2分でアマゾンSSMエージェントを理解してください

9448 ワード

devops ssm aws cloudopz テキストリンク

🚀 Install SSM Agent on Ubuntu Server instances
To install SSM Agent on Ubuntu Server 20.10 STR & 20.04, 18.04, and 16.04 LTS 64-bit instances (with Snap package)

~ $:/home/ubuntu# sudo snap install amazon-ssm-agent --classic

🚀 Check SSM Agent log

~ $:/home/ubuntu# systemctl restart snap.amazon-ssm-agent.amazon-ssm-agent.service                                                                                                                                                                                                 
~ $:/home/ubuntu# tail -f /var/log/amazon/ssm/amazon-ssm-agent.log                                                                                                                                                                                                                 
        status code: 400, request id: ea74ed4f-70d4-4610-8221-ce7868c3c9fb                                                                                                                                                                                                                
2021-01-08 08:40:20 INFO [amazon-ssm-agent] [SelfUpdate] Initializing self update ...
2021-01-08 08:40:20 INFO [amazon-ssm-agent] Starting Core Agent: amazon-ssm-agent - v3.0.161.0
2021-01-08 08:40:20 INFO [amazon-ssm-agent] OS: linux, Arch: amd64
2021-01-08 08:40:22 INFO [amazon-ssm-agent] [LongRunningWorkerContainer] [WorkerProvider] Worker ssm-agent-worker is not running, starting worker process
2021-01-08 08:40:22 INFO [amazon-ssm-agent] [LongRunningWorkerContainer] [WorkerProvider] Worker ssm-agent-worker (pid:11067) started
2021-01-08 08:40:22 ERROR Error adding the directory to watcher: no such file or directory
2021-01-08 08:40:22 INFO [amazon-ssm-agent] [LongRunningWorkerContainer] Monitor long running worker health every 60 seconds
2021-01-08 08:40:22 INFO [ssm-agent-worker] Dial to Core Agent broadcast channel
2021-01-08 08:40:22 INFO [ssm-agent-worker] Dial to Core Agent broadcast channel
2021-01-08 08:40:22 INFO [ssm-agent-worker] Create new startup processor
2021-01-08 08:40:22 INFO [ssm-agent-worker] Start to listen to Core Agent health channel
2021-01-08 08:40:22 INFO [ssm-agent-worker] Start to listen to Core Agent termination channel
2021-01-08 08:40:22 INFO [ssm-agent-worker] [StartupProcessor] Executing startup processor tasks
2021-01-08 08:40:22 INFO [ssm-agent-worker] [StartupProcessor] Write to serial port: Amazon SSM Agent v3.0.161.0 is running
2021-01-08 08:40:22 INFO [ssm-agent-worker] [StartupProcessor] Write to serial port: OsProductName: Ubuntu
2021-01-08 08:40:22 INFO [ssm-agent-worker] [StartupProcessor] Write to serial port: OsVersion: 18.04
2021-01-08 08:40:23 INFO [ssm-agent-worker] Entering SSM Agent hibernate - AccessDeniedException: User: arn:aws:sts::111111111111:assumed-role/SSMAutomation/i-06f3424a03d04c66d is not authorized to perform: ssm:UpdateInstanceInformation on resource: arn:aws:ec2:eu-central-1:111111111111:instance/i-06f3424a03d04c66d
        status code: 400, request id: f0580f42-a0c8-4038-8242-46e4818a391b

これは、SSMエージェントはSSMUpdateInstanceInformation それが依存するインスタンス

2021-01-08 08:40:23 INFO [ssm-agent-worker] Entering SSM Agent hibernate - AccessDeniedException: User: arn:aws:sts::111111111111:assumed-role/SSMAutomation/i-06f3424a03d04c66d is not authorized to perform: ssm:UpdateInstanceInformation on resource: arn:aws:ec2:eu-central-1:111111111111:instance/i-06f3424a03d04c66d

🚀 Attach instance profile for ssm agent permission

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AmazonSSMtoEC2",
            "Effect": "Allow",
            "Action": [
                "ssm:*",
                "ssmmessages:CreateControlChannel",
                "ssmmessages:CreateDataChannel",
                "ssmmessages:OpenControlChannel",
                "ssmmessages:OpenDataChannel",
                "ec2messages:AcknowledgeMessage",
                "ec2messages:DeleteMessage",
                "ec2messages:FailMessage",
                "ec2messages:GetEndpoint",
                "ec2messages:GetMessages",
                "ec2messages:SendReply"
            ],
            "Resource": "*"
        }
    ]
}

