Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

aws: launch and customize a new instance with remote Ignition file from a S3 bucket #657

Merged
merged 1 commit into from
Nov 15, 2024

Conversation

HuijingHei
Copy link
Member

Then you can launch the instance using the same command as xref:#_customized_example[], passing the minimal configuration you just created.
Then you can launch the instance using the following command, passing the minimal configuration you just created.

Note: You need to create an IAM profile with `s3:GetObject` permission, and attach the role to the instance.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's add here the command to do that as well

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add an URL here about how to create an IAM profile, WDYT?

modules/ROOT/pages/provisioning-aws.adoc Outdated Show resolved Hide resolved
@HuijingHei HuijingHei force-pushed the update-aws-s3-support branch 6 times, most recently from 70c05ed to c4a09de Compare August 6, 2024 07:16
Copy link

@deby1122 deby1122 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

t

@HuijingHei HuijingHei force-pushed the update-aws-s3-support branch from c4a09de to 507b480 Compare August 7, 2024 06:45
@HuijingHei
Copy link
Member Author

@travier @prestist could you help to review again as I made some changes, thanks!

@HuijingHei HuijingHei force-pushed the update-aws-s3-support branch from 507b480 to b69eb56 Compare October 25, 2024 08:49
Copy link
Member

@c4rt0 c4rt0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@HuijingHei I tried multiple times to go through this without success.
I am able to create roles & profiles I am just constantly getting stuck at Job ignition-fetch.service/start "running" forever.

I noticed that creating an ignition with --pretty results with:

Ignition has failed. Please ensure your config is valid.

the ignition file I used for this:

{"ignition":{"config":{"replace":{"source":"arn:aws:s3:::apiaseck-inf/bootstrap.ign"}},"version":"3.4.0"}}

I also tried:

{"ignition":{"config":{"replace":{"source":"s3://apiaseck-inf/bootstrap.ign"}},"version":"3.4.0"}}

The above was correct as per created bucket through commands provided.

adamsky@fedorapc Work/aws » NAME='apiaseck-inf'                                                                                                                                                                                           
adamsky@fedorapc Work/aws » aws s3 mb s3://$NAME --region us-east-2 

At this stage I can only present the last result of my failed attempt:

[   26.335382] NetworkManager[758]: <info>  [1729886778.9297] manager: NetworkManager state is now CONNECTED_GLOBAL
[   26.392925] NetworkManager[758]: <info>  [1729886778.9304] manager: startup complete
[   26.427019] systemd[1]: Starting ignition-fetch.service - Ignition (fetch)...
[   26.461496] systemd[1]: Starting nm-wait-online-initrd.service...
[   26.489977] (ignition)[773]: ignition-fetch.service: Referenced but unset environment variable evaluates to an empty string: IGNITION_ARGS
[   26.550563] systemd[1]: Finished nm-wait-online-initrd.service.
[   26.578781] systemd[1]: Starting dracut-initqueue.service - dracut initqueue hook...
[   26.616773] systemd[1]: Finished dracut-initqueue.service - dracut initqueue hook.
[   26.652396] systemd[1]: Reached target remote-fs-pre.target - Preparation for Remote File Systems.
[   26.701118] systemd[1]: Reached target remote-cryptsetup.target - Remote Encrypted Volumes.
[   26.737374] systemd[1]: Reached target remote-fs.target - Remote File Systems.
[   26.770933] systemd[1]: coreos-livepxe-rootfs.service - Acquire Live PXE rootfs Image was skipped because of an unmet condition check (ConditionPathExists=/run/ostree-live).
[   26.845810] systemd[1]: coreos-livepxe-persist-osmet.service - Persist Osmet Files (PXE) was skipped because of an unmet condition check (ConditionPathExists=/run/ostree-live).
[   26.922726] systemd[1]: Starting dracut-pre-mount.service - dracut pre-mount hook...
[   26.957961] systemd[1]: Finished dracut-pre-mount.service - dracut pre-mount hook.
[***   ] Job ignition-fetch.service/start running (6min 42s / no limit)

I will come back to this next week (I might need a reminder ;) )

@HuijingHei
Copy link
Member Author

HuijingHei commented Oct 28, 2024

Thanks @c4rt0 for the testing. Let me clarify the two configs:

  • The uploaded file bootstrap.ign is the real configuration and provisions the system based on that configuration, for example:
{"ignition":{"version":"3.4.0"},"passwd":{"users":[{"name":"core","sshAuthorizedKeys":["ssh-rsa xxx "]}]}}
  • And --user-data config will retrieve the remote Ignition file from a s3 bucket, like what you used above:

{"ignition":{"config":{"replace":{"source":"s3://apiaseck-inf/bootstrap.ign"}},"version":"3.4.0"}}

It might be failed if using the wrong configurations.

@HuijingHei HuijingHei force-pushed the update-aws-s3-support branch from b69eb56 to f67f6b4 Compare October 28, 2024 03:44
@HuijingHei HuijingHei force-pushed the update-aws-s3-support branch from f67f6b4 to 0182448 Compare October 28, 2024 06:49
Copy link
Member

@c4rt0 c4rt0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can confirm that I successfully created the aws instance, and after following the steps in this updated tutorial I was able to access it!

Log:

[  OK  ] Started [email protected] - Serial Getty on ttyS0.
[  OK  ] Reached target getty.target - Login Prompts.
[  OK  ] Reached target multi-user.target - Multi-User System.
         Starting systemd-update-utmp-runle…- Record Runlevel Change in UTMP...
         Starting zincati.service - Zincati Update Agent...
[  OK  ] Finished systemd-update-utmp-runle…e - Record Runlevel Change in UTMP.
         Starting polkit.service - Authorization Manager...
[  OK  ] Started polkit.service - Authorization Manager.
[  OK  ] Started zincati.service - Zincati Update Agent.

Fedora CoreOS 41.20241109.1.0
Kernel 6.11.6-300.fc41.x86_64 on an x86_64 (ttyS0)

SSH host key: SHA256:ZQFFYYHoK4oHAEDyPyDMZ0w7w6J7hnl/r50J03xMveI (ECDSA)
SSH host key: SHA256:VAwns02+Uc9cZrK/ofp4Gl7yzSwkALlo25tw+l0qd1c (ED25519)
SSH host key: SHA256:8MXRyrlRKmaYww+gzq7Anga7emIternDucBWDoJLGZM (RSA)
ens5: 10.0.13.169 fe80::79c8:6a4a:f0c:c11c
Ignition: ran on 2024/11/14 16:31:08 UTC (at least 2 boots ago)
Ignition: user-provided config was applied
Afterburn: wrote ssh authorized keys file for user: core
ip-10-0-13-169 login: core (automatic login)

Last login: Thu Nov 14 16:31:49 on ttyS0
Fedora CoreOS 41.20241109.1.0
[core@ip-10-0-13-169 ~]$

Thanks @HuijingHei !

/lgtm

@HuijingHei
Copy link
Member Author

Awesome! Thanks @c4rt0 very much for the testing!

@HuijingHei HuijingHei merged commit 3379b6a into coreos:main Nov 15, 2024
1 check passed
@HuijingHei HuijingHei deleted the update-aws-s3-support branch November 15, 2024 01:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants