Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not able to build eks ami with CIS BENCHMARK AMAZON LINUX 2 #1229

Closed
sudhanshud opened this issue Mar 24, 2023 · 4 comments · Fixed by #1231
Closed

Not able to build eks ami with CIS BENCHMARK AMAZON LINUX 2 #1229

sudhanshud opened this issue Mar 24, 2023 · 4 comments · Fixed by #1231

Comments

@sudhanshud
Copy link

we are not able to build eks ami with latest code with base AMI reference of CIS BENCHMARK AMAZON LINUX 2. and it is working for plain amazon linux 2.

getting below error

2023-03-24T16:30:28+05:30: amazon-ebs: Ciphers aes128-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
2023-03-24T16:30:29+05:30: amazon-ebs: mv: cannot stat ‘/tmp/worker/iptables-restore.service’: No such file or directory
2023-03-24T16:30:29+05:30: ==> amazon-ebs: Provisioning step had errors: Running the cleanup provisioner, if present...
2023-03-24T16:30:29+05:30: ==> amazon-ebs: Terminating the source AWS instance...
2023-03-24T16:31:30+05:30: ==> amazon-ebs: Cleaning up any extra volumes...
2023-03-24T16:31:30+05:30: ==> amazon-ebs: No volumes to clean up, skipping
2023-03-24T16:31:30+05:30: ==> amazon-ebs: Deleting temporary security group...
2023-03-24T16:31:30+05:30: ==> amazon-ebs: Deleting temporary keypair...
2023-03-24T16:31:31+05:30: Build 'amazon-ebs' errored after 6 minutes 42 seconds: Script exited with non-zero exit status: 1. Allowed exit codes are: [0]

==> Wait completed after 6 minutes 42 seconds

image

Note: we were able to build with old code with same cis benchmark ami without any issues and latest code only building with plain amazon linux amis not working for cis bench mark amazon linux 2.

kindly test and revert back as we need to build for eks ami for 1.23 and 1.24 for prod upgrades got stuck over here.
@matt-corbalt matt-corbalt mentioned this issue Mar 24, 2023
Closed
@matt-corbalt
Copy link

@sudhanshud See if this PR fixes your issue: #1230

@cartermckinnon cartermckinnon mentioned this issue Mar 24, 2023
Merged
@sudhanshud
Copy link
Author

sudhanshud commented Mar 27, 2023
edited
Loading

Now we are getting below issue.

2023-03-27T11:41:33+05:30: ==> amazon-ebs: Provisioning with shell script: /home/mohanreddy/1.23/amazon-eks-ami/scripts/generate-version-info.sh

2023-03-27T11:41:34+05:30: amazon-ebs: /tmp/script_4278.sh: line 19: /usr/bin/kubelet: Permission denied
2023-03-27T11:41:34+05:30: amazon-ebs: /tmp/script_4278.sh: line 20: aws: command not found
2023-03-27T11:41:44+05:30: amazon-ebs: ctr: failed to dial "/run/containerd/containerd.sock": context deadline exceeded: connection error: desc = "transport: error while dialing: dial unix:///run/containerd/containerd.sock: timeout"
2023-03-27T11:41:44+05:30: ==> amazon-ebs: Downloading /tmp/version-info.json => amazon-eks-node-1.23-v20230327-version-info.json
2023-03-27T11:41:45+05:30: ==> amazon-ebs: Stopping the source instance...
2023-03-27T11:41:45+05:30: amazon-ebs: Stopping instance
2023-03-27T11:41:45+05:30: ==> amazon-ebs: Waiting for the instance to stop...

please test in cis bench amazon linux 2 as a base image and publish latest code.
please revert asap.

@Sandeepsac
Copy link

Getting error in eks version 1.27, and CIS hardening AL2

amazon-ebs: ctr: failed to dial "/run/containerd/containerd.sock": context deadline exceeded: connection error: desc = "transport: error while dialing: dial unix:///run/containerd/containerd.sock: timeout"
2023-06-16T11:30:26Z: ==> amazon-ebs: Downloading /home/ec2-user/version-info.json => amazon-eks-node-1.27-v20230616-version-info.json
2023-06-16T11:30:26Z: ==> amazon-ebs: Provisioning step had errors: Running the cleanup provisioner, if present...
2023-06-16T11:30:26Z: ==> amazon-ebs: Terminating the source AWS instance...

@Sandeepsac
Copy link

@cartermckinnon still i am getting this error

/sandeep/amazon-eks-ami/scripts/generate-version-info.sh
2023-06-19T07:29:38Z: amazon-ebs: ctr: failed to dial "/run/containerd/containerd.sock": context deadline exceeded: connection error: desc = "transport: error while dialing: dial unix:///run/containerd/containerd.sock: timeout"
2023-06-19T07:29:38Z: ==> amazon-ebs: Downloading /home/ec2-user/worker/version-info.json => amazon-eks-node-1.27-v20230619-version-info.json
2023-06-19T07:29:38Z: ==> amazon-ebs: Provisioning step had errors: Running the cleanup provisioner, if present...
2023-06-19T07:29:38Z: ==> amazon-ebs: Terminating the source AWS instance...
2023-06-19T07:30:39Z: ==> amazon-ebs: Cleaning up any extra volumes...
2023-06-19T07:30:39Z: ==> amazon-ebs: No volumes to clean up, skipping
2023-06-19T07:30:39Z: ==> amazon-ebs: Deleting temporary security group...
2023-06-19T07:30:39Z: ==> amazon-ebs: Deleting temporary keypair...

Command :
make 1.27 aws_region=$AWS_REGION source_ami_id=$AMI_ID source_ami_owners=$AMI_OWNER_ACCOUNT_ID source_ami_filter_name="$AMI_NAME" subnet_id=subnet-*** remote_folder=/home/ec2-user

EKS version 1.27
CIS hardening AMI : CIS Amazon Linux 2 Benchmark - Level 2
https://aws.amazon.com/marketplace/pp/prodview-wm36yptaecjnu?sr=0-1&ref_=beagle&applicationId=AWSMPContessa#pdp-pricing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add configurable working directory awslabs/amazon-eks-ami
Move file copy after kernel upgrade
3 participants
@sudhanshud @matt-corbalt @Sandeepsac