib/python3.10/site-packages/paramiko/transport.py:236: CryptographyDeprecationWarning: Blowfish has been deprecated
  "class": algorithms.Blowfish,
ansible [core 2.12.5]
  config file = /Users/a1022933/git/ansible-platforms/playbooks/migration/ansible.cfg
  configured module search path = ['/Users/a1022933/git/ansible-platforms/ssm/community.aws/plugins/modules']
  ansible python module location = /usr/local/Cellar/ansible/5.7.1/libexec/lib/python3.10/site-packages/ansible
  ansible collection location = /Users/a1022933/git/ansible-platforms/galaxy/collections
  executable location = /usr/local/bin/ansible
  python version = 3.10.5 (main, Jun 23 2022, 17:15:25) [Clang 13.1.6 (clang-1316.0.21.2.5)]
  jinja version = 3.1.2
  libyaml = True


### Collection Versions

```console (paste below)
$ ansible-galaxy collection list
```$ ansible-galaxy collection list

# /usr/local/Cellar/ansible/5.7.1/libexec/lib/python3.10/site-packages/ansible_collections
Collection                    Version
----------------------------- -------
amazon.aws                    2.2.0
ansible.netcommon             2.6.1
ansible.posix                 1.3.0
ansible.utils                 2.6.0
ansible.windows               1.9.0
arista.eos                    3.1.0
awx.awx                       19.4.0
azure.azcollection            1.12.0
check_point.mgmt              2.3.0
chocolatey.chocolatey         1.2.0
cisco.aci                     2.2.0
cisco.asa                     2.1.0
cisco.intersight              1.0.18
cisco.ios                     2.8.1
cisco.iosxr                   2.9.0
cisco.ise                     1.2.1
cisco.meraki                  2.6.1
cisco.mso                     1.4.0
cisco.nso                     1.0.3
cisco.nxos                    2.9.1
cisco.ucs                     1.8.0
cloud.common                  2.1.1
cloudscale_ch.cloud           2.2.1
community.aws                 2.4.0
community.azure               1.1.0
community.ciscosmb            1.0.4
community.crypto              2.2.4
community.digitalocean        1.16.0
community.dns                 2.1.0
community.docker              2.4.0
community.fortios             1.0.0
community.general             4.8.0
community.google              1.0.0
community.grafana             1.4.0
community.hashi_vault         2.4.0
community.hrobot              1.3.0
community.kubernetes          2.0.1
community.kubevirt            1.0.0
community.libvirt             1.0.2
community.mongodb             1.3.3
community.mysql               2.3.5
community.network             3.1.0
community.okd                 2.1.0
community.postgresql          1.7.2
community.proxysql            1.3.2
community.rabbitmq            1.1.0
community.routeros            2.0.0
community.sap                 1.0.0
community.skydive             1.0.0
community.sops                1.2.1
community.vmware              1.18.0
community.windows             1.9.0
community.zabbix              1.6.0
containers.podman             1.9.3
cyberark.conjur               1.1.0
cyberark.pas                  1.0.13
dellemc.enterprise_sonic      1.1.0
dellemc.openmanage            4.4.0
dellemc.os10                  1.1.1
dellemc.os6                   1.0.7
dellemc.os9                   1.0.4
f5networks.f5_modules         1.16.0
fortinet.fortimanager         2.1.5
fortinet.fortios              2.1.4
frr.frr                       1.0.3
gluster.gluster               1.0.2
google.cloud                  1.0.2
hetzner.hcloud                1.6.0
hpe.nimble                    1.1.4
ibm.qradar                    1.0.3
infinidat.infinibox           1.3.3
infoblox.nios_modules         1.2.1
inspur.sm                     1.3.0
junipernetworks.junos         2.10.0
kubernetes.core               2.3.0
mellanox.onyx                 1.0.0
netapp.aws                    21.7.0
netapp.azure                  21.10.0
netapp.cloudmanager           21.16.0
netapp.elementsw              21.7.0
netapp.ontap                  21.18.1
netapp.storagegrid            21.10.0
netapp.um_info                21.8.0
netapp_eseries.santricity     1.3.0
netbox.netbox                 3.7.0
ngine_io.cloudstack           2.2.3
ngine_io.exoscale             1.0.0
ngine_io.vultr                1.1.1
openstack.cloud               1.8.0
openvswitch.openvswitch       2.1.0
ovirt.ovirt                   1.6.6
purestorage.flasharray        1.12.1
purestorage.flashblade        1.9.0
sensu.sensu_go                1.13.1
servicenow.servicenow         1.0.6
splunk.es                     1.0.2
t_systems_mms.icinga_director 1.29.0
theforeman.foreman            2.2.0
vyos.vyos                     2.8.0
wti.remote                    1.0.3

# /Users/a1022933/git/ansible-platforms/galaxy/collections/ansible_collections
Collection     Version
-------------- -------
amazon.aws     4.1.0
community.aws  4.1.1
sensu.sensu_go 1.4.2


### AWS SDK versions

```console (paste below)
$ pip show boto boto3 botocore
```$ pip3 show boto boto3 botocore
WARNING: Package(s) not found: boto, boto3, botocore


### Configuration

```console (paste below)
$ ansible-config dump --only-changed

```$ ansible-config dump --only-changed
ANSIBLE_FORCE_COLOR(/Users/unixuser/git/ansible-platforms/playbooks/migration/ansible.cfg) = True
ANSIBLE_NOCOWS(env: ANSIBLE_NOCOWS) = True
COLLECTIONS_PATHS(/Users/unixuser/git/ansible-platforms/playbooks/migration/ansible.cfg) = ['/Users/unixuser/git/ansible-platforms/galaxy/collections']
DEFAULT_HOST_LIST(/Users/unixuser/git/ansible-platforms/playbooks/migration/ansible.cfg) = ['/Users/unixuser/git/ansible-platforms/inventories/migration/migration.rb']
DEFAULT_MODULE_PATH(/Users/unixuser/git/ansible-platforms/playbooks/migration/ansible.cfg) = ['/Users/unixuser/git/ansible-platforms/ssm/community.aws/plugins/modules']
DEFAULT_ROLES_PATH(/Users/unixuser/git/ansible-platforms/playbooks/migration/ansible.cfg) = ['/Users/unixuser/git/ansible-platforms/roles']
DEFAULT_STDOUT_CALLBACK(/Users/unixuser/git/ansible-platforms/playbooks/migration/ansible.cfg) = unixy
DEFAULT_TIMEOUT(/Users/unixuser/git/ansible-platforms/playbooks/migration/ansible.cfg) = 30
HOST_KEY_CHECKING(/Users/unixuser/git/ansible-platforms/playbooks/migration/ansible.cfg) = False
RETRY_FILES_ENABLED(/Users/unixuser/git/ansible-platforms/playbooks/migration/ansible.cfg) = False
TRANSFORM_INVALID_GROUP_CHARS(/Users/unixuser/git/ansible-platforms/playbooks/migration/ansible.cfg) = ignore


