- 最新
- 投票最多
- 评论最多
Hello,
Thank you for reaching out with the issue.
The error is very specific to the targeted instance does not allow execution of the downloaded script
entrance.py
on path /var/log/amazon/ssm/patch-baseline-operations by SSM agent.
Background
During patching SSM agent downloads the scripts to /var/lib/amazon/ssm and runs it. Patch Manager extracts the payload to /var/log/amazon/ssm/patch-baseline-operations then executes entrance.py.
In order to fix the issue, you need to have exclusive partitions to /var/log/amazon and /var/lib/amazon and they need to be mounted with exec permissions.
Reviewing the no exec on Instance
To display details about block devices mounted run the command below on the Instance terminal
#### list all the block devices including empty blocks
lsblk -a
#### Show mode of the blocks
lsblk -m
#### Preview the fstab
cat /etc/fstab
Note that sample output like this on the fstab means no exec is on sample
UUID=62daa1e8-f86b-4379-914a-c228a5fxxxxxx /var/log ext4 defaults,noexec 0 0
For more information see Permission denied / failed to run commands' error
If the issue persists and not figured out, get and review the logs on the Instance paths
/var/log/amazon/ssm/amazon-ssm-agent.log
/var/lib/amazon/ssm/InstanceID/document/orchestration/CommandID
Note: Patch Manager doesn't provide patches. Instead, Patch Manager orchestrates patching by` using the appropriate built-in mechanism for each operating system (OS) to install updates on an instance. For example, Patch Manager relies on yum for instances running Amazon Linux 2.
Should you need further clarification and assistance , reach out to AWS Premium Support and Contact Us
相关内容
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 3 年前
- AWS 官方已更新 1 年前