fedora-infrastructure

Clone
Source Code
GIT

#7997 Please provide AMI uploading capabilities for FCOS
Closed: Fixed 4 years ago by jlebon. Opened 4 years ago by jlebon.

Closed: Fixed
Reopen Issue

Ideally attaching it to the existing fcos-builds* IAM accounts.

Thanks!

/cc @puiterwijk

Created and attached fcos-upload-amis.

Metadata Update from @puiterwijk:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)
4 years ago

So now we're hitting:

failed finding snapshot: unable to describe import tasks: UnauthorizedOperation: You are not authorized to perform this operation.
status code: 403, request id: da5e1862-12e2-4673-ad1d-19ddb54abf76

I.e. fcos-builds-bot is being denied this API: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeImportSnapshotTasks.html

ore (the part of mantle that we're using for this) tries to be idempotent; and so before initiating an ImportSnapshot, it wants to check first if there's already an existing task for that image. Hence why it needs DescribeImportSnapshotTasks.

Re-opening (or I can create a new ticket instead).

/cc @bgilbert

Metadata Update from @jlebon:
- Issue status updated to: Open (was: Closed)
4 years ago

Added.

If there's any other perms needed, let us know.

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)
4 years ago

Now hitting:

unable to create snapshot: unable to create import snapshot task: UnauthorizedOperation: You are not authorized to perform this operation.
    status code: 403, request id: 4f6563e0-59dd-4d9a-8b2f-8470b36c36a6

I.e. https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportSnapshot.html.

Just looking ahead, we'll also want RegisterImage, DescribeImages, CreateTags, and ModifyImageAttributeInput.

Metadata Update from @jlebon:
- Issue status updated to: Open (was: Closed)
4 years ago

I added ImportSnapshot, CreateTags.

RegisterImage and DescribeImages were already set.

I can't find ModifyImageAttributeInput, only ModifyImageAttribute...

Yeah, sorry. ModifyImageAttribute is indeed the correct API name. ModifyImageAttributeInput is an AWS go API type.

As well as ModifySnapshotAttribute.

And now hitting

unable to create snapshot: unable to create import snapshot task: InvalidParameter: The sevice role <vmimport> does not exist or does not have sufficient permissions for the service to continue
    status code: 400, request id: 0334407b-d890-46d4-bdbc-acfd8a8db7b7

Hmm, are we not supposed to use the standard vmimport role here?

ModifySnapshotAttribute is already set.

No idea on vmimport...

This is really fixed now! Thank you both @kevin and @puiterwijk.

Metadata Update from @jlebon:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)
4 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
Needs Review
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.