### OS / Environment

MacOS Monterey

### Steps to Reproduce

<!--- Paste example playbooks or commands between quotes below -->
```yaml (paste below)

- hosts: all
  collections:
    - community.aws
  vars:
    ansible_connection: community.aws.aws_ssm
    ansible_aws_ssm_region: us-east-1
    ansible_aws_ssm_bucket_name: 'sample-s3bucket-for-ansible'
  tasks:
    - shell: echo "Hello World"


### Expected Results

Expected the playbook run , but fails with error . 
```$ ansible-playbook linux_file.yml
/usr/local/Cellar/ansible/5.7.1/libexec/lib/python3.10/site-packages/paramiko/transport.py:236: CryptographyDeprecationWarning: Blowfish has been deprecated
  "class": algorithms.Blowfish,
 [ERROR]: /Users/unixuser/git/ansible-platforms/inventories/lib/Inv/Chef/Api/Search.rb:103: warning: URI.escape is obsolete
Executing playbook linux_file.yml

- all on hosts: all -
Gathering Facts...
  i-01abdcdeghijk1234 failed | msg: The following modules failed to execute: ansible.legacy.setup

- Play recap -
  i-01abdcdeghijk1234        : ok=0    changed=0    unreachable=0    failed=1    rescued=0    ignored=0

### Actual Results

```console (paste below)

```$ ansible-playbook linux_file.yml  -vvvv
/usr/local/Cellar/ansible/5.7.1/libexec/lib/python3.10/site-packages/paramiko/transport.py:236: CryptographyDeprecationWarning: Blowfish has been deprecated
  "class": algorithms.Blowfish,
ansible-playbook [core 2.12.5]
  config file = /Users/unixuser/git/ansible-platforms/playbooks/migration/ansible.cfg
  configured module search path = ['/Users/unixuser/git/ansible-platforms/ssm/community.aws/plugins/modules']
  ansible python module location = /usr/local/Cellar/ansible/5.7.1/libexec/lib/python3.10/site-packages/ansible
  ansible collection location = /Users/unixuser/git/ansible-platforms/galaxy/collections
  executable location = /usr/local/bin/ansible-playbook
  python version = 3.10.5 (main, Jun 23 2022, 17:15:25) [Clang 13.1.6 (clang-1316.0.21.2.5)]
  jinja version = 3.1.2
  libyaml = True
Using /Users/unixuser/git/ansible-platforms/playbooks/migration/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /Users/unixuser/git/ansible-platforms/inventories/migration/migration.rb as it did not pass its verify_file() method
 [ERROR]: /Users/unixuser/git/ansible-platforms/inventories/lib/Inv/Chef/Api/Search.rb:103: warning: URI.escape is obsolete
Parsed /Users/unixuser/git/ansible-platforms/inventories/migration/migration.rb inventory source with script plugin
Loading collection amazon.aws from /Users/unixuser/git/ansible-platforms/galaxy/collections/ansible_collections/amazon/aws
Loading collection community.aws from /Users/unixuser/git/ansible-platforms/galaxy/collections/ansible_collections/community/aws
redirecting (type: callback) ansible.builtin.unixy to community.general.unixy
Loading collection community.general from /usr/local/Cellar/ansible/5.7.1/libexec/lib/python3.10/site-packages/ansible_collections/community/general
redirecting (type: callback) ansible.builtin.unixy to community.general.unixy
Loading callback plugin community.general.unixy of type stdout, v2.0 from /usr/local/Cellar/ansible/5.7.1/libexec/lib/python3.10/site-packages/ansible_collections/community/general/plugins/callback/unixy.py
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
Executing playbook linux_file.yml
Positional arguments: linux_file.yml
verbosity: 4
connection: smart
timeout: 30
become_method: sudo
tags: ('all',)
inventory: ('/Users/unixuser/git/ansible-platforms/inventories/migration/migration.rb',)
forks: 5
1 plays in linux_file.yml

- all on hosts: all -
Gathering Facts...
<i-01abdcdeghijk1234> ESTABLISH SSM CONNECTION TO: i-01abdcdeghijk1234
<i-01abdcdeghijk1234> SSM COMMAND: ['/usr/local/bin/session-manager-plugin', '{"SessionId": "[email protected]", "TokenValue": "AAEAAQOucPDuQTxc84YsPS4yW70aRt0X6AcUQrZ+nlrJkp8uAAAAAGMGdzYYRcx0LLvcGjzOoMW9VUsep+sjjswaFn6z/YfWOoxT3XlcrHYYm2zMjMBc3K+/nsd0XTJ1Mciei6+Od0QSvzkyOa0Hig6cief/zo5bi86hcYPGn5WMRpbBZkmq4OYedEbLBbxiEE4vRguL6soOGMSL2RmQMaautLmUMLLLG7rU5JK6SFiOHHMuGckB1SwyWjFSK9nK14s/toldXZa+5GsUZnSEdGLERJHzTisgPNHpOauzTt+IXlVBD70WmH1wEOQShQVT9jAkbcOZzSVSJVL9sQqGAFFWOfyrbT/KhBbzs8pvjaK6w5LqUcUm1UdmmW74/QK4GAWEupxTj4mB9TfwwGRROBip39spqrcy5zDQRKXFwtxerM8y1IaphtFyWVqqwjS2J/mFFVA893wwMWcePnOy3OaM5aptgajf8cL6hA==", "StreamUrl": "wss://ssmmessages.us-east-1.amazonaws.com/v1/data-channel/[email protected]?role=publish_subscribe&cell-number=AAEAAbi57Gjk86X7Kdm53YqwkgMN7PYx3d1oSIoUYt4MCohJAAAAAGMGdzbgsDWRSE5algnoOOnJcGpnSOjMKI6ZgmdJ1OfPpCqCEQ==", "ResponseMetadata": {"RequestId": "47f5c704-a5cf-4b54-9671-752979b6b75f", "HTTPStatusCode": 200, "HTTPHeaders": {"server": "Server", "date": "Wed, 24 Aug 2022 19:08:38 GMT", "content-type": "application/x-amz-json-1.1", "content-length": "809", "connection": "keep-alive", "x-amzn-requestid": "47f5c704-a5cf-4b54-9671-752979b6b75f"}, "RetryAttempts": 0}}', 'us-east-1', 'StartSession', '', '{"Target": "i-01abdcdeghijk1234"}', 'https://ssm.us-east-1.amazonaws.com']
<i-01abdcdeghijk1234> SSM CONNECTION ID: [email protected]
<i-01abdcdeghijk1234> EXEC ( umask 77 && mkdir -p "` echo /tmp/.ansible-/tmp `"&& mkdir "` echo /tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512 `" && echo ansible-tmp-1661368117.597832-30918-210997495718512="` echo /tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512 `" )
<i-01abdcdeghijk1234> _wrap_command: 'echo XOjNwpjBJdHzGwYdkDgpxNskpJ
( umask 77 && mkdir -p "` echo /tmp/.ansible-/tmp `"&& mkdir "` echo /tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512 `" && echo ansible-tmp-1661368117.597832-30918-210997495718512="` echo /tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512 `" )
echo $'\n'$?
echo mIYLgDyMzFAbzbbgzvzyOGzSFV
'
<i-01abdcdeghijk1234> EXEC stdout line:
<i-01abdcdeghijk1234> EXEC stdout line: Starting session with SessionId: [email protected]
<i-01abdcdeghijk1234> EXEC remaining: 60
<i-01abdcdeghijk1234> EXEC stdout line: This session is encrypted using AWS KMS.
<i-01abdcdeghijk1234> EXEC remaining: 59
<i-01abdcdeghijk1234> EXEC stdout line: sh-4.2$ stty -echo
<i-01abdcdeghijk1234> EXEC stdout line: sh-4.2$ XOjNwpjBJdHzGwYdkDgpxNskpJ
<i-01abdcdeghijk1234> EXEC stdout line: ansible-tmp-1661368117.597832-30918-210997495718512=/tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512
<i-01abdcdeghijk1234> EXEC stdout line:
<i-01abdcdeghijk1234> EXEC stdout line: 0
<i-01abdcdeghijk1234> EXEC stdout line: mIYLgDyMzFAbzbbgzvzyOGzSFV
<i-01abdcdeghijk1234> POST_PROCESS: ansible-tmp-1661368117.597832-30918-210997495718512=/tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512

