Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

scylla_install_image: disable cloud provider agents #627

Merged
merged 1 commit into from
Feb 11, 2025
Merged

scylla_install_image: disable cloud provider agents #627

merged 1 commit into from
Feb 11, 2025

Conversation

yaronkaikov
Copy link
Collaborator

@yaronkaikov yaronkaikov commented Feb 10, 2025
edited
Loading

currently, if the BYOA customer is assigned the required AWS Profile on the instance or will deploy scylla in GCP customer will able to fetch metadata about the OS itself, and also be able to execute a command on a target instance, which may lead to loose of control for instances deployed in BYOA.

Fixes: https://github.com/scylladb/scylla-pkg/issues/4883

Testing

@yaronkaikov
scylla_install_image: disable cloud provider agents
b282de0 
currently if BYOA customer will assigned required AWS Profile on instance or will deploy scylla in GCP customer will able to fetch metadata about the OS itself, and also will able to execute command on a target instance, which may leads to loose of control for instances deployed in BYOA.

Fixes: scylladb/scylla-pkg#4883
fruch
fruch reviewed Feb 10, 2025
View reviewed changes
packer/scylla_install_image
elif args.target_cloud == 'azure':
kernel_opt = ' rootdelay=300'
grub_variable = 'GRUB_CMDLINE_LINUX'
run('systemctl mask walinuxagent', shell=True, check=True)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@soyacz

Aren't we using this for something in SCT ?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, we use it for rebooting with running OS command (reboot -f) due issue with SDK (scylladb/scylla-cluster-tests#6628)
We would need to adjust SCT to enable it back when VM is provisioned.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@soyacz Can you open an issue or send a fix? we should probably also have it for 2025.1 since this is about to be backported

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

scylladb/scylla-cluster-tests#10042

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @soyacz , I assume we can move forward with this PR then ?

soyacz added a commit to soyacz/scylla-cluster-tests that referenced this pull request Feb 11, 2025
@soyacz
fix(Azure): enable WaLinuxAgent
cf4b4bc 
Linux agent on Scylla instances on Azure is disabled by default.
scylladb/scylla-machine-image#627

Add cloud init script that enables it back for testing purposes.
@soyacz soyacz mentioned this pull request Feb 11, 2025
Merged
3 tasks
soyacz added a commit to soyacz/scylla-cluster-tests that referenced this pull request Feb 11, 2025
@soyacz
fix(Azure): enable WaLinuxAgent
50109b2 
Linux agent on Scylla instances on Azure is disabled by default.
scylladb/scylla-machine-image#627

Add cloud init script that enables it back for testing purposes.
soyacz added a commit to soyacz/scylla-cluster-tests that referenced this pull request Feb 11, 2025
@soyacz
fix(Azure): enable WaLinuxAgent
38db768 
Linux agent on Scylla instances on Azure is disabled by default.
scylladb/scylla-machine-image#627

Add cloud init script that enables it back for testing purposes.
fruch pushed a commit to scylladb/scylla-cluster-tests that referenced this pull request Feb 11, 2025
@soyacz @fruch
fix(Azure): enable WaLinuxAgent
6f24ccb 
Linux agent on Scylla instances on Azure is disabled by default.
scylladb/scylla-machine-image#627

Add cloud init script that enables it back for testing purposes.
scylladbbot pushed a commit to scylladbbot/scylla-cluster-tests that referenced this pull request Feb 11, 2025
@soyacz @actions-user
fix(Azure): enable WaLinuxAgent
180e6f1 
Linux agent on Scylla instances on Azure is disabled by default.
scylladb/scylla-machine-image#627

Add cloud init script that enables it back for testing purposes.

(cherry picked from commit 6f24ccb)
@scylladbbot scylladbbot mentioned this pull request Feb 11, 2025
Merged
3 tasks
@yaronkaikov yaronkaikov merged commit b8e494d into scylladb:next Feb 11, 2025
2 checks passed
@yaronkaikov yaronkaikov deleted the disable-services branch February 11, 2025 13:31
soyacz added a commit to scylladb/scylla-cluster-tests that referenced this pull request Feb 11, 2025
@soyacz
fix(Azure): enable WaLinuxAgent
d41b32f 
Linux agent on Scylla instances on Azure is disabled by default.
scylladb/scylla-machine-image#627

Add cloud init script that enables it back for testing purposes.

(cherry picked from commit 6f24ccb)
@scylladbbot scylladbbot mentioned this pull request Feb 11, 2025
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fruch fruch fruch left review comments

@soyacz soyacz soyacz left review comments

@d-helios d-helios d-helios approved these changes

@lsfreitas lsfreitas lsfreitas approved these changes

@Annamikhlin Annamikhlin Annamikhlin approved these changes

Assignees
No one assigned
Labels
backport/2025.1-done promoted-to-master
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@yaronkaikov @fruch @d-helios @soyacz @lsfreitas @Annamikhlin @scylladbbot