文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >刷新EC2实例标记失败: SharedCredsLoad

刷新EC2实例标记失败: SharedCredsLoad
EN

Stack Overflow用户
提问于 2019-10-30 00:35:03
回答 1查看 3.2K关注 0票数 3

我一直在努力从CloudWatch代理中获得基本的度量标准。我得到了这个错误,我不知道这意味着什么,我也找不到网上的资源来谈论它。

刷新EC2实例标记失败: SharedCredsLoad:未能获得配置文件,度量将被删除,直到它被修复

我遵循了这里的说明,仔细阅读了文档。同样,我们的目标只是阅读一些基本的指标,从我的EC2实例到CloudWatch。以下是我所遵循的步骤:

  • 按照指令这里“创建在EC2实例上运行CloudWatch代理所需的IAM角色”,然后将其分配给我的实例。
  • wget https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb
    • ami id是ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20190628 (ami-0cfee17793b08a293)

  • 使用命令.deb sudo dpkg --install --skip-same-version ./amazon-cloudwatch-agent.deb 安装
    • 注意,--install and --skip-same-version只是-i -E,就像在文档中所做的那样

  • 使用向导生成了一个config.json,位于这里的/opt/aws/amazon-cloudwatch-agent/bin/config.json。我在下面的错误信息下粘贴了内容。
  • 使用以下内容修改/opt/aws/amazon-cloudwatch-agent/etc/common-config.toml文件以指向cwagent的新凭据(因为不使用根用户):
代码语言:javascript
复制
root@ip-172-31-71-5:/opt/aws/amazon-cloudwatch-agent/etc# tail -n 4 common-config.toml 
#### BEGIN ANSIBLE MANAGED BLOCK ####
[credentials]
shared_credential_file = "/home/cwagent/.aws/credentials"
#### END ANSIBLE MANAGED BLOCK ####
  • 使用sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:/opt/aws/amazon-cloudwatch-agent/bin/config.json -s获取配置和启动代理

下面是我在日志中看到的错误,我假设这就是为什么我看不到任何度量标准

代码语言:javascript
复制
root@ip-172-31-71-5:/opt/aws/amazon-cloudwatch-agent/logs# tail -n 20 amazon-cloudwatch-agent.log 
2019/10/29 22:41:08 Reading json config file path: /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json ...
2019/10/29 22:41:08 Reading json config file path: /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d/file_config.json ...
2019/10/29 22:41:08 I! Detected runAsUser: cwagent
2019/10/29 22:41:08 I! Change ownership to cwagent:cwagent
2019/10/29 22:41:08 I! Set HOME: /home/cwagent
2019-10-29T22:41:08Z I! will use file based credentials provider 
2019-10-29T22:41:08Z I! cloudwatch: get unique roll up list []
2019-10-29T22:41:08Z I! Starting AmazonCloudWatchAgent (version 1.230621.0)
2019-10-29T22:41:08Z I! Loaded outputs: cloudwatch
2019-10-29T22:41:08Z I! cloudwatch: publish with ForceFlushInterval: 1m0s, Publish Jitter: 37s
2019-10-29T22:41:08Z I! Loaded inputs: disk mem
2019-10-29T22:41:08Z I! Tags enabled: host=ip-172-31-71-5
2019-10-29T22:41:08Z I! Agent Config: Interval:10s, Quiet:false, Hostname:"ip-172-31-71-5", Flush Interval:1s 
2019-10-29T22:41:08Z I! will use file based credentials provider 
2019-10-29T22:41:08Z E! refresh EC2 Instance Tags failed: SharedCredsLoad: failed to get profile, metrics will be dropped until it got fixed
2019-10-29T22:42:37Z E! refresh EC2 Instance Tags failed: SharedCredsLoad: failed to get profile, metrics will be dropped until it got fixed
2019-10-29T22:43:37Z E! refresh EC2 Instance Tags failed: SharedCredsLoad: failed to get profile, metrics will be dropped until it got fixed
2019-10-29T22:46:37Z E! refresh EC2 Instance Tags failed: SharedCredsLoad: failed to get profile, metrics will be dropped until it got fixed
2019-10-29T22:49:37Z E! refresh EC2 Instance Tags failed: SharedCredsLoad: failed to get profile, metrics will be dropped until it got fixed
2019-10-29T22:52:37Z E! refresh EC2 Instance Tags failed: SharedCredsLoad: failed to get profile, metrics will be dropped until it got fixed