0
<i-01abdcdeghijk1234> (0, 'ansible-tmp-1661368117.597832-30918-210997495718512=/tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512\r\r', '')
<i-01abdcdeghijk1234> Attempting python interpreter discovery
<i-01abdcdeghijk1234> EXEC echo PLATFORM; uname; echo FOUND; command -v 'python3.10'; command -v 'python3.9'; command -v 'python3.8'; command -v 'python3.7'; command -v 'python3.6'; command -v 'python3.5'; command -v '/usr/bin/python3'; command -v '/usr/libexec/platform-python'; command -v 'python2.7'; command -v 'python2.6'; command -v '/usr/bin/python'; command -v 'python'; echo ENDFOUND
<i-01abdcdeghijk1234> _wrap_command: 'echo lqOZgwyroFqqwguAcWovvhgUrx
echo PLATFORM; uname; echo FOUND; command -v 'python3.10'; command -v 'python3.9'; command -v 'python3.8'; command -v 'python3.7'; command -v 'python3.6'; command -v 'python3.5'; command -v '/usr/bin/python3'; command -v '/usr/libexec/platform-python'; command -v 'python2.7'; command -v 'python2.6'; command -v '/usr/bin/python'; command -v 'python'; echo ENDFOUND
echo $'\n'$?
echo NEiUabHsNwYAhiFLBcBBthkDuE
'
<i-01abdcdeghijk1234> EXEC stdout line: lqOZgwyroFqqwguAcWovvhgUrx
<i-01abdcdeghijk1234> EXEC stdout line: PLATFORM
<i-01abdcdeghijk1234> EXEC stdout line: Linux
<i-01abdcdeghijk1234> EXEC stdout line: FOUND
<i-01abdcdeghijk1234> EXEC stdout line: /usr/bin/python3.6
<i-01abdcdeghijk1234> EXEC stdout line: /usr/bin/python3
<i-01abdcdeghijk1234> EXEC stdout line: /usr/libexec/platform-python
<i-01abdcdeghijk1234> EXEC stdout line: /usr/bin/python2.7
<i-01abdcdeghijk1234> EXEC stdout line: /usr/bin/python
<i-01abdcdeghijk1234> EXEC stdout line: /usr/bin/python
<i-01abdcdeghijk1234> EXEC stdout line: ENDFOUND
<i-01abdcdeghijk1234> EXEC stdout line:
<i-01abdcdeghijk1234> EXEC stdout line: 0
<i-01abdcdeghijk1234> EXEC stdout line: NEiUabHsNwYAhiFLBcBBthkDuE
<i-01abdcdeghijk1234> POST_PROCESS: PLATFORM
Linux
FOUND
/usr/bin/python3.6
/usr/bin/python3
/usr/libexec/platform-python
/usr/bin/python2.7
/usr/bin/python
/usr/bin/python
ENDFOUND

