WIP: just testing encrypt ebs

[michaelgugino]

No description provided.

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign michaelgugino
You can assign the PR to them by writing /assign @michaelgugino in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[wking]

The running e2e-aws job is going to be under ci-op-c05gr0jg. Checking now:

$ AWS_PROFILE=ci aws ec2 describe-volumes --output json | jq -r '.Volumes[] | .cluster = (.Tags[] | select(.Key | startswith("kubernetes.io/cluster/")).Key) | select(.cluster | startswith("kubernetes.io/cluster/ci-op-c05gr0jg-")) | {VolumeId, Encrypted, cluster, instance: .Attachments[0].InstanceId} | .instance + " " + .VolumeId + " " + (.Encrypted | tostring)' | sort
i-00399060c31d247b4 vol-08e7e05f86e5e00ff true
i-010a09d0ac7e12cff vol-0699f18e8437c01c3 true
i-0150f2c2aadede7f8 vol-049ad595ac8f4d755 true
i-0199048ce1ecc0a5a vol-00d3d16492c857ba8 true
i-02f9c4886fc30abe5 vol-0a8fc1d523e06138a true
i-02fb3daa1fd8709df vol-040e2c6d44f09cad6 true
i-0304a5416499fc5db vol-0cb710226a030ce97 true
i-03c353b6cff84d4b6 vol-07e3f99f0faccc9b2 true
i-048c0d63da21ee189 vol-04c2874e0e94dfedf true
i-0540df24ac197aca6 vol-08d4bddfc29c18b93 true
i-05e869b68080ba9da vol-011a89cc8847f6f0f true
i-0682ebd3dadc5b2ae vol-0cb98f53a4cd04840 false
i-0682ebd3dadc5b2ae vol-0f65c561ace987cd8 true
i-080156cc098515d7a vol-0fd4f5e79b4241fb7 true
i-0880505b03470a96a vol-0c7a71edad95f33ef true
i-0d126cc0f9d0021d2 vol-0dfe7236019fbb206 true
i-0d21c733ea92b9c5f vol-07da7019151fe9ec1 true
i-0d21c733ea92b9c5f vol-0bc509c75a586c51d false
i-0d7c482532f1ebfaa vol-0af5c21555de3e78c true
i-0db047204f390bfcc vol-0f982093c48e29501 true
i-0eb683b9bc9ae47d1 vol-037bfb4be0cce3430 true
i-0ebc82baee6af5a6a vol-0415d015f493db3aa true
i-0ee3226ac750fd6bf vol-0b6d408149cd2612e true
i-0f81fc1122c84671c vol-00c49f0b1a65338d8 false
i-0f81fc1122c84671c vol-00e728174d801f2af true
 vol-0553626c4415a7c33 false
 vol-064d427271568eedb false
 vol-0e1112521c721580f false

which looks promising. Once these jobs wrap up, we can see what the compute instance IDs were.

[wking]

Getting the node IDs from that run:

$ curl -s https://storage.googleapis.com/origin-ci-test/pr-logs/pull/openshift_cluster-api-provider-aws/244/pull-ci-openshift-cluster-api-provider-aws-master-e2e-aws/998/artifacts/e2e-aws/nodes.json | jq '[.items[] | {machine: .metadata.annotations["machine.openshift.io/machine"], instance: .spec.providerID}] | sort_by(.machine)[]'
{
  "machine": "openshift-machine-api/ci-op-c05gr0jg-d771b-g42ml-master-0",
  "instance": "aws:///us-east-1a/i-0d7c482532f1ebfaa"
}
{
  "machine": "openshift-machine-api/ci-op-c05gr0jg-d771b-g42ml-master-1",
  "instance": "aws:///us-east-1b/i-0199048ce1ecc0a5a"
}
{
  "machine": "openshift-machine-api/ci-op-c05gr0jg-d771b-g42ml-master-2",
  "instance": "aws:///us-east-1a/i-0eb683b9bc9ae47d1"
}
{
  "machine": "openshift-machine-api/ci-op-c05gr0jg-d771b-g42ml-worker-us-east-1a-fm7l4",
  "instance": "aws:///us-east-1a/i-0304a5416499fc5db"
}
{
  "machine": "openshift-machine-api/ci-op-c05gr0jg-d771b-g42ml-worker-us-east-1a-q5m95",
  "instance": "aws:///us-east-1a/i-0540df24ac197aca6"
}
{
  "machine": "openshift-machine-api/ci-op-c05gr0jg-d771b-g42ml-worker-us-east-1b-zf6w9",
  "instance": "aws:///us-east-1b/i-048c0d63da21ee189"
}

All of those had encrypted root volumes (looking the instances up in my previous comment). So we should be good passing through blockDeviceMappings[0].EBS.Encrypted set via openshift/installer#2114.

[michaelgugino]

Getting the node IDs from that run:

$ curl -s https://storage.googleapis.com/origin-ci-test/pr-logs/pull/openshift_cluster-api-provider-aws/244/pull-ci-openshift-cluster-api-provider-aws-master-e2e-aws/998/artifacts/e2e-aws/nodes.json | jq '[.items[] | {machine: .metadata.annotations["machine.openshift.io/machine"], instance: .spec.providerID}] | sort_by(.machine)[]'
{
  "machine": "openshift-machine-api/ci-op-c05gr0jg-d771b-g42ml-master-0",
  "instance": "aws:///us-east-1a/i-0d7c482532f1ebfaa"
}
{
  "machine": "openshift-machine-api/ci-op-c05gr0jg-d771b-g42ml-master-1",
  "instance": "aws:///us-east-1b/i-0199048ce1ecc0a5a"
}
{
  "machine": "openshift-machine-api/ci-op-c05gr0jg-d771b-g42ml-master-2",
  "instance": "aws:///us-east-1a/i-0eb683b9bc9ae47d1"
}
{
  "machine": "openshift-machine-api/ci-op-c05gr0jg-d771b-g42ml-worker-us-east-1a-fm7l4",
  "instance": "aws:///us-east-1a/i-0304a5416499fc5db"
}
{
  "machine": "openshift-machine-api/ci-op-c05gr0jg-d771b-g42ml-worker-us-east-1a-q5m95",
  "instance": "aws:///us-east-1a/i-0540df24ac197aca6"
}
{
  "machine": "openshift-machine-api/ci-op-c05gr0jg-d771b-g42ml-worker-us-east-1b-zf6w9",
  "instance": "aws:///us-east-1b/i-048c0d63da21ee189"
}

All of those had encrypted root volumes (looking the instances up in my previous comment). So we should be good passing through blockDeviceMappings[0].EBS.Encrypted set via openshift/installer#2114.

@wking sounds good. I'll get a PR out to add that properly.

[vikaschoudhary16]

/retest

[openshift-ci-robot]

@michaelgugino: The following test failed, say /retest to rerun them all:

Test name	Commit	Details	Rerun command
ci/prow/unit	9f70f4f	link	/test unit

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.