Hi,
I am following the elasticsearch chef cookbook tutorial here:
http://www.elasticsearch.org/tutorials/deploying-elasticsearch-with-chef-solo/
I am getting stuck on this step:
time ssh -t $SSH_OPTIONS $HOST "sudo chef-solo --node-name elasticsearch-test-1
-j /tmp/node.json"
Here is the error I am getting. It seems that my AWS key is lacking the
necessary permissions to create an EBS volume. I added "ec2:CreateVolume"
and "ec2:AttachVolume" to no avail. I cannot find any info on what
permissions I need to run this. Can anyone point me to this info?
[testadadmin@uspetddebspoc01 elasticsearch-test]$ time ssh -t $SSH_OPTIONS
$HOST "sudo chef-solo --node-name elasticsearch-test-1 -j /tmp/node.json"
Warning: Permanently added
'ec2-23-20-247-88.compute-1.amazonaws.com,23.20.247.88' (RSA) to the list
of known hosts.
Starting Chef Client, version 11.6.0
Compiling Cookbooks...
Recipe: elasticsearch::ebs
* package[gcc] action upgrade (up to date)
* package[gcc-c++] action upgrade (up to date)
* package[make] action upgrade (up to date)
* package[libxslt-devel] action upgrade (up to date)
* package[libxml2-devel] action upgrade (up to date)
* chef_gem[fog] action install (up to date)
[2014-03-20T18:29:18+00:00] WARN: Cloning resource attributes for
directory[/usr/local/var/data/elasticsearch/disk1] from prior resource
(CHEF-3694)
[2014-03-20T18:29:18+00:00] WARN: Previous
directory[/usr/local/var/data/elasticsearch/disk1]:
/var/chef-solo/cookbooks/elasticsearch/recipes/data.rb:16:in `block in
from_file'
[2014-03-20T18:29:18+00:00] WARN: Current
directory[/usr/local/var/data/elasticsearch/disk1]:
/var/chef-solo/cookbooks/elasticsearch/recipes/data.rb:39:in `block in
from_file'
Converging 50 resources
Recipe: monit::default
* package[monit] action install (up to date)
* service[monit] action start (up to date)
* template[/etc/monit/monitrc] action create (up to date)
Recipe: elasticsearch::curl
* package[curl] action install (up to date)
Recipe: ark::default
* package[unzip] action install (up to date)
* package[libtool] action install (up to date)
* package[autoconf] action install (up to date)
Recipe: elasticsearch::default
* group[elasticsearch] action create (up to date)
* user[elasticsearch] action create (up to date)
* bash[remove the elasticsearch user home] action run (skipped due to
not_if)
* directory[/usr/local/etc/elasticsearch] action create (up to date)
* directory[/usr/local/var/log/elasticsearch] action create (up to date)
* directory[/usr/local/var/run] action create (up to date)
* directory[/usr/local/var/data/elasticsearch] action create (up to date)
* template[/etc/init.d/elasticsearch] action create (up to date)
* service[elasticsearch] action enable (up to date)
* ark[elasticsearch] action install (skipped due to not_if)
* bash[enable user limits] action run (skipped due to not_if)
* log[increase limits for the elasticsearch user] action write
* file[/etc/security/limits.d/10-elasticsearch.conf] action create (up to
date)
* template[elasticsearch-env.sh] action create (up to date)
* template[elasticsearch.yml] action create (up to date)
* template[logging.yml] action create (up to date)
Recipe: elasticsearch::plugins
* directory[/usr/local/elasticsearch-0.90.12/plugins/] action create (up
to date)
* ruby_block[Install plugin: karmi/elasticsearch-paramedic] action run
(skipped due to not_if)
Recipe: elasticsearch::ebs
* package[gcc] action nothing (skipped due to action :nothing)
* package[gcc-c++] action nothing (skipped due to action :nothing)
* package[make] action nothing (skipped due to action :nothing)
* package[libxslt-devel] action nothing (skipped due to action :nothing)
* package[libxml2-devel] action nothing (skipped due to action :nothing)
* chef_gem[fog] action install (up to date)
* ruby_block[Create EBS volume on /dev/sda2 (size: 25GB)] action run
================================================================================
Error executing action `run` on resource 'ruby_block[Create EBS volume on
/dev/sda2 (size: 25GB)]'
================================================================================
Fog::Compute::AWS::Error
------------------------
UnauthorizedOperation => You are not authorized to perform this operation.
