Skip to content

Fix AWS STS for RHEL8/9 transition#2322

Merged
2uasimojo merged 1 commit intoopenshift:masterfrom
2uasimojo:HIVE-2400/fix-sts
Jun 21, 2024
Merged

Fix AWS STS for RHEL8/9 transition#2322
2uasimojo merged 1 commit intoopenshift:masterfrom
2uasimojo:HIVE-2400/fix-sts

Conversation

@2uasimojo
Copy link
Member

@2uasimojo 2uasimojo commented Jun 21, 2024
edited by openshift-ci bot
Loading

In #2260 we changed how we're invoking the openshift-install binary.

Before: Copy openshift-install into the hive container and run it via /usr/bin/hiveutil install-manager

After: Copy hiveutil into the installer container and run installer via /output/hiveutil.rhel$VER install-manager

What we missed was that, for STS flows, we inject an AWS credentials file containing a credential_process that invoked /usr/bin/hiveutil install-manager aws-credentials -- but hiveutil no longer lives there.

Fix.

HIVE-2400

@openshift-ci openshift-ci bot requested review from jstuever and lleshchi June 21, 2024 21:28
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jun 21, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: 2uasimojo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 21, 2024
@2uasimojo
Fix AWS STS for RHEL8/9 transition
6355794 
In openshift#2260 we changed how we're invoking the openshift-install binary.

Before: Copy openshift-install into the hive container and run it via
`/usr/bin/hiveutil install-manager`

After: Copy hiveutil into the installer container and run installer via
`/output/hiveutil.rhel$VER install-manager`

What we missed was that, for STS flows, we inject an AWS credentials
file containing a `credential_process` that invoked `/usr/bin/hiveutil
install-manager aws-credentials` -- but `hiveutil` no longer lives
there.

Fix.

HIVE-2400
@2uasimojo 2uasimojo force-pushed the HIVE-2400/fix-sts branch from e99dc67 to 6355794 Compare June 21, 2024 21:33
@celebdor celebdor mentioned this pull request Jun 21, 2024
Closed
@2uasimojo
Copy link
Member Author

2uasimojo commented Jun 21, 2024

/test periodic-images

Mysterious error message, may or may not be related to recent dockerfile changes.

@codecov
Copy link

codecov bot commented Jun 21, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 50.00000% with 1 line in your changes missing coverage. Please review.

Project coverage is 58.54%. Comparing base (86573c1) to head (6355794).

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #2322   +/-   ##
=======================================
  Coverage   58.54%   58.54%           
=======================================
  Files         182      182           
  Lines       25843    25843           
=======================================
  Hits        15130    15130           
  Misses       9437     9437           
  Partials     1276     1276
Files Coverage Δ
pkg/install/generate.go 47.62% <50.00%> (ø)

@2uasimojo 2uasimojo merged commit 73c38b4 into openshift:master Jun 21, 2024
@2uasimojo 2uasimojo deleted the HIVE-2400/fix-sts branch June 21, 2024 22:38
@2uasimojo
Copy link
Member Author

2uasimojo commented Jun 21, 2024

/cherry-pick mce-2.6

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jun 21, 2024

@2uasimojo: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/periodic-images 6355794 link true /test periodic-images

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@openshift-cherrypick-robot
Copy link

openshift-cherrypick-robot commented Jun 21, 2024

@2uasimojo: new pull request created: #2324

Details

In response to this:

/cherry-pick mce-2.6

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Jun 21, 2024
Closed
celebdor added a commit to celebdor/hive that referenced this pull request Jun 24, 2024
@celebdor
HIVE-2551: AWS deprov job compliant with cred proc
562810a 
In openshift#2322, in order to fix AWS provisioining in STS mode we pointed the
credential_process configuration to /output/hiveutil. The problem is
that the same configuration is used for both provisioning and
deprovisioning. Thus, when trying to deprovision in STS mode, when it
came time for delegating operation to hiveutil, we'd get an:

    /output/hiveutil not found

This commit fixes it by replicating the /output/hiveutil existance for
deprovisioning in AWS (though it will only get used in STS mode).

Signed-off-by: Antoni Segura Puimedon <antoni@redhat.com>
@celebdor celebdor mentioned this pull request Jun 24, 2024
Merged
celebdor added a commit to celebdor/hive that referenced this pull request Jun 25, 2024
@celebdor
HIVE-2551: AWS deprov job compliant with cred proc
77b7367 
In openshift#2322, in order to fix AWS provisioining in STS mode we pointed the
credential_process configuration to /output/hiveutil. The problem is
that the same configuration is used for both provisioning and
deprovisioning. Thus, when trying to deprovision in STS mode, when it
came time for delegating operation to hiveutil, we'd get an:

    /output/hiveutil not found

This commit fixes it by replicating the /output/hiveutil existance for
deprovisioning in AWS (though it will only get used in STS mode).

Signed-off-by: Antoni Segura Puimedon <antoni@redhat.com>
@celebdor celebdor mentioned this pull request Jun 25, 2024
Closed
lleshchi pushed a commit to lleshchi/hive that referenced this pull request Jul 3, 2024
@celebdor @lleshchi
HIVE-2551: AWS deprov job compliant with cred proc
6340379 
In openshift#2322, in order to fix AWS provisioining in STS mode we pointed the
credential_process configuration to /output/hiveutil. The problem is
that the same configuration is used for both provisioning and
deprovisioning. Thus, when trying to deprovision in STS mode, when it
came time for delegating operation to hiveutil, we'd get an:

    /output/hiveutil not found

This commit fixes it by replicating the /output/hiveutil existance for
deprovisioning in AWS (though it will only get used in STS mode).

Signed-off-by: Antoni Segura Puimedon <antoni@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jstuever jstuever Awaiting requested review from jstuever

@lleshchi lleshchi Awaiting requested review from lleshchi

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@2uasimojo @openshift-cherrypick-robot