From 86b0f1796b936b607e1a98e6944bbb6c4830cd29 Mon Sep 17 00:00:00 2001 From: Sichaow Date: Thu, 21 Nov 2024 09:03:57 -0800 Subject: [PATCH] bug(build): minimum the change for the binary owner to unblock build (#2068) * Revert "build: pull s3 binaries as root (#2058)" This reverts commit 67568ec3180f35892ced91fd37efb7d83a02ce96. * Change owner to root for kubelet in AL23 --- templates/al2/provisioners/install-worker.sh | 10 +++++----- templates/al2023/provisioners/install-nvidia-driver.sh | 6 +++--- templates/al2023/provisioners/install-worker.sh | 7 ++++--- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/templates/al2/provisioners/install-worker.sh b/templates/al2/provisioners/install-worker.sh index 8a7625555..5b715a5a7 100644 --- a/templates/al2/provisioners/install-worker.sh +++ b/templates/al2/provisioners/install-worker.sh @@ -282,8 +282,8 @@ BINARIES=( for binary in ${BINARIES[*]}; do if [[ -n "$AWS_ACCESS_KEY_ID" ]]; then echo "AWS cli present - using it to copy binaries from s3." - sudo -E aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/$binary . - sudo -E aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/$binary.sha256 . + aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/$binary . + aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/$binary.sha256 . else echo "AWS cli missing - using wget to fetch binaries from s3. Note: This won't work for private bucket." sudo wget $S3_URL_BASE/$binary @@ -316,8 +316,8 @@ if [ "$PULL_CNI_FROM_GITHUB" = "true" ]; then else if [[ -n "$AWS_ACCESS_KEY_ID" ]]; then echo "AWS cli present - using it to copy binaries from s3." - sudo -E aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/${CNI_PLUGIN_FILENAME}.tgz . - sudo -E aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/${CNI_PLUGIN_FILENAME}.tgz.sha256 . + aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/${CNI_PLUGIN_FILENAME}.tgz . + aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/${CNI_PLUGIN_FILENAME}.tgz.sha256 . else echo "AWS cli missing - using wget to fetch cni binaries from s3. Note: This won't work for private bucket." sudo wget "$S3_URL_BASE/${CNI_PLUGIN_FILENAME}.tgz" @@ -377,7 +377,7 @@ sudo chmod +x /etc/eks/max-pods-calculator.sh ECR_CREDENTIAL_PROVIDER_BINARY="ecr-credential-provider" if [[ -n "$AWS_ACCESS_KEY_ID" ]]; then echo "AWS cli present - using it to copy ${ECR_CREDENTIAL_PROVIDER_BINARY} from s3." - sudo -E aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/$ECR_CREDENTIAL_PROVIDER_BINARY . + aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/$ECR_CREDENTIAL_PROVIDER_BINARY . else echo "AWS cli missing - using wget to fetch ${ECR_CREDENTIAL_PROVIDER_BINARY} from s3. Note: This won't work for private bucket." sudo wget "$S3_URL_BASE/$ECR_CREDENTIAL_PROVIDER_BINARY" diff --git a/templates/al2023/provisioners/install-nvidia-driver.sh b/templates/al2023/provisioners/install-nvidia-driver.sh index 440fb92f0..5e2be8fb0 100755 --- a/templates/al2023/provisioners/install-nvidia-driver.sh +++ b/templates/al2023/provisioners/install-nvidia-driver.sh @@ -24,7 +24,7 @@ function rpm_install() { local RPMS=($@) echo "Pulling and installing local rpms from s3 bucket" for RPM in "${RPMS[@]}"; do - sudo -E aws s3 cp --region ${BINARY_BUCKET_REGION} s3://${BINARY_BUCKET_NAME}/rpms/${RPM} ${WORKING_DIR}/${RPM} + aws s3 cp --region ${BINARY_BUCKET_REGION} s3://${BINARY_BUCKET_NAME}/rpms/${RPM} ${WORKING_DIR}/${RPM} sudo dnf localinstall -y ${WORKING_DIR}/${RPM} done } @@ -40,7 +40,7 @@ function install-nvidia-container-toolkit() { ) for RPM in "${RPMS[@]}"; do echo "pulling and installing rpms: (${RPM}) from s3 bucket: (${BINARY_BUCKET_NAME}) in region: (${BINARY_BUCKET_REGION})" - sudo -E aws s3 cp --region ${BINARY_BUCKET_REGION} s3://${BINARY_BUCKET_NAME}/rpms/${RPM} ${WORKING_DIR}/${RPM} + aws s3 cp --region ${BINARY_BUCKET_REGION} s3://${BINARY_BUCKET_NAME}/rpms/${RPM} ${WORKING_DIR}/${RPM} echo "installing rpm: ${WORKING_DIR}/${RPM}" sudo rpm -ivh ${WORKING_DIR}/${RPM} done @@ -53,7 +53,7 @@ echo "Installing NVIDIA ${NVIDIA_DRIVER_MAJOR_VERSION} drivers..." ################################################################################ # Determine the domain based on the region if is-isolated-partition; then - sudo -E aws s3 cp --region ${BINARY_BUCKET_REGION} s3://${BINARY_BUCKET_NAME}/amzn2023-nvidia.repo ${WORKING_DIR}/amzn2023-nvidia.repo + aws s3 cp --region ${BINARY_BUCKET_REGION} s3://${BINARY_BUCKET_NAME}/amzn2023-nvidia.repo ${WORKING_DIR}/amzn2023-nvidia.repo sudo dnf config-manager --add-repo ${WORKING_DIR}/amzn2023-nvidia.repo rpm_install "opencl-filesystem-1.0-5.el7.noarch.rpm" "ocl-icd-2.2.12-1.el7.x86_64.rpm" diff --git a/templates/al2023/provisioners/install-worker.sh b/templates/al2023/provisioners/install-worker.sh index c76e96cef..62fa5eddd 100644 --- a/templates/al2023/provisioners/install-worker.sh +++ b/templates/al2023/provisioners/install-worker.sh @@ -175,8 +175,8 @@ BINARIES=( for binary in ${BINARIES[*]}; do if [[ -n "$AWS_ACCESS_KEY_ID" ]]; then echo "AWS cli present - using it to copy binaries from s3." - sudo -E aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/$binary . - sudo -E aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/$binary.sha256 . + aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/$binary . + aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/$binary.sha256 . else echo "AWS cli missing - using wget to fetch binaries from s3. Note: This won't work for private bucket." sudo wget $S3_URL_BASE/$binary @@ -184,6 +184,7 @@ for binary in ${BINARIES[*]}; do fi sudo sha256sum -c $binary.sha256 sudo chmod +x $binary + sudo chown root:root $binary sudo mv $binary /usr/bin/ done @@ -202,7 +203,7 @@ ECR_CREDENTIAL_PROVIDER_BINARY="ecr-credential-provider" if [[ -n "$AWS_ACCESS_KEY_ID" ]]; then echo "AWS cli present - using it to copy ${ECR_CREDENTIAL_PROVIDER_BINARY} from s3." - sudo -E aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/$ECR_CREDENTIAL_PROVIDER_BINARY . + aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/$ECR_CREDENTIAL_PROVIDER_BINARY . else echo "AWS cli missing - using wget to fetch ${ECR_CREDENTIAL_PROVIDER_BINARY} from s3. Note: This won't work for private bucket." sudo wget "$S3_URL_BASE/$ECR_CREDENTIAL_PROVIDER_BINARY"