Cookbook Trace:
---------------
/var/chef-solo/cookbooks/elasticsearch/libraries/create_ebs.rb:41:in `block
(2 levels) in create_ebs'
Resource Declaration:
---------------------
# In /var/chef-solo/cookbooks/elasticsearch/libraries/create_ebs.rb
16: ruby_block "Create EBS volume on #{device} (size:
#{params[:ebs][:size]}GB)" do
17:
18: block do
19: require 'fog'
20: require 'open-uri'
21:
22: region = params[:region] ||
node.elasticsearch[:cloud][:aws][:region]
23: instance_id =
open('http://169.254.169.254/latest/meta-data/instance-id'){|f| f.gets}
24: raise "[!] Cannot get instance id from AWS meta-data API"
unless instance_id
25:
26: Chef::Log.debug("Region: #{region}, instance ID:
#{instance_id}")
27:
28: fog_options = { :provider => 'AWS', :region => region }
29: if (access_key =
node.elasticsearch[:cloud][:aws][:access_key]) &&
30: (secret_key =
node.elasticsearch[:cloud][:aws][:secret_key])
31: fog_options.merge!(:aws_access_key_id => access_key,
:aws_secret_access_key => secret_key)
32: else # Lack of credentials implies a IAM role will provide
keys
33: fog_options.merge!(:use_iam_profile => true)
34: end
35: aws = Fog::Compute.new(fog_options)
36:
37: server = aws.servers.get instance_id
38:
39: # Create EBS volume if the device is free
40: ebs_device = params[:ebs][:device] || device
41: unless server.volumes.map(&:device).include?(ebs_device)
42: options = { :device => ebs_device,
43: :size => params[:ebs][:size],
44: :delete_on_termination =>
params[:ebs][:delete_on_termination],
45: :availability_zone =>
server.availability_zone,
46: :server => server }
47:
48: options[:type] = params[:ebs][:type] if params[:ebs][:type]
49: options[:iops] = params[:ebs][:iops] if params[:ebs][:iops]
and params[:ebs][:type] == "io1"
50:
51: if params[:ebs][:snapshot_id]
52: if snapshot = aws.snapshots.get(params[:ebs][:snapshot_id])
53: Chef::Log.info "Creating EBS from snapshot:
#{snapshot.id} (" +
54: "Tags: #{snapshot.tags.inspect}, "
+
55: "Description: #{snapshot.description})"
56: options[:snapshot_id] = snapshot.id
57: else
58: __message = "[!] Cannot find snapshot:
#{params[:ebs][:snapshot_id]}"
59: Chef::Log.fatal __message
60: raise __message
61: end
62: end
Compiled Resource:
------------------
# Declared in
/var/chef-solo/cookbooks/elasticsearch/libraries/create_ebs.rb:16:in
`create_ebs'
ruby_block("Create EBS volume on /dev/sda2 (size: 25GB)") do
action "run"
retries 0
retry_delay 2
block_name "Create EBS volume on /dev/sda2 (size: 25GB)"
cookbook_name :elasticsearch
recipe_name "ebs"
block
#<Proc:0x0000000164ec58@/var/chef-solo/cookbooks/elasticsearch/libraries/create_ebs.rb:18>
end
[2014-03-20T18:29:20+00:00] ERROR: Running exception handlers
[2014-03-20T18:29:20+00:00] ERROR: Exception handlers complete
[2014-03-20T18:29:20+00:00] FATAL: Stacktrace dumped to
/var/chef-solo/chef-stacktrace.out
Chef Client failed. 1 resources updated
[2014-03-20T18:29:20+00:00] FATAL: Chef::Exceptions::ChildConvergeError:
Chef run process exited unsuccessfully (exit code 1)
Connection to ec2-23-20-247-88.compute-1.amazonaws.com closed.
real 0m7.060s
user 0m0.013s
sys 0m0.005s
Here is my node.json configuration:
{
"run_list": [ "recipe[monit]",
"recipe[elasticsearch]",
"recipe[elasticsearch::plugins]",
"recipe[elasticsearch::ebs]",
"recipe[elasticsearch::data]",
"recipe[elasticsearch::aws]",
"recipe[elasticsearch::nginx]",
"recipe[elasticsearch::proxy]",
"recipe[elasticsearch::monit]" ],
"elasticsearch" : {
"cluster_name" : "elasticsearch_test_with_chef",
"bootstrap" : { "mlockall" : false },
"discovery" : { "type": "ec2" },
"path": {
"data": ["/usr/local/var/data/elasticsearch/disk1"]
},
"data" : {
"devices" : {
"/dev/sda2" : {
"file_system" : "ext3",
"mount_options" : "rw,user",
"mount_path" : "/usr/local/var/data/elasticsearch/disk1",
"format_command" : "mkfs.ext3",
"fs_check_command" : "dumpe2fs",
"ebs" : {
"size" : 25,
"delete_on_termination" : true,
"type" : "io1",
"iops" : 100
}
}
}
},
"cloud" : {
"aws" : {
"access_key" : "xxxxxxx",
"secret_key" : "xxxxxxxxxxxxxxxxxxx",
"region" : "us-east-1"
},
"ec2" : {
"security_group": "elasticsearch-test"
}
},
"plugins" : {
"karmi/elasticsearch-paramedic" : {}
},
"nginx" : {
"users" : [ { "username" : "estest", "password" : "@estest!" } ],
"allow_cluster_api" : true
}
},
"monit" : {
"notify_email" : "xxxxxxx",
"mail_format" : { "from" : "xxxxxx", "subject" : "[monit] $SERVICE
$EVENT on $HOST", "message" : "$SERVICE $ACTION: $DESCRIPTION" }
}
Here is my AWS key configuration:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1394573401000",
"Effect": "Allow",
"Action": [
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeRegions",
"ec2:DescribeSecurityGroups",
"ec2:DescribeTags",
"ec2:AttachVolume",
"ec2:CreateVolume"
],
"Resource": [
"*"
]
}
]
}
Apologies for not putting all this into a gist. I am not yet initiated
with github.
Thanks,
Dan
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/edbd438b-4248-44af-a579-93dc8cae8f46%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
