Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Retrieve IAM Instance Profile Credentials from Yugaware Machine for Backups #4900

Closed
daniel-yb opened this issue Jun 26, 2020 · 0 comments
Closed

Retrieve IAM Instance Profile Credentials from Yugaware Machine for Backups #4900

daniel-yb opened this issue Jun 26, 2020 · 0 comments
Assignees
@daniel-yb
Labels
area/platform Yugabyte Platform
Milestone
v2.2.x

Comments

@daniel-yb
Copy link
Contributor

daniel-yb commented Jun 26, 2020
edited
Loading

In the case of a storage config using an IAM Role, we send a default config file to each data node thus not setting the required permissions on a data node to allow backup/restores to work. We should do something similar to curl http://169.254.169.254/latest/meta-data/iam/security-credentials/<ROLE_NAME> to retrieve AccessKeyId and SecretAccessKey and set this in the config so that the data nodes inherit the required IAM permissions to access S3.
@daniel-yb daniel-yb added the area/platform Yugabyte Platform label Jun 26, 2020
@daniel-yb daniel-yb self-assigned this Jun 26, 2020
@daniel-yb daniel-yb changed the title Retrieve IAM Intance Profile Credentials from Yugaware Machine for Backups Retrieve IAM Instance Profile Credentials from Yugaware Machine for Backups Jun 26, 2020
@daniel-yb daniel-yb added this to the v2.2.x milestone Jun 27, 2020
daniel-yb added a commit that referenced this issue Jul 7, 2020
@daniel-yb
[Platform] Retrieve IAM Instance Profile Credentials from Yugaware Ma…
af444e3 
…chine for Backups #4900

Summary:
Pass along the ec2 instance profile credentials from yugaware to nodes if storage config is
using IAM role instead of explicitly providing access_key and secret_key

Test Plan:
Use IAM Role S3 storage config -> backup/restore should work without attaching any other
roles to nodes

Reviewers: ram, andrew, bogdan, wesley

Reviewed By: wesley

Subscribers: jenkins-bot, rao, yugaware

Differential Revision: https://phabricator.dev.yugabyte.com/D8760
daniel-yb added a commit that referenced this issue Jul 8, 2020
@daniel-yb
[Platform] Retrieve IAM Instance Profile Credentials from Yugaware Ma…
6da655a 
…chine for Backups #4900

Summary:
Pass along the ec2 instance profile credentials from yugaware to nodes if storage config is
using IAM role instead of explicitly providing access_key and secret_key

Test Plan:
Use IAM Role S3 storage config -> backup/restore should work without attaching any other
roles to nodes

Reviewers: ram, andrew, bogdan, wesley

Reviewed By: wesley

Subscribers: jenkins-bot, rao, yugaware

Differential Revision: https://phabricator.dev.yugabyte.com/D8760
daniel-yb added a commit that referenced this issue Jul 16, 2020
@daniel-yb
[Platform] Retrieve IAM Instance Profile Credentials from Yugaware Ma…
acf4187 
…chine for Backups #4900

Summary:
Pass along the ec2 instance profile credentials from yugaware to nodes if storage config is
using IAM role instead of explicitly providing access_key and secret_key

Test Plan:
Use IAM Role S3 storage config -> backup/restore should work without attaching any other
roles to nodes

Reviewers: ram, andrew, bogdan, wesley

Reviewed By: wesley

Subscribers: jenkins-bot, rao, yugaware

Differential Revision: https://phabricator.dev.yugabyte.com/D8760
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@daniel-yb daniel-yb

Labels
area/platform Yugabyte Platform
Projects
None yet
Milestone
v2.2.x
Development

No branches or pull requests
1 participant
@daniel-yb