无法从链中任何提供商处加载AWS凭证-Jenkins& AWS代码管道 [英] Unable to load AWS credentials from any provider in the chain - Jenkins & AWS codepipeline

查看:187
本文介绍了无法从链中任何提供商处加载AWS凭证-Jenkins& AWS代码管道的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

当前,我正在尝试让Jenkins使用AWS Codepipeline.我在EC2实例上运行Jenkins.但是,由于某些原因,Jenkins无法加载AWS的默认凭证.我尝试了以下选项:

Currently I'm trying to get Jenkins working with AWS codepipeline. I'm running Jenkins on a EC2 instance. However, for some reason, Jenkins fails to load the default credentials of AWS. I tried the following options:

  • 使用"aws configure"命令初始化AWS凭证
  • 使用Jenkins中的aws-credentials插件
  • 在Jenkins CLI中执行导出AWS_ACCESS_KEY_ID = ....和AWS_SECRET_ACCESS_KEY = ....
  • 检查〜/.aws/credentials文件(如果存在凭据)(是这种情况)
  • 按照AWS文档中的所有步骤进行操作,以使Jenkins和代码管道协同工作( http://docs.aws.amazon.com/codepipeline/latest/userguide/getting-started-4.html )
  • 确保用户通过AWS上的IAM界面具有凭据
  • 通过所有步骤多次重新启动Jenkins服务器
  • Initialize aws credentials with 'aws configure' command
  • Use the aws-credentials plugin in Jenkins
  • Perform export AWS_ACCESS_KEY_ID=.... and AWS_SECRET_ACCESS_KEY=.... in Jenkins cli
  • Checked the ~/.aws/credentials file, if the credentials are present (which is the case)
  • Followed all steps in the AWS documentation to make Jenkins and the codepipeline work together (http://docs.aws.amazon.com/codepipeline/latest/userguide/getting-started-4.html)
  • Make sure that the user has the credentials through IAM interface on AWS
  • Through all the steps restarted the Jenkins server several times

我的工作中的轮询日志提供以下输出:

The polling log in my job gives the following output:

ERROR: Failed to record SCM polling for hudson.model.FreeStyleProject@75b77936[job-name]
com.amazonaws.AmazonClientException: Unable to load AWS credentials from any provider in the chain
at com.amazonaws.auth.AWSCredentialsProviderChain.getCredentials(AWSCredentialsProviderChain.java:131)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.getCredentialsFromContext(AmazonHttpClient.java:1028)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1048)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:948)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:661)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:635)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:618)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$300(AmazonHttpClient.java:586)
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:573)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:445)
at com.amazonaws.services.codepipeline.AWSCodePipelineClient.doInvoke(AWSCodePipelineClient.java:1785)
at com.amazonaws.services.codepipeline.AWSCodePipelineClient.invoke(AWSCodePipelineClient.java:1761)
at com.amazonaws.services.codepipeline.AWSCodePipelineClient.pollForJobs(AWSCodePipelineClient.java:1228)
at com.amazonaws.codepipeline.jenkinsplugin.AWSCodePipelineSCM.pollForJobs(AWSCodePipelineSCM.java:240)
at com.amazonaws.codepipeline.jenkinsplugin.AWSCodePipelineSCM.compareRemoteRevisionWith(AWSCodePipelineSCM.java:176)
at hudson.scm.SCM.poll(SCM.java:408)
at hudson.model.AbstractProject._poll(AbstractProject.java:1460)
at hudson.model.AbstractProject.poll(AbstractProject.java:1363)
at hudson.triggers.SCMTrigger$Runner.runPolling(SCMTrigger.java:563)
at hudson.triggers.SCMTrigger$Runner.run(SCMTrigger.java:609)
at hudson.util.SequentialExecutionQueue$QueueEntry.run(SequentialExecutionQueue.java:119)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)

对进一步的指导有什么建议吗?由于我不使用HTTPS,因此我想防止将凭据直接传递给配置页中的作业.

Any suggestions for further directions? I want to prevent to directly pass the credentials to the job in the configuration page since I don't use HTTPS.

推荐答案

根据您的描述,您可以使用IAM角色让jenkins正常工作.对于您的问题,您的凭据可能不适用于jenkins用户.

As per your description you use IAM role for jenkins its working fine.For your issue your credentials may not be available to jenkins user.

因此首先请检查您使用的是Amazon linux用户还是jenkins用户.如果是Amazon linux用户,则应进行更改.

So first of all check that you are using Amazon linux user or jenkins user.If it is Amazon linux user than change it.

第二件事是,您必须在服务器或Amazon EC2实例上配置代理和防火墙设置,以允许与Jenkins项目&所使用的端口的入站连接.在要与AWS CodePipeline结合使用的任何Jenkins实例上安装适用于Jenkins的AWS CodePipeline插件.

Second thing is that you must configure proxy and firewall settings on the server or Amazon EC2 instance to allow inbound connections to the port used by your Jenkins project & install the AWS CodePipeline Plugin for Jenkins on any instance of Jenkins you want to use with AWS CodePipeline.

参考链接: http://docs.aws.amazon. com/codepipeline/latest/userguide/getting-started-4.html

这篇关于无法从链中任何提供商处加载AWS凭证-Jenkins& AWS代码管道的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