Bug 1670685 - Openshift installation fails if .aws/credentials file is not set
Summary: Openshift installation fails if .aws/credentials file is not set
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 4.1.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 4.1.0
Assignee: W. Trevor King
QA Contact: liujia
URL:
Whiteboard:
Depends On:
Blocks: 1664187
TreeView+ depends on / blocked
 
Reported: 2019-01-30 07:33 UTC by Jaspreet Kaur
Modified: 2019-06-04 10:42 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
undefined
Clone Of:
Environment:
Last Closed: 2019-06-04 10:42:28 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:0758 None None None 2019-06-04 10:42:36 UTC
Github openshift installer pull 1173 'None' 'closed' 'pkg/asset/installconfig/aws: getCredentials profile handling' 2019-11-29 13:53:19 UTC

Description Jaspreet Kaur 2019-01-30 07:33:45 UTC
Description of problem: When trying to perform installation when .aws/credential file is not set it fails like below error. Also, the error doesnt accurately mention what is missing to proceed :

 ./openshift-install create cluster --dir=p1
? SSH Public Key /root/.ssh/id_rsa.pub
? Platform aws
? AWS Access Key ID AKIAIFWXIR22TXCVFNBA
? AWS Secret Access Key [? for help] ****************************************
INFO Writing AWS credentials to "/root/.aws/credentials" (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html) 
FATAL failed to fetch Terraform Variables: failed to fetch dependency of "Terraform Variables": failed to fetch dependency of "Install Config": failed to fetch dependency of "Base Domain": failed to generate asset "Platform": open /root/.aws/credentials: file exists

Either it shouldnt have asked access keyid and key as eventually it will not work and also it should check and validate the credentials file 

Version-Release number of the following components:
rpm -q openshift-ansible
rpm -q ansible
ansible --version

How reproducible:

Steps to Reproduce:
1.
2.
3.

Actual results: Fails without proper error

Expected results: Should give more information and also validate the file before asking key and id or we can increase more options here if required if anyone doesnt have credentials file. 

Additional info:
Please attach logs from ansible-playbook with the -vvv flag

Comment 1 W. Trevor King 2019-02-06 08:44:24 UTC
#1173 landed, but not  early enough for 0.12.0 [1].  It will go out with the next installer release.

I'm setting "No Doc Update", because I don't think we need external docs for these pre-release installer issues.  But I'll mention the fix in the 0.13.0 change log (or whatever the next installer release happens to be).

[1]: https://github.com/openshift/installer/pull/1173#event-2117606593

Comment 2 liujia 2019-02-13 06:03:08 UTC
This should be a negative scenario which do not comply with the instructions in document[1] which require users to configure aws credentials first. If aws credentials file is not available, installer will generate it according to the input, but if the file exists but the item is unset, then will hit the issue.

[1] https://cloud.openshift.com/clusters/install
Step 2: Configure Your AWS Credentials

Reproduced on v0.12.0

Steps:
1. Create an aws credentials file first without aws_access_key_id/aws_secret_access_key set in the config file.
[default]
aws_access_key_id=
aws_secret_access_key=

2. Run "./openshift-install create cluster"
[root@preserve-jliu-worker bug]# ./openshift-install create cluster
? SSH Public Key /root/.ssh/ssh.pub
? Platform aws
? AWS Access Key ID AKIAI7WIWXMG2MRNTXJQ
? AWS Secret Access Key [? for help] ****************************************
INFO Writing AWS credentials to "/root/.aws/credentials" (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html) 
FATAL failed to fetch Terraform Variables: failed to fetch dependency of "Terraform Variables": failed to fetch dependency of "Install Config": failed to fetch dependency of "Base Domain": failed to generate asset "Platform": open /root/.aws/credentials: file exists

Comment 3 liujia 2019-02-13 06:13:09 UTC
And here is another scenario which QE ever hit about aws_profile. This is also considered as a configure issue about aws profile which should be completed in step2 following doc[1].

Reproduced on v0.12.0

Steps:
1. Create aws credentials 
# cat /root/.aws/credentials 
[default]
aws_access_key_id=sss
aws_secret_access_key=xxx

2. Set aws profile
# env|grep AWS
AWS_PROFILE=jliu

3. Run "./openshift-install create cluster"
[root@preserve-jliu-worker bug]# ./openshift-install create cluster
? SSH Public Key /root/.ssh/ssh.pub
? Platform aws
? AWS Access Key ID AKIAI2FIMJDS7GBXMOYQ
? AWS Secret Access Key [? for help] ****************************************
INFO Writing AWS credentials to "/root/.aws/credentials" (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html) 
FATAL failed to fetch Terraform Variables: failed to fetch dependency of "Terraform Variables": failed to fetch dependency of "Install Config": failed to fetch dependency of "Base Domain": failed to generate asset "Platform": open /root/.aws/credentials: file exists 

Will combine these two scenarios into one case to track it.

Comment 6 liujia 2019-02-19 05:51:05 UTC
Verified on v4.0.0-0.176.0.0-dirty.

registry.svc.ci.openshift.org/ocp/release:4.0.0-0.nightly-2019-02-18-223936

Comment 7 W. Trevor King 2019-02-27 05:28:20 UTC
And 0.13.0 is out with the fix [1].

[1]: https://github.com/openshift/installer/releases/tag/v0.13.0

Comment 10 errata-xmlrpc 2019-06-04 10:42:28 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0758


Note You need to log in before you can comment on or make changes to this bug.