To sign FCOS builds, I need to pull them from aws and sign them and push them back. This is a manual process for now, until we automate it.
Could someone please create these credentials for me, thanks.
From irc:
[13:37:41] <mboddu> relrod: Haha, are you busy? Its about fedora AWS credentials [13:38:22] <mboddu> I am trying to sync the fcos builds to bodhi-backend01.phx2.fp.o to sign them, they are hosted on fedora aws, and [13:38:32] <mboddu> $ aws s3 sync s3://fcos-builds/prod/streams/testing/builds/30.20190716.0/ . [13:38:32] <mboddu> fatal error: Unable to locate credentials [13:39:08] <relrod> hmm [13:39:57] <relrod> mboddu: I assume there's a valid ~/.aws/credentials file for whichever user you are syncing as? [13:40:12] <mboddu> relrod: I tried as me and root [13:40:48] <relrod> mboddu: ok. Give me a minute to finish up what I'm working on and I'll take a look. [13:40:56] <mboddu> relrod: Thanks [13:54:31] <relrod> mboddu: so is this a one time thing or does this sync need to keep working? And do you need to write back to it or just pull them? [13:54:57] <mboddu> relrod: It might be used in future until we automate it and I need to push as well [13:55:20] <mboddu> s/might/will/ [13:55:32] <mboddu> Once automated, I dont need the perms [13:55:45] <relrod> We probably want to create new creds for this, if it's not a one-time thing, and I think that will require nirik as I don't have permissions to do that. Alternatively we can likely use the s3-mirror creds from mm-backend01, but separation of concerns might be better. [13:55:47] <relrod> nirik: thoughts? [14:10:49] <nirik> I guess it needs creds... since this wouldn't be public since they aren't signed? [14:11:37] <relrod> nirik: yeah - should it use the s3-mirror creds or new creds? [14:12:06] <nirik> new. I don't think s3-mirror does/should have perms there. [14:12:14] <nirik> they are different buckets. [14:12:33] <nirik> please file a ticket on it and myself or puiterwijk can get it... but I guess it's urgent? as everything is today? [14:13:12] <relrod> mboddu: ^ [14:13:29] <relrod> I think it's "urgent" because their release is today [14:13:39] <pingou> nirik: relocating to the kitchen (need to do some strawberry jam) and I'll be ready in 15 :) [14:13:54] <nirik> relrod: right, like I said... [14:13:59] <mboddu> nirik: Yeah, it is kinda urgent, how long will it take? [14:14:03] »» mboddu files a ticket in the mean time [14:14:14] <nirik> pingou: might be hyjacked by this stuff... will see how long it takes me. [14:14:24] <nirik> mboddu: not sure. I don't know my way around aws too well...
ok. The access is in the ansible private repo and can be accessed from ansible with:
{{ fcos_builds_releng_aws_access_id }}
and
{{ fcos_builds_releng_aws_secret_key }}
You should be able to add to the bodhi playbook to put them there. Or, if you prefer I can just manually copy them somewhere for you.
@kevin copied them for me to ~/.aws/credentials for now.
I need to update the playbook to place put them in the location.
For now, it can be closed.
Metadata Update from @mohanboddu: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.