0
<i-01abdcdeghijk1234> (0, 'PLATFORM\r\r\nLinux\r\r\nFOUND\r\r\n/usr/bin/python3.6\r\r\n/usr/bin/python3\r\r\n/usr/libexec/platform-python\r\r\n/usr/bin/python2.7\r\r\n/usr/bin/python\r\r\n/usr/bin/python\r\r\nENDFOUND\r\r', '')
<i-01abdcdeghijk1234> Python interpreter discovery fallback (pipelining support required for extended interpreter discovery)
Using module file /usr/local/Cellar/ansible/5.7.1/libexec/lib/python3.10/site-packages/ansible/modules/setup.py
<i-01abdcdeghijk1234> PUT /Users/unixuser/.ansible/tmp/ansible-local-30910eqhqc8l8/tmpa3sam7uc TO /tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/AnsiballZ_setup.py
<i-01abdcdeghijk1234> EXEC curl 'https://sample-s3bucket-for-ansible.s3.amazonaws.com/i-01abdcdeghijk1234//tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/AnsiballZ_setup.py?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIATSRBJS7KJS7HRWAG%2F20220824%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220824T190844Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEDQaCXVzLWVhc3QtMSJIMEYCIQDxDjggcpX82cwc0IE%2BMeZyRjrq7p9fPtLXA%2FRB4uxCywIhAKl0CEeL4nVVsBZ8%2BuFfR%2B4Qe%2FxVG08wxUSqF71ppY6zKpsDCKz%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMMjQ1OTU2NzEyNDA0IgzbFx5Mkj9LBzFh5Lgq7wK2Q3EEQylKiJhE%2BBz9t%2BGYwOJ6ACzD52AIGg8jdatJS7PzIoWA3DnrqkJiTue3pRhUcwk%2FPjsAAxwEQ%2FmAPdfvB8i5SLR1YidorjxjaZDbSfh6tLoujK7uj94F2yAtmQRYGZcYHZZMR9zMrYYln08FFoHedF8qpYuVOv59ESjPjBIaD0RhkO%2FdVb3ZEUGPvwz1mpdg3RQByvqmGcnQwPKqzw6yE1STRh1o5DiRr%2Frda%2Bus8mJUmahIsy383FVSpWv5L9g8ytZLTbcEcVmBvsTxbLNpi71dMitmEMuTWFgBTCEnM%2F3Ewz3QozcUg3taBsjEvMlRGJ5NW2Y8p95q6HPao%2BCBPLncytcTLJabDJVTeOejCVw5MUh6C9x%2Bua1BEyWLJ3COVs4T6lz5MOp0xAK1w55orNcYvhFmyxRI58rhKRGZKCYfpVl1jTi0sLCfqVDJF9HjSXuLbgBVoLobW4bbn2DgVGNIoUVQiZZQWhcBMLzumZgGOqUBsBtxQve8qoT%2FXtQbTKhHgrBDJfTkTV3sKXez49nOj8%2F8RLsa9teJXU4tEkJxYq8v1aEnbENH34VDJwYX%2B2Gn8%2BvdWOPZRRzFyLGpovPARB7Xox4Cpw4BnPiyuiWVbiM4yx12EZh7Pix06TVdAdVO4nyzA6MHEC08Abk%2FQiMpDQtesoxEHBsxoi3%2BTkfgcLgtYb92NzhhA40V2n8v5aIIwrX5E0Or&X-Amz-Signature=61b4966723c596ad074fdec22c943d3fa5a5a8efdd7b9588c9ed488b7e4042be' -o '/tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/AnsiballZ_setup.py'
<i-01abdcdeghijk1234> _wrap_command: 'echo byKZxgUKGdcRGaTRjPBirXPQbt
curl 'https://sample-s3bucket-for-ansible.s3.amazonaws.com/i-01abdcdeghijk1234//tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/AnsiballZ_setup.py?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIATSRBJS7KJS7HRWAG%2F20220824%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220824T190844Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEDQaCXVzLWVhc3QtMSJIMEYCIQDxDjggcpX82cwc0IE%2BMeZyRjrq7p9fPtLXA%2FRB4uxCywIhAKl0CEeL4nVVsBZ8%2BuFfR%2B4Qe%2FxVG08wxUSqF71ppY6zKpsDCKz%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMMjQ1OTU2NzEyNDA0IgzbFx5Mkj9LBzFh5Lgq7wK2Q3EEQylKiJhE%2BBz9t%2BGYwOJ6ACzD52AIGg8jdatJS7PzIoWA3DnrqkJiTue3pRhUcwk%2FPjsAAxwEQ%2FmAPdfvB8i5SLR1YidorjxjaZDbSfh6tLoujK7uj94F2yAtmQRYGZcYHZZMR9zMrYYln08FFoHedF8qpYuVOv59ESjPjBIaD0RhkO%2FdVb3ZEUGPvwz1mpdg3RQByvqmGcnQwPKqzw6yE1STRh1o5DiRr%2Frda%2Bus8mJUmahIsy383FVSpWv5L9g8ytZLTbcEcVmBvsTxbLNpi71dMitmEMuTWFgBTCEnM%2F3Ewz3QozcUg3taBsjEvMlRGJ5NW2Y8p95q6HPao%2BCBPLncytcTLJabDJVTeOejCVw5MUh6C9x%2Bua1BEyWLJ3COVs4T6lz5MOp0xAK1w55orNcYvhFmyxRI58rhKRGZKCYfpVl1jTi0sLCfqVDJF9HjSXuLbgBVoLobW4bbn2DgVGNIoUVQiZZQWhcBMLzumZgGOqUBsBtxQve8qoT%2FXtQbTKhHgrBDJfTkTV3sKXez49nOj8%2F8RLsa9teJXU4tEkJxYq8v1aEnbENH34VDJwYX%2B2Gn8%2BvdWOPZRRzFyLGpovPARB7Xox4Cpw4BnPiyuiWVbiM4yx12EZh7Pix06TVdAdVO4nyzA6MHEC08Abk%2FQiMpDQtesoxEHBsxoi3%2BTkfgcLgtYb92NzhhA40V2n8v5aIIwrX5E0Or&X-Amz-Signature=61b4966723c596ad074fdec22c943d3fa5a5a8efdd7b9588c9ed488b7e4042be' -o '/tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/AnsiballZ_setup.py'
echo $'\n'$?
echo TGQYHnjuiuYzirdpmMFcsrMJVM
'
<i-01abdcdeghijk1234> EXEC stdout line: byKZxgUKGdcRGaTRjPBirXPQbt
<i-01abdcdeghijk1234> EXEC stdout line:   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
<i-01abdcdeghijk1234> EXEC stdout line:                                  Dload  Upload   Total   Spent    Left  Speed
100   243    0   243    0     0   1311      0 --:--:-- --:--:-- --:--:--  1335
<i-01abdcdeghijk1234> EXEC stdout line:
<i-01abdcdeghijk1234> EXEC stdout line: 0
<i-01abdcdeghijk1234> EXEC stdout line: TGQYHnjuiuYzirdpmMFcsrMJVM
<i-01abdcdeghijk1234> POST_PROCESS:   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   243    0   243    0     0   1311      0 --:--:-- --:--:-- --:--:--  1335

0
<i-01abdcdeghijk1234> (0, '  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current\r\r\n                                 Dload  Upload   Total   Spent    Left  Speed\r\r\n\r  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0\r100   243    0   243    0     0   1311      0 --:--:-- --:--:-- --:--:--  1335\r\r', '')
<i-01abdcdeghijk1234> (0, '  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current\r\r\n                                 Dload  Upload   Total   Spent    Left  Speed\r\r\n\r  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0\r100   243    0   243    0     0   1311      0 --:--:-- --:--:-- --:--:--  1335\r\r', '')
<i-01abdcdeghijk1234> EXEC chmod u+x /tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/ /tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/AnsiballZ_setup.py
<i-01abdcdeghijk1234> _wrap_command: 'echo bOsvBsXNffhJywcyKOSzdFUQey
chmod u+x /tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/ /tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/AnsiballZ_setup.py
echo $'\n'$?
echo vUpRBflbwqLMswehWeOpxAKnZa
'
<i-01abdcdeghijk1234> EXEC stdout line: bOsvBsXNffhJywcyKOSzdFUQey
<i-01abdcdeghijk1234> EXEC stdout line:
<i-01abdcdeghijk1234> EXEC stdout line: 0
<i-01abdcdeghijk1234> EXEC stdout line: vUpRBflbwqLMswehWeOpxAKnZa
<i-01abdcdeghijk1234> POST_PROCESS:
0
<i-01abdcdeghijk1234> (0, '\r', '')
<i-01abdcdeghijk1234> EXEC /usr/bin/python3.6 /tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/AnsiballZ_setup.py
<i-01abdcdeghijk1234> _wrap_command: 'echo sbcbriaByAowNwRncpxvIMlkWw
sudo /usr/bin/python3.6 /tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/AnsiballZ_setup.py
echo $'\n'$?
echo rkmfDZnYPgkfvtpyGYqEoubjnw
'
<i-01abdcdeghijk1234> EXEC stdout line: sbcbriaByAowNwRncpxvIMlkWw
<i-01abdcdeghijk1234> EXEC stdout line:   File "/tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/AnsiballZ_setup.py", line 1
<i-01abdcdeghijk1234> EXEC stdout line:     <?xml version="1.0" encoding="UTF-8"?>
<i-01abdcdeghijk1234> EXEC stdout line:     ^
<i-01abdcdeghijk1234> EXEC stdout line: SyntaxError: invalid syntax
<i-01abdcdeghijk1234> EXEC stdout line:
<i-01abdcdeghijk1234> EXEC stdout line: 1
<i-01abdcdeghijk1234> EXEC stdout line: rkmfDZnYPgkfvtpyGYqEoubjnw
<i-01abdcdeghijk1234> POST_PROCESS:   File "/tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/AnsiballZ_setup.py", line 1
    <?xml version="1.0" encoding="UTF-8"?>
    ^
SyntaxError: invalid syntax

