Skip to content

ci-operator/templates/openshift: Remove Terraform-state-based SSH gathers #6854

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 14, 2020
Merged

ci-operator/templates/openshift: Remove Terraform-state-based SSH gathers #6854

merged 1 commit into from
Feb 14, 2020

Conversation

wking
Copy link
Member

@wking wking commented Jan 25, 2020

Like 970ec02 (#6336), except for the templates instead of the step registry. CC @crawford

@wking
ci-operator/templates/openshift: Remove Terraform-state-based SSH gat…
7baa9f2 
…hers

Like 970ec02
(ci-operator/step-registry/ipi/deprovision/artifacts/bootstrap: Drop
gather, 2019-12-10, openshift#6336), except for the templates instead of the
step registry.
@wking wking force-pushed the drop-more-manual-ssh-gathers branch from 601ec88 to 7baa9f2 Compare January 25, 2020 21:14
@openshift-ci-robot openshift-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Jan 25, 2020
@openshift-bot
Copy link
Contributor

/test prow-config-filenames

@wking
Copy link
Member Author

wking commented Feb 13, 2020

This should help with rhbz#1793287.

@bparees
Copy link
Contributor

bparees commented Feb 13, 2020

@wking can you look into these rehearsal failures and make sure they aren't caused by these changes?

otherwise lgtm.

/approve

@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 13, 2020
@wking
Copy link
Member Author

wking commented Feb 14, 2020

... can you look into these rehearsal failures and make sure they aren't caused by these changes?

I did; they aren't.

@bparees
Copy link
Contributor

bparees commented Feb 14, 2020

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Feb 14, 2020
@openshift-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bparees, wking

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-merge-robot openshift-merge-robot merged commit e9b7689 into openshift:master Feb 14, 2020
@openshift-ci-robot
Copy link
Contributor

@wking: Updated the following 27 configmaps:

