Bosh CPI does not support uploading of full stemcells from bosh.io

cloudfoundry / bosh-alicloud-cpi-release

BOSH Alibaba CPI

Apache License 2.0

32 stars 20 forks source link

Bosh CPI does not support uploading of full stemcells from bosh.io #51

Closed alexwo closed 5 years ago

alexwo commented 5 years ago

The bosh.io published stemcells can't be uploaded and used by bosh cpi.

Please review below PR suggestions with potential fix for this issue: https://github.com/cloudfoundry-incubator/bosh-alicloud-cpi-release/pull/50

benjaminguttmann-avtq commented 5 years ago

For me it is still not working. Tried it with bosh-stemcell-170.12-alicloud-kvm-ubuntu-xenial-go_agent from bosh.io

alexwo commented 5 years ago

1.Please check that you have configured bosh deployment with security_token="" if you don't using that as a method to authenticate.

Sample config with security_token="" :

bosh create-env bosh-deployment/bosh.yml \
 --state=state.json \
 --vars-store=creds.yml \
 -o bosh-deployment/alicloud/cpi.yml \
 -o bosh-deployment/jumpbox-user.yml \
 -v director_name=my-bosh \
 -v internal_cidr=192.168.0.0/24 \
 -v internal_gw=192.168.0.1 \
 -v internal_ip=192.168.0.7 \
 -v vswitch_id=... \
 -v security_group_id=... \
 -v access_key_id=... \
 -v access_key_secret=... \
 -v region=cn-beijing \
 -v zone=cn-beijing-e
 -v key_pair_name=... \
 -v private_key=bosh.pem
 -v security_token=""

2.In order to for the bosh deployment to upload stemcells, you should to enable access from your ECS service account to the buckets. https://www.alibabacloud.com/help/doc-detail/25464.htm

Incase the above does not solve your issue please share the CPI error details

benjaminguttmann-avtq commented 5 years ago

Thanks for the detailed information, I'll check on this and let you know the result... but one additional question, to which bucket do I need to have access because at the moment I use the internal blobstore of the BOSH director to save the stemcells ? So is it trying to save the stemcell in a bucket?

alexwo commented 5 years ago

you are very much welcome!:) Bosh CPI will try to create a bucket using the CPI in AliCloud and delete it afterwords. Make sure that the api key that you will use also has credentials to operate the buckets

beyhan commented 5 years ago

Does it mean that I have to configure the BOSH Directore with an AliCloud blobstore, when I use stemcells from bosh.io?

alexwo commented 5 years ago

Hi beyhan, The bosh director does not need or require any special configuration to access the AliCloud blob storage.

The only requirement is for the bosh director is to have an API user will have access to AliCloud blob storage.

On the account level we should also configure access from our ECS service account to the buckets. As described here:

https://www.alibabacloud.com/help/doc-detail/25464.htm

benjaminguttmann-avtq commented 5 years ago

After setting the permissions it worked for me

xiaozhu36 commented 5 years ago

Fixed by release v20.