Skip to content

Commit

Permalink
bug(build): minimum the change for the binary owner to unblock build (#…
Browse files Browse the repository at this point in the history
…2068)

* Revert "build: pull s3 binaries as root (#2058)"

This reverts commit 67568ec.

* Change owner to root for kubelet in AL23
  • Loading branch information
Issacwww authored Nov 21, 2024
1 parent aae283e commit 86b0f17
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 11 deletions.
10 changes: 5 additions & 5 deletions templates/al2/provisioners/install-worker.sh
Original file line number Diff line number Diff line change
Expand Up @@ -282,8 +282,8 @@ BINARIES=(
for binary in ${BINARIES[*]}; do
if [[ -n "$AWS_ACCESS_KEY_ID" ]]; then
echo "AWS cli present - using it to copy binaries from s3."
sudo -E aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/$binary .
sudo -E aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/$binary.sha256 .
aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/$binary .
aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/$binary.sha256 .
else
echo "AWS cli missing - using wget to fetch binaries from s3. Note: This won't work for private bucket."
sudo wget $S3_URL_BASE/$binary
Expand Down Expand Up @@ -316,8 +316,8 @@ if [ "$PULL_CNI_FROM_GITHUB" = "true" ]; then
else
if [[ -n "$AWS_ACCESS_KEY_ID" ]]; then
echo "AWS cli present - using it to copy binaries from s3."
sudo -E aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/${CNI_PLUGIN_FILENAME}.tgz .
sudo -E aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/${CNI_PLUGIN_FILENAME}.tgz.sha256 .
aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/${CNI_PLUGIN_FILENAME}.tgz .
aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/${CNI_PLUGIN_FILENAME}.tgz.sha256 .
else
echo "AWS cli missing - using wget to fetch cni binaries from s3. Note: This won't work for private bucket."
sudo wget "$S3_URL_BASE/${CNI_PLUGIN_FILENAME}.tgz"
Expand Down Expand Up @@ -377,7 +377,7 @@ sudo chmod +x /etc/eks/max-pods-calculator.sh
ECR_CREDENTIAL_PROVIDER_BINARY="ecr-credential-provider"
if [[ -n "$AWS_ACCESS_KEY_ID" ]]; then
echo "AWS cli present - using it to copy ${ECR_CREDENTIAL_PROVIDER_BINARY} from s3."
sudo -E aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/$ECR_CREDENTIAL_PROVIDER_BINARY .
aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/$ECR_CREDENTIAL_PROVIDER_BINARY .
else
echo "AWS cli missing - using wget to fetch ${ECR_CREDENTIAL_PROVIDER_BINARY} from s3. Note: This won't work for private bucket."
sudo wget "$S3_URL_BASE/$ECR_CREDENTIAL_PROVIDER_BINARY"
Expand Down
6 changes: 3 additions & 3 deletions templates/al2023/provisioners/install-nvidia-driver.sh
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ function rpm_install() {
local RPMS=($@)
echo "Pulling and installing local rpms from s3 bucket"
for RPM in "${RPMS[@]}"; do
sudo -E aws s3 cp --region ${BINARY_BUCKET_REGION} s3://${BINARY_BUCKET_NAME}/rpms/${RPM} ${WORKING_DIR}/${RPM}
aws s3 cp --region ${BINARY_BUCKET_REGION} s3://${BINARY_BUCKET_NAME}/rpms/${RPM} ${WORKING_DIR}/${RPM}
sudo dnf localinstall -y ${WORKING_DIR}/${RPM}
done
}
Expand All @@ -40,7 +40,7 @@ function install-nvidia-container-toolkit() {
)
for RPM in "${RPMS[@]}"; do
echo "pulling and installing rpms: (${RPM}) from s3 bucket: (${BINARY_BUCKET_NAME}) in region: (${BINARY_BUCKET_REGION})"
sudo -E aws s3 cp --region ${BINARY_BUCKET_REGION} s3://${BINARY_BUCKET_NAME}/rpms/${RPM} ${WORKING_DIR}/${RPM}
aws s3 cp --region ${BINARY_BUCKET_REGION} s3://${BINARY_BUCKET_NAME}/rpms/${RPM} ${WORKING_DIR}/${RPM}
echo "installing rpm: ${WORKING_DIR}/${RPM}"
sudo rpm -ivh ${WORKING_DIR}/${RPM}
done
Expand All @@ -53,7 +53,7 @@ echo "Installing NVIDIA ${NVIDIA_DRIVER_MAJOR_VERSION} drivers..."
################################################################################
# Determine the domain based on the region
if is-isolated-partition; then
sudo -E aws s3 cp --region ${BINARY_BUCKET_REGION} s3://${BINARY_BUCKET_NAME}/amzn2023-nvidia.repo ${WORKING_DIR}/amzn2023-nvidia.repo
aws s3 cp --region ${BINARY_BUCKET_REGION} s3://${BINARY_BUCKET_NAME}/amzn2023-nvidia.repo ${WORKING_DIR}/amzn2023-nvidia.repo

sudo dnf config-manager --add-repo ${WORKING_DIR}/amzn2023-nvidia.repo
rpm_install "opencl-filesystem-1.0-5.el7.noarch.rpm" "ocl-icd-2.2.12-1.el7.x86_64.rpm"
Expand Down
7 changes: 4 additions & 3 deletions templates/al2023/provisioners/install-worker.sh
Original file line number Diff line number Diff line change
Expand Up @@ -175,15 +175,16 @@ BINARIES=(
for binary in ${BINARIES[*]}; do
if [[ -n "$AWS_ACCESS_KEY_ID" ]]; then
echo "AWS cli present - using it to copy binaries from s3."
sudo -E aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/$binary .
sudo -E aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/$binary.sha256 .
aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/$binary .
aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/$binary.sha256 .
else
echo "AWS cli missing - using wget to fetch binaries from s3. Note: This won't work for private bucket."
sudo wget $S3_URL_BASE/$binary
sudo wget $S3_URL_BASE/$binary.sha256
fi
sudo sha256sum -c $binary.sha256
sudo chmod +x $binary
sudo chown root:root $binary
sudo mv $binary /usr/bin/
done

Expand All @@ -202,7 +203,7 @@ ECR_CREDENTIAL_PROVIDER_BINARY="ecr-credential-provider"

if [[ -n "$AWS_ACCESS_KEY_ID" ]]; then
echo "AWS cli present - using it to copy ${ECR_CREDENTIAL_PROVIDER_BINARY} from s3."
sudo -E aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/$ECR_CREDENTIAL_PROVIDER_BINARY .
aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/$ECR_CREDENTIAL_PROVIDER_BINARY .
else
echo "AWS cli missing - using wget to fetch ${ECR_CREDENTIAL_PROVIDER_BINARY} from s3. Note: This won't work for private bucket."
sudo wget "$S3_URL_BASE/$ECR_CREDENTIAL_PROVIDER_BINARY"
Expand Down

0 comments on commit 86b0f17

Please sign in to comment.