1
<i-01abdcdeghijk1234> (1, '  File "/tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/AnsiballZ_setup.py", line 1\r\r\n    <?xml version="1.0" encoding="UTF-8"?>\r\r\n    ^\r\r\nSyntaxError: invalid syntax\r\r', '')
<i-01abdcdeghijk1234> EXEC rm -f -r /tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/ > /dev/null 2>&1
<i-01abdcdeghijk1234> _wrap_command: 'echo RNeklYXUoVoBRBxsaCQvSHZvzM
rm -f -r /tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/ > /dev/null 2>&1
echo $'\n'$?
echo GwmXWvOGaBoHZrFKewhSysLbMN
'
<i-01abdcdeghijk1234> EXEC stdout line: RNeklYXUoVoBRBxsaCQvSHZvzM
<i-01abdcdeghijk1234> EXEC stdout line:
<i-01abdcdeghijk1234> EXEC stdout line: 0
<i-01abdcdeghijk1234> EXEC stdout line: GwmXWvOGaBoHZrFKewhSysLbMN
<i-01abdcdeghijk1234> POST_PROCESS:
0
<i-01abdcdeghijk1234> (0, '\r', '')
<i-01abdcdeghijk1234> CLOSING SSM CONNECTION TO: i-01abdcdeghijk1234
<i-01abdcdeghijk1234> TERMINATE SSM SESSION: [email protected]
  i-01abdcdeghijk1234 failed | msg: The following modules failed to execute: ansible.legacy.setup

- Play recap -
  i-01abdcdeghijk1234        : ok=0    changed=0    unreachable=0    failed=1    rescued=0    ignored=0


### Code of Conduct

- [X] I agree to follow the Ansible Code of Conduct
@ansibullbot
Copy link

Files identified in the description:
None

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

@ansibullbot ansibullbot added bug This issue/PR relates to a bug needs_triage python3 labels Aug 24, 2022
@vjrk83
Copy link
Author

vjrk83 commented Aug 29, 2022

the component names has been updated bot_broken

community.aws.aws_ssm, ansible.legacy.setup

@jon-rei
Copy link

jon-rei commented Aug 30, 2022

I also came across the same problem.
In the end, my problem was the permissions of the IAM user which is executing Ansible. You can see it in the line, which is problematic for the syntax error:

<i-01abdcdeghijk1234> EXEC stdout line:   File "/tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/AnsiballZ_setup.py", line 1
<i-01abdcdeghijk1234> EXEC stdout line:     <?xml version="1.0" encoding="UTF-8"?>
<i-01abdcdeghijk1234> EXEC stdout line:     ^
<i-01abdcdeghijk1234> EXEC stdout line: SyntaxError: invalid syntax

Normally S3 is responding with an XML style when there is an error, which might be the case here.
You have to make sure that all the presigned URL which are created by Ansible can also be executed on the host.

@vjrk83
Copy link
Author

vjrk83 commented Aug 30, 2022

@jon-rei I have the IAM role attached to the instance has the below policy for the S3 bucket. Is there anything specific missing ?

    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:PutObjectAcl",
                "s3:GetEncryptionConfiguration"
            ],
            "Resource": [
                "arn:aws:s3:::sample-s3bucket-for-ansible/*"
            ]
        }
    ]
}

@vjrk83
Copy link
Author

vjrk83 commented Aug 30, 2022
edited
Loading

curl 'https://.s3.amazonaws.com' to the presigned always uses non-regional URL and also tried to do a curl from the instance which is showing HTTP/1.1 403 Forbidden with different set of results with non-regional & regional endpoints.
Any thoughts ?

I have the ENV variable added ['ansible_aws_ssm_region'] = 'us-east-1' which doesn't make any change as its still taking only non-regional endpoint.

**CURL TO REGIONAL ENDPOINT:**

sh-4.2$ curl -i 'https://sample-s3bucket-for-ansible.s3.us-east-1.amazonaws.com/i-08dbcc46da7c19740//tmp/.ansible-/tmp/ansible-tmp-1661884199.7312698-68233-2439790504567/AnsiballZ_ping.py?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIATSRBJS7KJKFL4SGN%2F20220830%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220830T183010Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEMP%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJGMEQCIFwZ47qeLXs7nrTFm5ABSmcHNbmQhvn%2BPgMdt4oGIfA9AiBPnptWSOZj5ytZ%2BsJipIRRIjG9nIo4RjaQWYaaGVL7rSqSAwhMEAAaDDI0NTk1NjcxMjQwNCIMhvk%2BRVssdOWUXbW2Ku8CPsQo%2FlgBnx2j5IRqzL1O8FnuW8%2BFizWFgDnrBfkqUkF4JpmIzWmD0B1eCtcBLP%2B7osJLCOC1QAsG2bvC7xbMoeduVfcBpVHOEI3CK7aqsedqXExvRCa9RJOligu68Ze85DlyrIeHPmPsw4oourCLZuJwca2U2krf96evm7e3NODOp%2Bb94OaceAMgjfrJYNXHR9kbgZM2EUAxrgzMA%2FUnaGjJmLlyq35kQv3gJ2tFMElBE0tyDUpYa0O2l85mqJCt1Pk8hf5iexO0ca3NJZUxax%2BUXQWQ%2BVFlUBvIdPLa6LHJFYcQrbTOWyPPTVJ6Qy8ju6KWe2pf44Dv4dI2NtESp3XG9aSD11mxew7Mq45qZzbQYvJQrqDVPfE2KY%2BHTVPp6MjUA3C12%2BsCY2zv5mWp4C7UaghvSOVUiRMGgzuMSzAdhIFJFXqw06INI%2F6pzpVnX%2FuWeZZIA2VV7roz8NClLdwEgQoH4Of%2FtX7utAuxuTCyrrmYBjqnAZ2bMzSDUeQ7V3SFAYrLZ4d1LZT3L4wLmEkPA6HLyz8OpqDVIKxKLnXRrhZ%2FTy8EuDLJywxOQh5QBp%2BM3XwXoEnS5t8TQiHJpzeteM5uk5n9XFCZZKfcODFW0A5jwkndwLcIYK0K5vI%2FxnwR4JahImnj1KTMSWa258sdpcEOsLlst8TgzlJSQjjZ69tefnEXik2pUdoEat9cc%2Fr1TMHTu9YL335smC8d&X-Amz-Signature=364b2d4d93c22c49b7881b7dcd38a5408c14e27b0995430383a7453647d92181'
HTTP/1.1 403 Forbidden
x-amz-request-id: T1N1N31VWNJC7HGZ
x-amz-id-2: Yqtae6c+Q2g3i6NF3ezZjhPrq2zSXF5ZgKwU4wEc1JJXBh0L6IewJwKfX2Hvy1KwXAjQk+JLNqI=
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Tue, 30 Aug 2022 18:44:45 GMT
Server: AmazonS3