ロールに対するSSMエージェントの再起動

2021-01-08 08:44:27 INFO [ssm-agent-worker] Starting SSM Agent Worker: amazon-ssm-agent - v3.0.161.0
2021-01-08 08:44:27 INFO [ssm-agent-worker] OS: linux, Arch: amd64
2021-01-08 08:44:27 INFO [ssm-agent-worker] [MessagingDeliveryService] Starting document processing engine...
2021-01-08 08:44:27 INFO [ssm-agent-worker] [OfflineService] Starting document processing engine...
2021-01-08 08:44:27 INFO [ssm-agent-worker] [OfflineService] [EngineProcessor] Starting
2021-01-08 08:44:27 INFO [ssm-agent-worker] [OfflineService] [EngineProcessor] Initial processing
2021-01-08 08:44:27 INFO [ssm-agent-worker] [HealthCheck] HealthCheck reporting agent health.
2021-01-08 08:44:27 INFO [ssm-agent-worker] [OfflineService] Starting message polling
2021-01-08 08:44:27 INFO [ssm-agent-worker] [OfflineService] Starting send replies to MDS
2021-01-08 08:44:27 INFO [ssm-agent-worker] [LongRunningPluginsManager] starting long running plugin manager
2021-01-08 08:44:27 INFO [ssm-agent-worker] [LongRunningPluginsManager] there aren't any long running plugin to execute
2021-01-08 08:44:27 INFO [ssm-agent-worker] [MessagingDeliveryService] [EngineProcessor] Starting
2021-01-08 08:44:27 INFO [ssm-agent-worker] [MessagingDeliveryService] [EngineProcessor] Initial processing
2021-01-08 08:44:27 INFO [ssm-agent-worker] [MessagingDeliveryService] Starting message polling
2021-01-08 08:44:27 INFO [ssm-agent-worker] [MessagingDeliveryService] Starting send replies to MDS
2021-01-08 08:44:27 INFO [ssm-agent-worker] [instanceID=i-06f3424a03d04c66d] Starting association polling
2021-01-08 08:44:27 INFO [ssm-agent-worker] [MessagingDeliveryService] [Association] [EngineProcessor] Starting
2021-01-08 08:44:27 INFO [ssm-agent-worker] [MessagingDeliveryService] [Association] Launching response handler
2021-01-08 08:44:27 INFO [ssm-agent-worker] [MessagingDeliveryService] [Association] [EngineProcessor] Initial processing
2021-01-08 08:44:27 INFO [ssm-agent-worker] [MessagingDeliveryService] [Association] Initializing association scheduling service
2021-01-08 08:44:27 INFO [ssm-agent-worker] [MessagingDeliveryService] [Association] Association scheduling service initialized
2021-01-08 08:44:27 INFO [ssm-agent-worker] [MessageGatewayService] Starting session document processing engine...
2021-01-08 08:44:27 INFO [ssm-agent-worker] [MessageGatewayService] [EngineProcessor] Starting
2021-01-08 08:44:27 INFO [ssm-agent-worker] [MessageGatewayService] SSM Agent is trying to setup control channel for Session Manager module.
2021-01-08 08:44:27 INFO [ssm-agent-worker] [MessageGatewayService] agent telemetry cloudwatch metrics disabled
2021-01-08 08:44:27 INFO [ssm-agent-worker] [MessageGatewayService] Setting up websocket for controlchannel for instance: i-06f3424a03d04c66d, requestId: 8ad8e181-fff5-4aee-81ca-4bbaf6542c3e
2021-01-08 08:44:27 INFO [ssm-agent-worker] [MessageGatewayService] listening reply.

🚀 Conclusion

AWS Systems Manager Runコマンドを使用するには、SSMコマンドを送信するインスタンスのIAMポリシーを設定するだけでなく、SSMエージェントがEC 2リソースを

ミラー

https://github.com/vumdao/ssm-agent

.
Web
.
.
.
Page
.

Reference

この問題について(2分でアマゾンSSMエージェントを理解してください), 我々は、より多くの情報をここで見つけました https://dev.to/vumdao/understand-amazon-ssm-agent-in-2-minutes-1363

テキストは自由に共有またはコピーできます。ただし、このドキュメントのURLは参考URLとして残しておいてください。

Collection and Share based on the CC Protocol

Android基礎学習-簡単なコントロール、EditText、Button:

🔹 jQuery - Effect