Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change RHCOS booting for AWS to work like GCP/Azure #2906

Closed
cgwalters opened this issue Jan 13, 2020 · 3 comments
Closed

Change RHCOS booting for AWS to work like GCP/Azure #2906

cgwalters opened this issue Jan 13, 2020 · 3 comments
Labels
platform/aws

Comments

@cgwalters
Copy link
Member

For GCP and Azure and other clouds, all we upload is a blob to storage. The installer creates "bootable images" from that.

But for historical reasons, the RHCOS pipeline creates AMIs directly - the installer just uses them for the bootstrap node, creating a separate encrypted AMI for the actual cluster.

I think we should do the encryption bit before launching the bootstrap, and then RHCOS can stop publishing AMIs, and things will work more consistently across clouds.
cgwalters added a commit to cgwalters/installer that referenced this issue Jan 13, 2020
@cgwalters
aws: Explicitly flag on ena_support
0108d79 
We want enhanced networking in AWS.  Now, it turns out that today
we have this in fact because `ore` in the latest
https://github.com/coreos/coreos-assembler turns this on
explicitly.  And when Terraform goes to copy AMI with encryption,
it preserves the value of that variable.

But, in the future we want to drop the AMIs from the RHCOS
pipeline and just upload a blob (like Azure/GCP), so let's add
this reminder to ourselves that we need to enable ENA when we
do that.

xref openshift#2906
@cgwalters cgwalters mentioned this issue Jan 13, 2020
Closed
cgwalters added a commit to cgwalters/installer that referenced this issue Jan 13, 2020
@cgwalters
aws: Explicitly flag on ena_support
38f0aa2 
We want enhanced networking in AWS.  Now, it turns out that today
we have this in fact because `ore` in the latest
https://github.com/coreos/coreos-assembler turns this on
explicitly.  And when Terraform goes to copy AMI with encryption,
it preserves the value of that variable.

But, in the future we want to drop the AMIs from the RHCOS
pipeline and just upload a blob (like Azure/GCP), so let's add
this reminder to ourselves that we need to enable ENA when we
do that.

xref openshift#2906
@pierreprinetti
Copy link
Member

/label platform/aws

@cgwalters cgwalters mentioned this issue Jan 27, 2020
Merged
@cgwalters
Copy link
Member Author

Also xref this comment: coreos/mantle#1168 (comment)

Basically...today the *COS pipelines only sanity check in AWS - for RHCOS it's convenient because we have AMIs, but as soon as we don't, this section will break:
https://docs.openshift.com/container-platform/4.3/installing/installing_aws/installing-aws-user-infra.html#installation-aws-user-infra-rhcos-ami_installing-aws-user-infra

Basically as the issue notes we want openshift-install create-bootable or so - until we have that, doing UPI installs on !AWS is a lot more painful and requires users to dive into the rhcos.json.

@cgwalters cgwalters mentioned this issue Feb 5, 2020
Closed
@cgwalters
Copy link
Member Author

Although as of lately, #3293 landed which pushes things back towards using AMIs. So...I guess we should close this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
platform/aws
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cgwalters @pierreprinetti @openshift-ci-robot