gpt4 book ai didi

amazon-web-services - 刷新 EC2 实例标签失败 : SharedCredsLoad

转载 作者:行者123 更新时间:2023-12-05 02:58:47 32 4
gpt4 key购买 nike

我一直在努力从 CloudWatch 代理获取基本指标。我一直收到这个错误,我不知道它是什么意思,也无法在网上找到很多关于它的资源

refresh EC2 Instance Tags failed: SharedCredsLoad: failed to get profile, metrics will be dropped until it got fixed

我按照说明操作 here并仔细阅读了文档。同样,目标只是将一些基本指标从我的 EC2 实例读入 CloudWatch。以下是我遵循的步骤:

  • 遵循说明 here “创建在 EC2 实例上运行 CloudWatch 代理所需的 IAM 角色”,然后将其分配给我的实例。
  • wget https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb
    • ami id 是 ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20190628 (ami-0cfee17793b08a293)
  • 使用命令 sudo dpkg --install --skip-same-version ./amazon-cloudwatch-agent.deb 安装 .deb
    • 注意 --install and --skip-same-version 只是 -i -E 在文档中完成
  • 使用向导生成了一个 config.json,位于此处 /opt/aws/amazon-cloudwatch-agent/bin/config.json。我在下面的错误消息下粘贴了内容。
  • 修改 /opt/aws/amazon-cloudwatch-agent/etc/common-config.toml 文件以指向 cwagent 的新凭据(因为不使用 root用户)具有以下内容:
root@ip-172-31-71-5:/opt/aws/amazon-cloudwatch-agent/etc# tail -n 4 common-config.toml 
#### BEGIN ANSIBLE MANAGED BLOCK ####
[credentials]
shared_credential_file = "/home/cwagent/.aws/credentials"
#### END ANSIBLE MANAGED BLOCK ####
  • 使用 sudo/opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:/opt/aws/获取配置并启动代理amazon-cloudwatch-agent/bin/config.json -s

这是我现在在日志中看到的错误,我假设这就是我看不到任何指标的原因

root@ip-172-31-71-5:/opt/aws/amazon-cloudwatch-agent/logs# tail -n 20 amazon-cloudwatch-agent.log 
2019/10/29 22:41:08 Reading json config file path: /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json ...
2019/10/29 22:41:08 Reading json config file path: /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d/file_config.json ...
2019/10/29 22:41:08 I! Detected runAsUser: cwagent
2019/10/29 22:41:08 I! Change ownership to cwagent:cwagent
2019/10/29 22:41:08 I! Set HOME: /home/cwagent
2019-10-29T22:41:08Z I! will use file based credentials provider
2019-10-29T22:41:08Z I! cloudwatch: get unique roll up list []
2019-10-29T22:41:08Z I! Starting AmazonCloudWatchAgent (version 1.230621.0)
2019-10-29T22:41:08Z I! Loaded outputs: cloudwatch
2019-10-29T22:41:08Z I! cloudwatch: publish with ForceFlushInterval: 1m0s, Publish Jitter: 37s
2019-10-29T22:41:08Z I! Loaded inputs: disk mem
2019-10-29T22:41:08Z I! Tags enabled: host=ip-172-31-71-5
2019-10-29T22:41:08Z I! Agent Config: Interval:10s, Quiet:false, Hostname:"ip-172-31-71-5", Flush Interval:1s
2019-10-29T22:41:08Z I! will use file based credentials provider
2019-10-29T22:41:08Z E! refresh EC2 Instance Tags failed: SharedCredsLoad: failed to get profile, metrics will be dropped until it got fixed
2019-10-29T22:42:37Z E! refresh EC2 Instance Tags failed: SharedCredsLoad: failed to get profile, metrics will be dropped until it got fixed
2019-10-29T22:43:37Z E! refresh EC2 Instance Tags failed: SharedCredsLoad: failed to get profile, metrics will be dropped until it got fixed
2019-10-29T22:46:37Z E! refresh EC2 Instance Tags failed: SharedCredsLoad: failed to get profile, metrics will be dropped until it got fixed
2019-10-29T22:49:37Z E! refresh EC2 Instance Tags failed: SharedCredsLoad: failed to get profile, metrics will be dropped until it got fixed
2019-10-29T22:52:37Z E! refresh EC2 Instance Tags failed: SharedCredsLoad: failed to get profile, metrics will be dropped until it got fixed