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><AWSAccessKeyId>ASIATSRBJS7KJKFL4SGN</AWSAccessKeyId><StringToSign>AWS4-HMAC-SHA256
20220830T183010Z
20220830/us-east-1/s3/aws4_request
c65bb0f7e9728d08e4b8995675441b0211e34cac65937ac79fda53476bb371a6</StringToSign><SignatureProvided>364b2d4d93c22c49b7881b7dcd38a5408c14e27b0995430383a7453647d92181</SignatureProvided><StringToSignBytes>41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 32 32 30 38 33 30 54 31 38 33 30 31 30 5a 0a 32 30 32 32 30 38 33 30 2f 75 73 2d 65 61 73 74 2d 31 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 63 36 35 62 62 30 66 37 65 39 37 32 38 64 30 38 65 34 62 38 39 39 35 36 37 35 34 34 31 62 30 32 31 31 65 33 34 63 61 63 36 35 39 33 37 61 63 37 39 66 64 61 35 33 34 37 36 62 62 33 37 31 61 36</StringToSignBytes><CanonicalRequest>GET
/i-08dbcc46da7c19740//tmp/.ansible-/tmp/ansible-tmp-1661884199.7312698-68233-2439790504567/AnsiballZ_ping.py
X-Amz-Algorithm=AWS4-HMAC-SHA256&amp;X-Amz-Credential=ASIATSRBJS7KJKFL4SGN%2F20220830%2Fus-east-1%2Fs3%2Faws4_request&amp;X-Amz-Date=20220830T183010Z&amp;X-Amz-Expires=3600&amp;X-Amz-Security-Token=IQoJb3JpZ2luX2VjEMP%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJGMEQCIFwZ47qeLXs7nrTFm5ABSmcHNbmQhvn%2BPgMdt4oGIfA9AiBPnptWSOZj5ytZ%2BsJipIRRIjG9nIo4RjaQWYaaGVL7rSqSAwhMEAAaDDI0NTk1NjcxMjQwNCIMhvk%2BRVssdOWUXbW2Ku8CPsQo%2FlgBnx2j5IRqzL1O8FnuW8%2BFizWFgDnrBfkqUkF4JpmIzWmD0B1eCtcBLP%2B7osJLCOC1QAsG2bvC7xbMoeduVfcBpVHOEI3CK7aqsedqXExvRCa9RJOligu68Ze85DlyrIeHPmPsw4oourCLZuJwca2U2krf96evm7e3NODOp%2Bb94OaceAMgjfrJYNXHR9kbgZM2EUAxrgzMA%2FUnaGjJmLlyq35kQv3gJ2tFMElBE0tyDUpYa0O2l85mqJCt1Pk8hf5iexO0ca3NJZUxax%2BUXQWQ%2BVFlUBvIdPLa6LHJFYcQrbTOWyPPTVJ6Qy8ju6KWe2pf44Dv4dI2NtESp3XG9aSD11mxew7Mq45qZzbQYvJQrqDVPfE2KY%2BHTVPp6MjUA3C12%2BsCY2zv5mWp4C7UaghvSOVUiRMGgzuMSzAdhIFJFXqw06INI%2F6pzpVnX%2FuWeZZIA2VV7roz8NClLdwEgQoH4Of%2FtX7utAuxuTCyrrmYBjqnAZ2bMzSDUeQ7V3SFAYrLZ4d1LZT3L4wLmEkPA6HLyz8OpqDVIKxKLnXRrhZ%2FTy8EuDLJywxOQh5QBp%2BM3XwXoEnS5t8TQiHJpzeteM5uk5n9XFCZZKfcODFW0A5jwkndwLcIYK0K5vI%2FxnwR4JahImnj1KTMSWa258sdpcEOsLlst8TgzlJSQjjZ69tefnEXik2pUdoEat9cc%2Fr1TMHTu9YL335smC8d&amp;X-Amz-SignedHeaders=host
host:sample-s3bucket-for-ansible.s3.us-east-1.amazonaws.com

