[BSC#1101219] Use MSI authorization in Azure

[bear454]

Supplying credentials is no longer required for starting instances in Azure; Azure MSI acts like machine accounts in AWS IAM, for example, where the instance is granted permission to interact with the framework (for starting cluster instances, in our case).

(cherry picked from commit 71c3c235557bb24cde810e619f743c8b30d9afaa)

[bear454]

[BSC#1101219] Use MSI authorization in Azure

[bear454]

re: https://trello.com/c/eOyiqO5B

[jordimassaguerpla]

@vitoravelino could you review this since you reviewed as well the PR for master?

[jordimassaguerpla]

@bear454 could you use bsc and not BSC?

[jordimassaguerpla]

I just retriggered the tests

[vitoravelino]

Yes.

[bear454]

On Tue, 2018-12-04 at 15:25 +0000, Jordi Massaguer Pla wrote:

@bear454 could you use bsc and not BSC?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c5 5493e4bb","name":"GitHub"},"entity":{"external_key":"github/kubic- project/velum","title":"kubic-project/velum","subtitle":"GitHub repository","main_image_url":" https://assets-cdn.github.com/images/email/message_cards/header.png","avatar_image_url":"https://assets-cdn.github.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":" https://github.com/kubic-project/velum"}},"updates":{"snippets":[{"icon":"PERSON","message":"@jordimassaguerpla in #687: @bear454 could you use bsc and not BSC?"}],"action":{"name":"View Pull Request","url":" https://github.com/kubic-project/velum/pull/687#issuecomment-444139393 "}}} [ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": " https://github.com/kubic-project/velum/pull/687#issuecomment-444139393 ", "url": " https://github.com/kubic-project/velum/pull/687#issuecomment-444139393 ", "name": "View Pull Request" }, "description": "View this Pull Request on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } }, { "@type": "MessageCard", "@context": "http://schema.org/extensions", "hideOriginalBody": "false", "originator": "AF6C5A86-E920-430C-9C59-A73278B5EFEB", "title": "Re: [kubic-project/velum] [BSC#1101219] Use MSI authorization in Azure (#687)", "sections": [ { "text": "", "activityTitle": "Jordi Massaguer Pla", "activityImage": " https://assets-cdn.github.com/images/email/message_cards/avatar.png", "activitySubtitle": "@jordimassaguerpla", "facts": [

] } ], "potentialAction": [ { "name": "Add a comment", "@type": "ActionCard", "inputs": [ { "isMultiLine": true, "@type": "TextInput", "id": "IssueComment", "isRequired": false } ], "actions": [ { "name": "Comment", "@type": "HttpPOST", "target": "https://api.github.com", "body": "{\n\"commandName\": \"IssueComment\",\n\"repositoryFullName\": \"kubic- project/velum\",\n\"issueId\": 687,\n\"IssueComment\": \"{{IssueComment.value}}\"\n}" } ] }, { "name": "Close pull request", "@type": "HttpPOST", "target": "https://api.github.com", "body": "{\n\"commandName\": \"PullRequestClose\",\n\"repositoryFullName\": \"kubic- project/velum\",\n\"pullRequestId\": 687\n}" }, { "targets": [ { "os": "default", "uri": " https://github.com/kubic-project/velum/pull/687#issuecomment-444139393 " } ], "@type": "OpenUri", "name": "View on GitHub" }, { "name": "Unsubscribe", "@type": "HttpPOST", "target": "https://api.github.com", "body": "{\n\"commandName\": \"MuteNotification\",\n\"threadId\": 400631592\n}" } ], "themeColor": "26292E" } ]

Do you mean, in the future, or do you need me to amend and replace? (In which case the PR would need to be reviewed again).

[jordimassaguerpla]

@bear454 I would prefer if you could amend this one. You don't yet have any approval, so I guess it should not be a problem.

[bear454]

@jordimassaguerpla or @vitoravelino , can you please take a look at this PR? The tests all passed initially, but jenkins went red with no code change, just changing the description. I, like the rest of the contributing world, don't have access to the jenkins server (attn: @sysrich ) and can't see the problem, trigger a rebuild, etc.

[sysrich]

@bear454 Velum is not available on any openSUSE Kubic media, and is arguably not part of the openSUSE Kubic project, so I'm not sure of any benefit of making SUSE's internal CaaSP CI public. openSUSE Kubic's pipeline (OBS > openQA > download.o.o) is public and public-contribution-welcoming as usual :)

[hwoarang]

@jordimassaguerpla or @vitoravelino , can you please take a look at this PR? The tests all passed initially, but jenkins went red with no code change, just changing the description. I, like the rest of the contributing world, don't have access to the jenkins server (attn: @sysrich ) and can't see the problem, trigger a rebuild, etc.

I see jenkins is failing so I am not sure where the "no code change" comment is coming from. Can you enlighten me? :) The jenkins is open in the internal network so you can see the problem here http://jenkins.caasp.suse.net/job/velum.integration/job/PR-687/6/display/redirect

[bear454]

I see jenkins is failing so I am not sure where the "no code change" comment is coming from. Can you enlighten me? :)

Initially, the commit has a description including "BSC" (and a the time the tests passed - also this is already merged to master). I was asked by @jordimassaguerpla to change the description to include "bsc" instead of "BSC"; at that time the test failed.

The jenkins is open in the internal network so you can see the problem here http://jenkins.caasp.suse.net/job/velum.integration/job/PR-687/6/display/redirect

ERR_NAME_NOT_RESOLVED I don't believe caasp.suse.net is in any company-wide DNS.

[bear454]

@bear454 Velum is not available on any openSUSE Kubic media, and is arguably not part of the openSUSE Kubic project, so I'm not sure of any benefit of making SUSE's internal CaaSP CI public.

Well, it is part of https://github.com/kubic-project , and it is public, but the test results are not.

[hwoarang]

I see jenkins is failing so I am not sure where the "no code change" comment is coming from. Can you enlighten me? :)

Initially, the commit has a description including "BSC" (and a the time the tests passed - also this is already merged to master). I was asked by @jordimassaguerpla to change the description to include "bsc" instead of "BSC"; at that time the test failed.

The jenkins is open in the internal network so you can see the problem here http://jenkins.caasp.suse.net/job/velum.integration/job/PR-687/6/display/redirect

ERR_NAME_NOT_RESOLVED I don't believe caasp.suse.net is in any company-wide DNS.

Can you see if plain IP works for you?

http://10.84.43.6/blue/organizations/jenkins/velum.integration/detail/PR-687/6/pipeline/

[bear454]

Can you see if plain IP works for you?

http://10.84.43.6/blue/organizations/jenkins/velum.integration/detail/PR-687/6/pipeline/

Yes, plain IP does work - the links from github don't.

[jordimassaguerpla]

the bsc thing is working now, thanks @bear454 .

[bear454]

So, as expected, the Jenkins result is:

All tests are passing Nice one! All 124 tests for this pipeline are passing.

• http://10.84.43.6/blue/organizations/jenkins/velum.integration/detail/PR-687/6/tests

There appears to be an unrelated pipeline failure, which I would appreciate if someone with more in-depth understanding could address (or just re-run... is it possibly a flaky result?)

[jordimassaguerpla]

let me rerun it

[bear454]

Due to an issue with upstream dependencies in SLE12, we've elected to postpone this feature to v4.