AWS prepare without credentials present fails due to `no EC2 IMDS role found`

[mkolesnik]

What happened: Running cloud prepare for AWS via subctl, when no ~/.aws/credentials file is found, fails with:

 ✓ Preparing AWS cloud for Submariner deployment
 ✓ Obtained infra ID "mkolesni-subm-deb2-42pgb" and region "us-east-1" from OCP metadata file "mkolesni-subm-deb2/metadata.json"
 ✓ Initializing AWS connectivity
 ✗ Retrieving VPC ID 
 ✗ Unable to retrieve the VPC ID: error describing AWS VPCs: operation error EC2: DescribeVpcs, failed to sign request: failed to retrieve credentials: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, request canceled, context deadline exceeded
 ✗ Failed to prepare AWS cloud: unable to retrieve the VPC ID: error describing AWS VPCs: operation error EC2: DescribeVpcs, failed to sign request: failed to retrieve credentials: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, request canceled, context deadline exceeded

subctl version: devel

What you expected to happen: It should present a clear error message On 0.11.2 it used to present this message:

 ✗ Retrieving AWS credentials from your AWS configuration
 ✗ failed to read AWS credentials from /root/.aws/credentials: open /root/.aws/credentials: no such file or directory

How to reproduce it (as minimally and precisely as possible): Install openshift on AWS using openshift-installer: ./openshift-install create cluster Run cloud prepare: subctl cloud prepare aws

Anything else we need to know?:

Environment:

• Diagnose information (use subctl diagnose all):
• Gather information (use subctl gather):
• Cloud provider or hardware configuration: AWS
• Install tools: openshift-install 4.10.16
• Others: Happens on devel and on 0.12.1

[skitt]

This is caused by https://github.com/submariner-io/submariner-operator/pull/1783 which delegates the configuration handling to the AWS SDK.

[stale[bot]]

This issue has been automatically marked as stale because it has not had activity for 60 days. It will be closed if no further activity occurs. Please make a comment if this issue/pr is still valid. Thank you for your contributions.

[sp98]

faced the same issue while trying with aws today.

subctl cloud prepare aws --ocp-metadata sapillai-c/metadata.json
 ✓ Preparing AWS cloud for Submariner deployment
 ✓ Obtained infra ID "sapillai-c-tq6pd" and region "us-east-1" from OCP metadata file "sapillai-c/metadata.json"
 ✓ Initializing AWS connectivity
 ✗ Retrieving VPC ID
 ✗ Unable to retrieve the VPC ID: error describing AWS VPCs: operation error EC2: DescribeVpcs, failed to sign request: failed to retrieve credentials: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, request canceled, context deadline exceeded
 ✗ Failed to prepare AWS cloud: unable to retrieve the VPC ID: error describing AWS VPCs: operation error EC2: DescribeVpcs, failed to sign request: failed to retrieve credentials: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, request canceled, context deadline exceeded

subctl version: v0.14.0-rc2

It worked after using the correct profile(using the --profile tag) from the ~/.aws/credentials file. In my case it was

subctl cloud prepare aws --ocp-metadata sapillai-c/metadata.json --profile openshift-dev

[stale[bot]]

This issue has been automatically marked as stale because it has not had activity for 60 days. It will be closed if no further activity occurs. Please make a comment if this issue/pr is still valid. Thank you for your contributions.

[dfarrell07]

Seems like this would still be an issue. Not a big failure likely, just bad UX around the message. Still, it seems users are hitting it.

[stale[bot]]

This issue has been automatically marked as stale because it has not had activity for 60 days. It will be closed if no further activity occurs. Please make a comment if this issue/pr is still valid. Thank you for your contributions.