host
UNSIGNED-PAYLOAD</CanonicalRequest><CanonicalRequestBytes>47 45 54 0a 2f 69 2d 30 38 64 62 63 63 34 36 64 61 37 63 31 39 37 34 30 2f 2f 74 6d 70 2f 2e 61 6e 73 69 62 6c 65 2d 2f 74 6d 70 2f 61 6e 73 69 62 6c 65 2d 74 6d 70 2d 31 36 36 31 38 38 34 31 39 39 2e 37 33 31 32 36 39 38 2d 36 38 32 33 33 2d 32 34 33 39 37 39 30 35 30 34 35 36 37 2f 41 6e 73 69 62 61 6c 6c 5a 5f 70 69 6e 67 2e 70 79 0a 58 2d 41 6d 7a 2d 41 6c 67 6f 72 69 74 68 6d 3d 41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 26 58 2d 41 6d 7a 2d 43 72 65 64 65 6e 74 69 61 6c 3d 41 53 49 41 54 53 52 42 4a 53 37 4b 4a 4b 46 4c 34 53 47 4e 25 32 46 32 30 32 32 30 38 33 30 25 32 46 75 73 2d 65 61 73 74 2d 31 25 32 46 73 33 25 32 46 61 77 73 34 5f 72 65 71 75 65 73 74 26 58 2d 41 6d 7a 2d 44 61 74 65 3d 32 30 32 32 30 38 33 30 54 31 38 33 30 31 30 5a 26 58 2d 41 6d 7a 2d 45 78 70 69 72 65 73 3d 33 36 30 30 26 58 2d 41 6d 7a 2d 53 65 63 75 72 69 74 79 2d 54 6f 6b 65 6e 3d 49 51 6f 4a 62 33 4a 70 5a 32 6c 75 58 32 56 6a 45 4d 50 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 77 45 61 43 58 56 7a 4c 57 56 68 63 33 51 74 4d 53 4a 47 4d 45 51 43 49 46 77 5a 34 37 71 65 4c 58 73 37 6e 72 54 46 6d 35 41 42 53 6d 63 48 4e 62 6d 51 68 76 6e 25 32 42 50 67 4d 64 74 34 6f 47 49 66 41 39 41 69 42 50 6e 70 74 57 53 4f 5a 6a 35 79 74 5a 25 32 42 73 4a 69 70 49 52 52 49 6a 47 39 6e 49 6f 34 52 6a 61 51 57 59 61 61 47 56 4c 37 72 53 71 53 41 77 68 4d 45 41 41 61 44 44 49 30 4e 54 6b 31 4e 6a 63 78 4d 6a 51 77 4e 43 49 4d 68 76 6b 25 32 42 52 56 73 73 64 4f 57 55 58 62 57 32 4b 75 38 43 50 73 51 6f 25 32 46 6c 67 42 6e 78 32 6a 35 49 52 71 7a 4c 31 4f 38 46 6e 75 57 38 25 32 42 46 69 7a 57 46 67 44 6e 72 42 66 6b 71 55 6b 46 34 4a 70 6d 49 7a 57 6d 44 30 42 31 65 43 74 63 42 4c 50 25 32 42 37 6f 73 4a 4c 43 4f 43 31 51 41 73 47 32 62 76 43 37 78 62 4d 6f 65 64 75 56 66 63 42 70 56 48 4f 45 49 33 43 4b 37 61 71 73 65 64 71 58 45 78 76 52 43 61 39 52 4a 4f 6c 69 67 75 36 38 5a 65 38 35 44 6c 79 72 49 65 48 50 6d 50 73 77 34 6f 6f 75 72 43 4c 5a 75 4a 77 63 61 32 55 32 6b 72 66 39 36 65 76 6d 37 65 33 4e 4f 44 4f 70 25 32 42 62 39 34 4f 61 63 65 41 4d 67 6a 66 72 4a 59 4e 58 48 52 39 6b 62 67 5a 4d 32 45 55 41 78 72 67 7a 4d 41 25 32 46 55 6e 61 47 6a 4a 6d 4c 6c 79 71 33 35 6b 51 76 33 67 4a 32 74 46 4d 45 6c 42 45 30 74 79 44 55 70 59 61 30 4f 32 6c 38 35 6d 71 4a 43 74 31 50 6b 38 68 66 35 69 65 78 4f 30 63 61 33 4e 4a 5a 55 78 61 78 25 32 42 55 58 51 57 51 25 32 42 56 46 6c 55 42 76 49 64 50 4c 61 36 4c 48 4a 46 59 63 51 72 62 54 4f 57 79 50 50 54 56 4a 36 51 79 38 6a 75 36 4b 57 65 32 70 66 34 34 44 76 34 64 49 32 4e 74 45 53 70 33 58 47 39 61 53 44 31 31 6d 78 65 77 37 4d 71 34 35 71 5a 7a 62 51 59 76 4a 51 72 71 44 56 50 66 45 32 4b 59 25 32 42 48 54 56 50 70 36 4d 6a 55 41 33 43 31 32 25 32 42 73 43 59 32 7a 76 35 6d 57 70 34 43 37 55 61 67 68 76 53 4f 56 55 69 52 4d 47 67 7a 75 4d 53 7a 41 64 68 49 46 4a 46 58 71 77 30 36 49 4e 49 25 32 46 36 70 7a 70 56 6e 58 25 32 46 75 57 65 5a 5a 49 41 32 56 56 37 72 6f 7a 38 4e 43 6c 4c 64 77 45 67 51 6f 48 34 4f 66 25 32 46 74 58 37 75 74 41 75 78 75 54 43 79 72 72 6d 59 42 6a 71 6e 41 5a 32 62 4d 7a 53 44 55 65 51 37 56 33 53 46 41 59 72 4c 5a 34 64 31 4c 5a 54 33 4c 34 77 4c 6d 45 6b 50 41 36 48 4c 79 7a 38 4f 70 71 44 56 49 4b 78 4b 4c 6e 58 52 72 68 5a 25 32 46 54 79 38 45 75 44 4c 4a 79 77 78 4f 51 68 35 51 42 70 25 32 42 4d 33 58 77 58 6f 45 6e 53 35 74 38 54 51 69 48 4a 70 7a 65 74 65 4d 35 75 6b 35 6e 39 58 46 43 5a 5a 4b 66 63 4f 44 46 57 30 41 35 6a 77 6b 6e 64 77 4c 63 49 59 4b 30 4b 35 76 49 25 32 46 78 6e 77 52 34 4a 61 68 49 6d 6e 6a 31 4b 54 4d 53 57 61 32 35 38 73 64 70 63 45 4f 73 4c 6c 73 74 38 54 67 7a 6c 4a 53 51 6a 6a 5a 36 39 74 65 66 6e 45 58 69 6b 32 70 55 64 6f 45 61 74 39 63 63 25 32 46 72 31 54 4d 48 54 75 39 59 4c 33 33 35 73 6d 43 38 64 26 58 2d 41 6d 7a 2d 53 69 67 6e 65 64 48 65 61 64 65 72 73 3d 68 6f 73 74 0a 68 6f 73 74 3a 62 62 79 2d 73 65 2d 6c 7a 2d 77 69 6e 64 6f 77 73 2d 61 6e 73 69 62 6c 65 2e 73 33 2e 75 73 2d 65 61 73 74 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 0a 68 6f 73 74 0a 55 4e 53 49 47 4e 45 44 2d 50 41 59 4c 4f 41 44</CanonicalRequestBytes><RequestId>T1N1N31VWNJC7HGZ</RequestId><HostId>Yqtae6c+Q2g3i6NF3ezZjhPrq2zSXF5ZgKwU4wEc1JJXBh0L6IewJwKfX2Hvy1KwXAjQk+JLNqI=</HostId></Error>sh-4.2$