  • prow-job-cluster-launch-installer-custom-test-image configmap in namespace ci at cluster default using the following files:
    • key cluster-launch-installer-custom-test-image.yaml using file ci-operator/templates/openshift/installer/cluster-launch-installer-custom-test-image.yaml
  • prow-job-cluster-launch-installer-metal-e2e configmap in namespace ci at cluster default using the following files:
    • key cluster-launch-installer-metal-e2e.yaml using file ci-operator/templates/openshift/installer/cluster-launch-installer-metal-e2e.yaml
  • prow-job-cluster-launch-installer-src configmap in namespace ci-stg at cluster default using the following files:
    • key cluster-launch-installer-src.yaml using file ci-operator/templates/openshift/installer/cluster-launch-installer-src.yaml
  • prow-job-cluster-launch-installer-src configmap in namespace ci at cluster ci/api-build01-ci-devcluster-openshift-com:6443 using the following files:
    • key cluster-launch-installer-src.yaml using file ci-operator/templates/openshift/installer/cluster-launch-installer-src.yaml
  • prow-job-cluster-launch-installer-e2e configmap in namespace ci at cluster default using the following files:
    • key cluster-launch-installer-e2e.yaml using file ci-operator/templates/openshift/installer/cluster-launch-installer-e2e.yaml
  • prow-job-cluster-launch-installer-metal-e2e configmap in namespace ci at cluster ci/api-build01-ci-devcluster-openshift-com:6443 using the following files:
    • key cluster-launch-installer-metal-e2e.yaml using file ci-operator/templates/openshift/installer/cluster-launch-installer-metal-e2e.yaml
  • prow-job-cluster-launch-installer-src configmap in namespace ci at cluster default using the following files:
    • key cluster-launch-installer-src.yaml using file ci-operator/templates/openshift/installer/cluster-launch-installer-src.yaml
  • prow-job-cluster-launch-installer-upi-e2e configmap in namespace ci-stg at cluster default using the following files:
    • key cluster-launch-installer-upi-e2e.yaml using file ci-operator/templates/openshift/installer/cluster-launch-installer-upi-e2e.yaml
  • prow-job-cluster-scaleup-e2e-40 configmap in namespace ci-stg at cluster default using the following files:
    • key cluster-scaleup-e2e-40.yaml using file ci-operator/templates/openshift/openshift-ansible/cluster-scaleup-e2e-40.yaml
  • prow-job-endurance-install configmap in namespace ci at cluster default using the following files:
    • key endurance-install.yaml using file ci-operator/templates/openshift/endurance/endurance-install.yaml
  • prow-job-cluster-launch-installer-custom-test-image configmap in namespace ci at cluster ci/api-build01-ci-devcluster-openshift-com:6443 using the following files:
    • key cluster-launch-installer-custom-test-image.yaml using file ci-operator/templates/openshift/installer/cluster-launch-installer-custom-test-image.yaml
  • prow-job-cluster-launch-installer-e2e configmap in namespace ci at cluster ci/api-build01-ci-devcluster-openshift-com:6443 using the following files:
    • key cluster-launch-installer-e2e.yaml using file ci-operator/templates/openshift/installer/cluster-launch-installer-e2e.yaml
  • prow-job-cluster-launch-installer-e2e configmap in namespace ci-stg at cluster default using the following files:
    • key cluster-launch-installer-e2e.yaml using file ci-operator/templates/openshift/installer/cluster-launch-installer-e2e.yaml
  • prow-job-cluster-launch-installer-metal-e2e configmap in namespace ci-stg at cluster default using the following files:
    • key cluster-launch-installer-metal-e2e.yaml using file ci-operator/templates/openshift/installer/cluster-launch-installer-metal-e2e.yaml
  • prow-job-cluster-launch-installer-upi-src configmap in namespace ci at cluster ci/api-build01-ci-devcluster-openshift-com:6443 using the following files:
    • key cluster-launch-installer-upi-src.yaml using file ci-operator/templates/openshift/installer/cluster-launch-installer-upi-src.yaml
  • prow-job-cluster-scaleup-e2e-40 configmap in namespace ci at cluster ci/api-build01-ci-devcluster-openshift-com:6443 using the following files:
    • key cluster-scaleup-e2e-40.yaml using file ci-operator/templates/openshift/openshift-ansible/cluster-scaleup-e2e-40.yaml
  • prow-job-endurance-install configmap in namespace ci-stg at cluster default using the following files:
    • key endurance-install.yaml using file ci-operator/templates/openshift/endurance/endurance-install.yaml
  • prow-job-cluster-launch-installer-custom-test-image configmap in namespace ci-stg at cluster default using the following files:
    • key cluster-launch-installer-custom-test-image.yaml using file ci-operator/templates/openshift/installer/cluster-launch-installer-custom-test-image.yaml
  • prow-job-cluster-launch-installer-ovirt-e2e configmap in namespace ci-stg at cluster default using the following files:
    • key cluster-launch-installer-ovirt-e2e.yaml using file ci-operator/templates/openshift/installer/cluster-launch-installer-ovirt-e2e.yaml
  • prow-job-cluster-launch-installer-ovirt-e2e configmap in namespace ci at cluster default using the following files:
    • key cluster-launch-installer-ovirt-e2e.yaml using file ci-operator/templates/openshift/installer/cluster-launch-installer-ovirt-e2e.yaml
  • prow-job-cluster-launch-installer-upi-e2e configmap in namespace ci at cluster ci/api-build01-ci-devcluster-openshift-com:6443 using the following files:
    • key cluster-launch-installer-upi-e2e.yaml using file ci-operator/templates/openshift/installer/cluster-launch-installer-upi-e2e.yaml
  • prow-job-cluster-launch-installer-upi-src configmap in namespace ci at cluster default using the following files:
    • key cluster-launch-installer-upi-src.yaml using file ci-operator/templates/openshift/installer/cluster-launch-installer-upi-src.yaml
  • prow-job-cluster-launch-installer-upi-src configmap in namespace ci-stg at cluster default using the following files:
    • key cluster-launch-installer-upi-src.yaml using file ci-operator/templates/openshift/installer/cluster-launch-installer-upi-src.yaml
  • prow-job-endurance-install configmap in namespace ci at cluster ci/api-build01-ci-devcluster-openshift-com:6443 using the following files:
    • key endurance-install.yaml using file ci-operator/templates/openshift/endurance/endurance-install.yaml
  • prow-job-cluster-launch-installer-ovirt-e2e configmap in namespace ci at cluster ci/api-build01-ci-devcluster-openshift-com:6443 using the following files:
    • key cluster-launch-installer-ovirt-e2e.yaml using file ci-operator/templates/openshift/installer/cluster-launch-installer-ovirt-e2e.yaml
  • prow-job-cluster-launch-installer-upi-e2e configmap in namespace ci at cluster default using the following files:
    • key cluster-launch-installer-upi-e2e.yaml using file ci-operator/templates/openshift/installer/cluster-launch-installer-upi-e2e.yaml
  • prow-job-cluster-scaleup-e2e-40 configmap in namespace ci at cluster default using the following files:
    • key cluster-scaleup-e2e-40.yaml using file ci-operator/templates/openshift/openshift-ansible/cluster-scaleup-e2e-40.yaml

