#7997 Please provide AMI uploading capabilities for FCOS
Closed: Fixed a month ago by jlebon. Opened a month ago by jlebon.

Ideally attaching it to the existing fcos-builds* IAM accounts.

Thanks!

/cc @puiterwijk


Created and attached fcos-upload-amis.

Metadata Update from @puiterwijk:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

a month ago

So now we're hitting:

failed finding snapshot: unable to describe import tasks: UnauthorizedOperation: You are not authorized to perform this operation.
status code: 403, request id: da5e1862-12e2-4673-ad1d-19ddb54abf76

I.e. fcos-builds-bot is being denied this API: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeImportSnapshotTasks.html

ore (the part of mantle that we're using for this) tries to be idempotent; and so before initiating an ImportSnapshot, it wants to check first if there's already an existing task for that image. Hence why it needs DescribeImportSnapshotTasks.

Re-opening (or I can create a new ticket instead).

/cc @bgilbert

Metadata Update from @jlebon:
- Issue status updated to: Open (was: Closed)

a month ago

Added.

If there's any other perms needed, let us know.

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

a month ago

Now hitting:

unable to create snapshot: unable to create import snapshot task: UnauthorizedOperation: You are not authorized to perform this operation.
    status code: 403, request id: 4f6563e0-59dd-4d9a-8b2f-8470b36c36a6

I.e. https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportSnapshot.html.

Just looking ahead, we'll also want RegisterImage, DescribeImages, CreateTags, and ModifyImageAttributeInput.

Metadata Update from @jlebon:
- Issue status updated to: Open (was: Closed)

a month ago

I added ImportSnapshot, CreateTags.

RegisterImage and DescribeImages were already set.

I can't find ModifyImageAttributeInput, only ModifyImageAttribute...

Yeah, sorry. ModifyImageAttribute is indeed the correct API name. ModifyImageAttributeInput is an AWS go API type.

As well as ModifySnapshotAttribute.

And now hitting

unable to create snapshot: unable to create import snapshot task: InvalidParameter: The sevice role <vmimport> does not exist or does not have sufficient permissions for the service to continue
    status code: 400, request id: 0334407b-d890-46d4-bdbc-acfd8a8db7b7

Hmm, are we not supposed to use the standard vmimport role here?

ModifySnapshotAttribute is already set.

No idea on vmimport...

This is really fixed now! Thank you both @kevin and @puiterwijk.

Metadata Update from @jlebon:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

a month ago

Login to comment on this ticket.

Metadata