0

I can successfully run sudo yum update when ssh-ing to my EC2 instance. However, when I attach the same command to the userData of my launch configuration, I see the following error (in /var/log/cloud-init-output.log):

launch script..
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd


 One of the configured repositories failed (Unknown),
 and yum doesn't have enough cached data to continue. At this point the only
 safe thing yum can do is fail. There are a few ways to work "fix" this:

My script:

#!/bin/bash
echo "launch script.."
sudo yum update -y
sudo yum install java-1.8.0 -y
aws s3 cp s3://bucket/app.jar ./app.jar
java -jar app.jar >> out.log

How can I run yum commands at EC2 instance startup?

nagy.zsolt.hun
  • 6,292
  • 12
  • 56
  • 95
  • Can you share your userData script? My guess is that you're not setting the -y flag in the !yum line of your script. – Matthew Arthur Jan 05 '19 at 12:01
  • I updated my question. I indeed missed the -y flag at first, but the problem is present even with it. – nagy.zsolt.hun Jan 05 '19 at 13:10
  • Try changing the placement of the -y flag. I have found that ec2 can be very particular. Here's an example of a bootstrap script I run successfully: #!/bin/bash yum install -y git yum groupinstall -y 'Development Tools' yum install -y gcc yum install build-essential -y g++ – Matthew Arthur Jan 05 '19 at 16:29
  • Verify that the instance has outbound network access before the script runs yum update. Something like: until ping -c1 www.google.com &>/dev/null; do :; done. Also note that user data scripts are executed as the root user, so you do not need sudo. – jarmod Jan 05 '19 at 17:03
  • @jarmod, there is indeed no Internet connection at startup for about a minute. Creating a similar loop to yours solves the problem - I will accept this information as the correct answer if you write it as an answer. Is there a more elegant solution to this? It feels somewhat hacky. – nagy.zsolt.hun Jan 05 '19 at 19:42

1 Answers1

4

Make sure that you actually have a route to the internet from your EC2 instance. That typically means either a public IP or a route to a NAT instance/gateway, and an Internet Gateway in your VPC.

It may be that the userdata script begins to run before connectivity has been established. You may need to verify that the instance has outbound network access before your script runs yum update, for example:

#!/bin/bash
echo "launch script.."

until ping -c1 www.google.com &>/dev/null; do
    echo "Waiting for network ..."
    sleep 1
done

yum update -y
# other things here

There are other options to wait for the network (here and here).

Also note that user data scripts are executed as the root user, so you do not need sudo.

jarmod
  • 71,565
  • 16
  • 115
  • 122
  • After more research, I realized this is not the correct answer. The proper solution is to assign public IP to EC2 instances. Your solution worked because I assigned an elastic IP in order to SSH in, and verify the solution. This question discusses the same topic: https://stackoverflow.com/questions/34757825/the-ec2-instance-cant-access-internet-in-a-public-subnet-without-a-elastic-ip-a – nagy.zsolt.hun Jan 05 '19 at 22:55
  • Well, yes you clearly need an outbound route to the yum repos. That means either a public IP or a route to a NAT instance/gateway and an Internet Gateway. Glad you got to the bottom of it. – jarmod Jan 05 '19 at 23:49
  • @nagy.zsolt.hun Hi, I'll add your root cause to this answer to help future readers, and I'm OK if you want to leave this as the accepted answer or reject it, either way. – jarmod Jan 07 '19 at 20:25
  • Thanks @jarmod, I want to keep this is as the accepted answer. – nagy.zsolt.hun Jan 07 '19 at 20:40