**CURL TO NON-REGIONAL ENDPOINT:** 


sh-4.2$ curl -i 'https://sample-s3bucket-for-ansible.s3.amazonaws.com/i-08dbcc46da7c19740//tmp/.ansible-/tmp/ansible-tmp-1661884199.7312698-68233-2439790504567/AnsiballZ_ping.py?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIATSRBJS7KJKFL4SGN%2F20220830%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220830T183010Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEMP%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJGMEQCIFwZ47qeLXs7nrTFm5ABSmcHNbmQhvn%2BPgMdt4oGIfA9AiBPnptWSOZj5ytZ%2BsJipIRRIjG9nIo4RjaQWYaaGVL7rSqSAwhMEAAaDDI0NTk1NjcxMjQwNCIMhvk%2BRVssdOWUXbW2Ku8CPsQo%2FlgBnx2j5IRqzL1O8FnuW8%2BFizWFgDnrBfkqUkF4JpmIzWmD0B1eCtcBLP%2B7osJLCOC1QAsG2bvC7xbMoeduVfcBpVHOEI3CK7aqsedqXExvRCa9RJOligu68Ze85DlyrIeHPmPsw4oourCLZuJwca2U2krf96evm7e3NODOp%2Bb94OaceAMgjfrJYNXHR9kbgZM2EUAxrgzMA%2FUnaGjJmLlyq35kQv3gJ2tFMElBE0tyDUpYa0O2l85mqJCt1Pk8hf5iexO0ca3NJZUxax%2BUXQWQ%2BVFlUBvIdPLa6LHJFYcQrbTOWyPPTVJ6Qy8ju6KWe2pf44Dv4dI2NtESp3XG9aSD11mxew7Mq45qZzbQYvJQrqDVPfE2KY%2BHTVPp6MjUA3C12%2BsCY2zv5mWp4C7UaghvSOVUiRMGgzuMSzAdhIFJFXqw06INI%2F6pzpVnX%2FuWeZZIA2VV7roz8NClLdwEgQoH4Of%2FtX7utAuxuTCyrrmYBjqnAZ2bMzSDUeQ7V3SFAYrLZ4d1LZT3L4wLmEkPA6HLyz8OpqDVIKxKLnXRrhZ%2FTy8EuDLJywxOQh5QBp%2BM3XwXoEnS5t8TQiHJpzeteM5uk5n9XFCZZKfcODFW0A5jwkndwLcIYK0K5vI%2FxnwR4JahImnj1KTMSWa258sdpcEOsLlst8TgzlJSQjjZ69tefnEXik2pUdoEat9cc%2Fr1TMHTu9YL335smC8d&X-Amz-Signature=364b2d4d93c22c49b7881b7dcd38a5408c14e27b0995430383a7453647d92181'
HTTP/1.1 403 Forbidden
x-amz-request-id: PZGCYE05S3X67K3W
x-amz-id-2: ocQnxjpKCfXzaAki+gYP8LZIfbZTZBHRls5tZ83bPajDU9jxUYQGpkoKcRjISuVU+Rh/+/svsb8=
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Tue, 30 Aug 2022 18:45:03 GMT
Server: AmazonS3

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>PZGCYE05S3X67K3W</RequestId><HostId>ocQnxjpKCfXzaAki+gYP8LZIfbZTZBHRls5tZ83bPajDU9jxUYQGpkoKcRjISuVU+Rh/+/svsb8=</HostId></Error>sh-4.2$

@jon-rei
Copy link

jon-rei commented Aug 31, 2022
edited
Loading

My policy looks like this:

{
    "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:GetBucketLocation",
        "s3:DeleteObject"
    ],
    "Effect": "Allow",
    "Resource": [
        "arn:aws:s3:::my-bucket/*",
        "arn:aws:s3:::my-bucket"
    ],
}

s3:GetBucketLocation just needs the bucket-arn.

Do you have Server Side Encryption enabled on your S3 bucket with a custom KMS key?
This could also lead to the permission issue you're having.

@vjrk83
Copy link
Author

vjrk83 commented Aug 31, 2022

@jon-rei yes SSE is enabled on the S3 with AWS Key Management Service key (SSE-KMS).

@vjrk83
Copy link
Author

vjrk83 commented Aug 31, 2022

Disabled the SSE on the bucket and still seeing Access Denied. I don't know what is blocking this.

@vjrk83
Copy link
Author

vjrk83 commented Aug 31, 2022

@jon-rei It appears that the pre-signed URL is using the credentials on my local which does works only locally and per IAM profile blocking which is not coming from allowed set of subnets when the curl is ran from the server. Is there a way to use this S3 to just copy the file and then run from sensible playbook or if there is any alternate way of setting this up ? I ran out of ideas now.

@jon-rei
Copy link

jon-rei commented Sep 1, 2022

Yes, I also came across exactly this issue. In my case, the permission boundary of the IAM user caused this issue.
Alternatively to using the ssm plugin, you could set up ssh to use the session manager connection, described here: https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-getting-started-enable-ssh-connections.html

@vjrk83
Copy link
Author

vjrk83 commented Sep 2, 2022

@jon-rei We do have windows instances to manage the ansible over SSM.

@jon-rei
Copy link

jon-rei commented Sep 5, 2022

I'm not using windows on my end. The only option for you would be to change the local IAM user you are using. Probably the GetObject is restricted by a permission boundary to only work from a specific IP range.

@sadok-f
Copy link

sadok-f commented Sep 27, 2022
edited
Loading

I'm facing the same issue, where I'm getting this error

<?xml version="1.0" encoding="UTF-8"?>
    ^
SyntaxError: invalid syntax

If I choose an existing old bucket, ansible-playbook runs successfully, but with new created bucket it fails with that error, although I choose the same configuration..
the content of the /AnsiballZ_command.py file:

cat ansible-tmp-1664302386.380288-16105-194981428431824/AnsiballZ_command.py
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>TemporaryRedirect</Code><Message>Please re-send this request to the specified temporary endpoint. Continue to use the original request endpoint for future requests.</Message><Endpoint>....

@jon-rei
Copy link

jon-rei commented Sep 29, 2022

All my cases where I had errors which resulted in having a .py file with XML content in it where because of missing permissions to get the files from the S3 bucket.
In your case you probably need to check if the IAM user has sufficient permissions on the newly created bucket.

@vj0303
Copy link

vj0303 commented Oct 11, 2022

Can we create new IAM user to use for creating pre-signed url to run the ansible playbooks ? The organization SSO has restrictions for source IP address with my current SSO to run this locally using the profile. Any alternative to override or copy the playbooks to successfully run ? I was never able to get this working .

@tremble
Copy link
Contributor

tremble commented Jan 20, 2023

Sorry it's taken a while to get back to you on this.

This is a known issue and should be fixed by #1669 and explicitly setting ansible_aws_ssm_s3_addressing_style: virtual.

The problem is usually caused by the AWS SDK returning a presigned URL which uses the global S3 endpoint, unfortunately, when you're using a new S3 bucket, the propagation of that bucket to the 'global' endpoints can take up to 24 hours. This results in the 'redirect' you're seeing. However, telling curl to follow that redirect results in an error message.

An alternative work around is just to keep an S3 bucket about that's used for this process. Once its existence has propagated the presigned URL works.

@tremble tremble closed this as completed Jan 20, 2023
@tremble
Copy link
Contributor

tremble commented Jan 20, 2023

Note: #1669 will be available with release 5.2.0 of the community.aws collection

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bot_broken bug This issue/PR relates to a bug needs_triage python3
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@tremble @sadok-f @jon-rei @ansibullbot @vj0303 @vjrk83