还有我用的config.json

root@ip-172-31-71-5:/opt/aws/amazon-cloudwatch-agent/bin# cat config.json
{
"agent": {
"metrics_collection_interval": 10,
"run_as_user": "cwagent"
},
"metrics": {
"namespace": "TestNamespace",
"append_dimensions": {
"AutoScalingGroupName": "${aws:AutoScalingGroupName}",
"ImageId": "${aws:ImageId}",
"InstanceId": "${aws:InstanceId}",
"InstanceType": "${aws:InstanceType}"
},
"metrics_collected": {
"disk": {
"measurement": [
"used_percent"
],
"metrics_collection_interval": 60,
"resources": [
"*"
]
},
"mem": {
"measurement": [
"mem_used_percent"
],
"metrics_collection_interval": 60
}
}
}
}

编辑

删除凭据修改后我开始工作了

root@ip-172-31-71-5:/opt/aws/amazon-cloudwatch-agent/etc# tail -n 4 common-config.toml 
#### BEGIN ANSIBLE MANAGED BLOCK ####
#[credentials]
#shared_credential_file = "/home/cwagent/.aws/credentials"
#### END ANSIBLE MANAGED BLOCK ####

在我继续将配置文件复制到默认位置后,它会检查(即使文档说您可以像我一样传递文件名)。

root@ip-172-31-71-5:/opt/aws/amazon-cloudwatch-agent/bin# cp config.json /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json
root@ip-172-31-71-5:/opt/aws/amazon-cloudwatch-agent/bin# cd ../etc/
root@ip-172-31-71-5:/opt/aws/amazon-cloudwatch-agent/etc# chown cwagent:cwagent amazon-cloudwatch-agent.json
root@ip-172-31-71-5:/opt/aws/amazon-cloudwatch-agent/etc# ls -l
total 16
drwxr-xr-x 2 cwagent cwagent 4096 Oct 30 22:05 amazon-cloudwatch-agent.d
-rwxr-xr-x 1 cwagent cwagent 611 Oct 30 22:11 amazon-cloudwatch-agent.json
-rw-rw-r-- 1 cwagent cwagent 1144 Oct 30 22:05 amazon-cloudwatch-agent.toml
-rw-r--r-- 1 cwagent cwagent 1073 Oct 30 22:05 common-config.toml

最佳答案

该错误似乎与访问与 Amazon EC2 实例关联的标签有关。

您链接的安装说明建议创建一个附加了 CloudWatchAgentServerPolicy 策略的 IAM 角色。此政策包括描述标签的权限:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:PutMetricData",
"ec2:DescribeVolumes",
"ec2:DescribeTags",
"logs:PutLogEvents",
"logs:DescribeLogStreams",
"logs:DescribeLogGroups",
"logs:CreateLogStream",
"logs:CreateLogGroup"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ssm:GetParameter"
],
"Resource": "arn:aws:ssm:*:*:parameter/AmazonCloudWatch-*"
}
]
}

该服务器上的 CloudWatch 代理似乎没有收到此类权限,因此无法列出标签。

因此:

  • 确认IAM 角色已创建,并且它包含CloudWatchAgentServerPolicy 策略
  • 确认此 IAM 角色已分配给运行 CloudWatch 代理的 Amazon EC2 实例
  • 如果仍然失败,请检查代理可能使用的实例上是否有任何本地存储的凭证,而不是分配给实例的 IAM 角色

关于amazon-web-services - 刷新 EC2 实例标签失败 : SharedCredsLoad,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58617230/

32 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com