我用的config.json

代码语言:javascript
复制
root@ip-172-31-71-5:/opt/aws/amazon-cloudwatch-agent/bin# cat config.json
{
    "agent": {
        "metrics_collection_interval": 10,
        "run_as_user": "cwagent"
    },
    "metrics": {
        "namespace": "TestNamespace",
        "append_dimensions": {
            "AutoScalingGroupName": "${aws:AutoScalingGroupName}",
            "ImageId": "${aws:ImageId}",
            "InstanceId": "${aws:InstanceId}",
            "InstanceType": "${aws:InstanceType}"
        },
        "metrics_collected": {
            "disk": {
                "measurement": [
                    "used_percent"
                ],
                "metrics_collection_interval": 60,
                "resources": [
                    "*"
                ]
            },
            "mem": {
                "measurement": [
                    "mem_used_percent"
                ],
                "metrics_collection_interval": 60
            }
        }
    }
}

编辑

我删除了凭据修改后才让它正常工作

代码语言:javascript
复制
root@ip-172-31-71-5:/opt/aws/amazon-cloudwatch-agent/etc# tail -n 4 common-config.toml 
#### BEGIN ANSIBLE MANAGED BLOCK ####
#[credentials]
#shared_credential_file = "/home/cwagent/.aws/credentials"
#### END ANSIBLE MANAGED BLOCK ####

在我继续将配置文件复制到默认位置之后,它会检查(尽管文档说您可以像我一样传递文件名)。

代码语言:javascript
复制
root@ip-172-31-71-5:/opt/aws/amazon-cloudwatch-agent/bin# cp config.json /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json
root@ip-172-31-71-5:/opt/aws/amazon-cloudwatch-agent/bin# cd ../etc/
root@ip-172-31-71-5:/opt/aws/amazon-cloudwatch-agent/etc# chown cwagent:cwagent amazon-cloudwatch-agent.json 
root@ip-172-31-71-5:/opt/aws/amazon-cloudwatch-agent/etc# ls -l
total 16
drwxr-xr-x 2 cwagent cwagent 4096 Oct 30 22:05 amazon-cloudwatch-agent.d
-rwxr-xr-x 1 cwagent cwagent  611 Oct 30 22:11 amazon-cloudwatch-agent.json
-rw-rw-r-- 1 cwagent cwagent 1144 Oct 30 22:05 amazon-cloudwatch-agent.toml
-rw-r--r-- 1 cwagent cwagent 1073 Oct 30 22:05 common-config.toml
amazon-web-services
amazon-cloudwatch
EN

回答 1

Stack Overflow用户

回答已采纳

发布于 2019-10-30 02:31:20

此错误似乎与与Amazon实例关联的访问标记有关。

您所链接的安装说明建议使用附加的CloudWatchAgentServerPolicy策略创建一个IAM角色。此策略包括描述标记()的权限。

代码语言:javascript
复制
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "cloudwatch:PutMetricData",
                "ec2:DescribeVolumes",
                "ec2:DescribeTags",
                "logs:PutLogEvents",
                "logs:DescribeLogStreams",
                "logs:DescribeLogGroups",
                "logs:CreateLogStream",
                "logs:CreateLogGroup"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ssm:GetParameter"
            ],
            "Resource": "arn:aws:ssm:*:*:parameter/AmazonCloudWatch-*"
        }
    ]
}

该服务器上的CloudWatch代理似乎没有接收到这样的权限,因此无法列出标记。

因此:

  • 确认IAM角色已经创建了,并且它包含了CloudWatchAgentServerPolicy策略。
  • 确认此IAM角色已被分配给运行CloudWatch代理的亚马逊EC2实例
  • 如果仍然失败,请检查在代理可能使用的实例上是否存在本地存储的凭据,而不是分配给实例的IAM角色。
票数 4
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/58617230

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档