cloudfoundry / bosh-aws-light-stemcell-builder Goto Github PK
View Code? Open in Web Editor NEWBuilds light stemcells for AWS from a "full" bosh stemcell
License: Apache License 2.0
Builds light stemcells for AWS from a "full" bosh stemcell
License: Apache License 2.0
Hi all,
Currently We are having issues with our AMIs present in AWS region eu-west-1 for xenial stemcells 621.5 ,170.3,
Suddenly the AWS AMI went missing form our AWS account and when we try to upload the stemcell for that it says it already exists.
But when we use --fix option to fix this it gives below error :
L Error: CPI error 'Bosh::Clouds::CloudError' with message 'Stemcell does not contain an AMI in region eu-west-1' in 'create_stemcell' CPI method (CPI request ID: 'cpi-433859')
Please let us know what is the issue, why the AMI went missing and what could be the cause?
Also we are able to upload any new stemcell and find its AMI on AWS like for version 621.123.
Please let us know how can we resolve this issue.
We raised it with AWS on why the AMIs are missing bt we received the response as we are not owner of this AMIs and to contact the owner of these AMIs
Hey,
The โ๏ธ.gov team is migrating to using tagged instance profile workers in our Concourse pipelines. We deploy a lightly modified version of this aws-light-stemcell-builder
. We'd like to propose a new feature to allow for credentials to be optional and instead leverage AWS instance profiles. @18F/cloud-gov-ops
@jmcarp observed this:
i think they want to build stemcells in multiple partitions, so they want to use creds instead of instance profiles
with the installation of the aws cli with pip it install version 1 of the aws cli
see https://github.com/cloudfoundry/bosh-aws-light-stemcell-builder/blob/master/ci/docker/boshcpi.light-stemcell-builder/Dockerfile#L11
aws cli version 2 is out for a while now and maby we hould upgrade at some point
a quick glance at https://docs.aws.amazon.com/cli/latest/userguide/cliv2-migration.html
and our ci build scripts
it seems we migrate without any issues
The bosh-aws-light-stemcell-builder fails to build FIPS light stemcells since it is made to produce public AMIs but FIPS stemcells should be private AMIs. That difference effects the procedure how FIPS light stemcells need to build.
Three major differences/problems are currently known:
As of now created snapshots are always made accessible for everyone. That need to be prevented for private AMIs like FIPS stemcells.
The encryption of private EBS Snapshots and AMIs need to be done using Multi Region Custom KMS keys since they otherwise cannot be shared with other regions afterwards. (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html#share-snapshot-considerations)
Private EBS Snapshots and AMIs need to be shared across accounts following a defined process (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-policy.html#create-cac-policy) which is not yet implemented in the light stemcell builder.
It's not a good experience that people need to have go installed to be able to build this tool. There should be a pre-compiled binary somewhere (maybe there is and it's not documented?) that can be directly used.
Is there anyone else having this issue where boxes just start and then die? It started with 3262.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.