In response to this:

Like 970ec02 (#6336), except for the templates instead of the step registry. CC @crawford

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot
Copy link
Contributor

@wking: The following tests failed, say /retest to rerun all failed tests:

Test name Commit Details Rerun command
ci/rehearse/openshift/installer/master/e2e-aws-proxy 7baa9f2 link /test pj-rehearse
ci/rehearse/openshift/installer/master/e2e-aws-scaleup-rhel7 7baa9f2 link /test pj-rehearse
ci/rehearse/openshift/installer/master/e2e-ovirt 7baa9f2 link /test pj-rehearse
ci/rehearse/openshift/installer/master/e2e-gcp-upi 7baa9f2 link /test pj-rehearse
ci/rehearse/openshift/installer/master/e2e-metal 7baa9f2 link /test pj-rehearse
ci/rehearse/openshift/installer/fcos/e2e-vsphere 7baa9f2 link /test pj-rehearse
ci/rehearse/openshift/cincinnati/master/e2e 7baa9f2 link /test pj-rehearse
ci/rehearse/openshift/cluster-api-provider-gcp/master/e2e-gcp-operator 7baa9f2 link /test pj-rehearse
ci/rehearse/openshift/cluster-version-operator/master/e2e-aws-upi 7baa9f2 link /test pj-rehearse
ci/rehearse/openshift/cloud-credential-operator/master/e2e-gcp 7baa9f2 link /test pj-rehearse
ci/rehearse/openshift/cloud-credential-operator/master/e2e-azure 7baa9f2 link /test pj-rehearse
ci/rehearse/openshift/cluster-api-actuator-pkg/master/e2e-azure-operator 7baa9f2 link /test pj-rehearse
ci/rehearse/openshift/cluster-api-provider-azure/master/e2e-azure-operator 7baa9f2 link /test pj-rehearse
ci/prow/pj-rehearse 7baa9f2 link /test pj-rehearse

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@wking wking deleted the drop-more-manual-ssh-gathers branch February 16, 2020 16:53
wking added a commit to wking/origin that referenced this pull request Feb 17, 2020
@wking
Revert "images/tests: Globally-writeable /etc/passwd"
33a6115 
This reverts commit ca35cd6, openshift#22592.

As described in that commit message, the access was broadened to allow
ssh from containers launched from the tests image.  But since
openshift/release@7baa9f2e44 (ci-operator/templates/openshift: Remove
Terraform-state-based SSH gathers, 2020-01-25, openshift/release#6854)
landed, we no longer need to SSH from those containers.  Restore the
usual access restrictions to address CVE-2019-19347[1].

[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1793287
@wking wking mentioned this pull request Feb 17, 2020
Merged
tbuskey pushed a commit to tbuskey/origin that referenced this pull request Mar 19, 2020
@wking @tbuskey
Revert "images/tests: Globally-writeable /etc/passwd"
2f82561 
This reverts commit ca35cd6, openshift#22592.

As described in that commit message, the access was broadened to allow
ssh from containers launched from the tests image.  But since
openshift/release@7baa9f2e44 (ci-operator/templates/openshift: Remove
Terraform-state-based SSH gathers, 2020-01-25, openshift/release#6854)
landed, we no longer need to SSH from those containers.  Restore the
usual access restrictions to address CVE-2019-19347[1].

[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1793287
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jcpowermac jcpowermac Awaiting requested review from jcpowermac

@mtnbikenc mtnbikenc Awaiting requested review from mtnbikenc

Assignees

@bparees bparees

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@wking @openshift-bot @bparees @openshift-ci-robot @openshift-merge-robot