From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2B0BE13B2BB for ; Fri, 4 Apr 2025 20:34:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=205.220.165.32 ARC-Seal:i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743798891; cv=fail; b=iSPKOAWIK5z4VZpFCu5l18PaH3gLpclmMQy821GmUhFQe7kAGcq8H74ZsKJDT4M5ryx4Qe/7sWrOPwG2UeJmTV8YzAHecjMrdqvyIN9ieV6g7stLp2+1B4aq98OLlc8vHpZWP0sYskkhjcmUqn0VCzjHmirMhbp3OZ4SkLbpQFY= ARC-Message-Signature:i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743798891; c=relaxed/simple; bh=3HslZH8o/GBPA5VqXF7Sr5Bc+5EowMLLKFQMyK/OHe0=; h=Message-ID:Date:Subject:To:Cc:References:From:In-Reply-To: Content-Type:MIME-Version; b=Ots/0tFkHrG4B9Q8/BFU78X24mrYIegOQ7VaKF3U3kWNlWYxoWYJ4l4agTW+v/166BUxoJRbjhMtU4I01uFOwR6E/5zVyX7PNRgQsXX2LkGPwH2Lo2X2+oSxO4k/WDSK/1Y8LLtelmc9u2C2khdDHhgruJh8niiQm0e94p/GNAI= ARC-Authentication-Results:i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oracle.com; spf=pass smtp.mailfrom=oracle.com; dkim=pass (2048-bit key) header.d=oracle.com header.i=@oracle.com header.b=PpM+EPhw; dkim=pass (1024-bit key) header.d=oracle.onmicrosoft.com header.i=@oracle.onmicrosoft.com header.b=fadviqmv; arc=fail smtp.client-ip=205.220.165.32 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oracle.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oracle.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=oracle.com header.i=@oracle.com header.b="PpM+EPhw"; dkim=pass (1024-bit key) header.d=oracle.onmicrosoft.com header.i=@oracle.onmicrosoft.com header.b="fadviqmv" Received: from pps.filterd (m0246629.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 534ItATA031569; Fri, 4 Apr 2025 20:34:37 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s= corp-2023-11-20; bh=FWZDfS+gweRymOKEci2ONpoT9bAgrICCszbjiWJykEo=; b= PpM+EPhw6cpMlj6gF8Tn4sfVsfAyWjCfSB0z9Y1Y0rBezhF26cl4on7KJwBLg3hy Ut28CsTDLtzVDHqmXZRkYvTjemW+7ClZLvca5dGlQ/y2s2v4S+sOkHERFUqO22Sn z1SBlGX99tmIfZqWN0N9ItNyY60OxLWPmtmv/Hg2TICWMVXS/ePonavlEGVvp3TV 8Tod6VkYlynq5nqU+WcUuTx/i2f7AH/kjQLU8KjSmzfNDvBvEv3Wj/sf0Tz9BDD9 2RUJ2WRoMkuRwW9faej17V3UHZFOBKMdowRMN5CGSw4ArBzwqPEdaGS0hM4zDZuw RTIgKgtdayrJ0td1Xz/dqg== Received: from phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta01.appoci.oracle.com [138.1.114.2]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 45p8r9qnsd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 04 Apr 2025 20:34:36 +0000 (GMT) Received: from pps.filterd (phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (8.18.1.2/8.18.1.2) with ESMTP id 534IvwQG020706; Fri, 4 Apr 2025 20:34:36 GMT Received: from nam11-bn8-obe.outbound.protection.outlook.com (mail-bn8nam11lp2171.outbound.protection.outlook.com [104.47.58.171]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 45t31xgaqd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 04 Apr 2025 20:34:36 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Ro31VrzGHx7MfzH/6p7uB4LUbDJDF47CBBx/tHB7+5W6s+KlYX/8ZNcWw94oZYABRaWRm2pMpuZRilcWo+5WHYkEyA0rJLhPHYVYJUL5dLjOS3tAksUfn3Fh4ZIvsmzQe7thC7u8C6Q0yoy3rhgqnkKhqIuKjuA9uWMxaDzZhN/4OPrBTnC728DSKGDAUTJdUFe0gLU71ELxCrCq186l+Kw7szoVj/mqB5n4LebJFBW+1fx6xLod8Dw+t7P8Ee5sDpvWbii2dct2LuWq/NrbcbVs66utQwPc70Yts+sjOJ9tzCE2jx06V5W75XN9q/TzMvBxhyua6UQMhfwM7LmlAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FWZDfS+gweRymOKEci2ONpoT9bAgrICCszbjiWJykEo=; b=lwz9GxRTO2XbqEtBIo5KwWGdQQptSvpKBV58ciGOK/H4UDJvap4ewNzrQ6k9VmF3qqvJSma6M5rnLOzMlb65TE67VXTVcK6mHq6nvvzhhLRgpWzmfm/ubZ2VwBPrJmv8wF6W17HBs3QnranpAVufde5Npl9m50RaARei/tIIx4jC/8Gzp2dusxs9szJCaQBKOR4KAOWkn73/2YJ8GiP+H/dtOTxwoDwFOXf2HTgWFZfDrxgbURhwuoermi29jGYqZWvpUWzyGH6y31sVMqn8YY2SGrPmMol9+jGxLx4uYmMB3yKma9efNoE2LC5mTZRv57NW+ulyaCjWZGFZ/Af3Fw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FWZDfS+gweRymOKEci2ONpoT9bAgrICCszbjiWJykEo=; b=fadviqmvKdS58GVWSZ7F8oKDNRKwNarXC/CokdKoTdmDFhOg+Vp/rWPntJFzQu80yZpg2zGXXdvZ099AUyEKa7NicBxszn/rDSqY7KCrGCAaoa4jW72Lj2+wRdDeywilk9ntiRRpt5QS97k5VCYeWIp41Q43G4R47c8QhzsftlE= Received: from DS7PR10MB5134.namprd10.prod.outlook.com (2603:10b6:5:3a1::23) by CH3PR10MB7576.namprd10.prod.outlook.com (2603:10b6:610:17d::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8583.46; Fri, 4 Apr 2025 20:34:34 +0000 Received: from DS7PR10MB5134.namprd10.prod.outlook.com ([fe80::39b2:9b47:123b:fc63]) by DS7PR10MB5134.namprd10.prod.outlook.com ([fe80::39b2:9b47:123b:fc63%5]) with mapi id 15.20.8583.041; Fri, 4 Apr 2025 20:34:33 +0000 Message-ID: Date: Fri, 4 Apr 2025 16:34:32 -0400 User-Agent: Mozilla Thunderbird Subject: Re: [RFC PATCH] terraform/OCI: Grab secrets from ~/.oci/config To: Luis Chamberlain Cc: kdevops@lists.linux.dev, cel@kernel.org References: <20250403144906.1186015-1-cel@kernel.org> <7e0c498d-6838-446d-b799-276cb2dbda87@oracle.com> <2040a867-11ae-4661-b140-5a87602e1f4c@oracle.com> <5d937c89-69ca-42a5-b64a-5a76c6696658@oracle.com> <40de8f31-115d-4b4e-aa4f-1df5d3dac139@oracle.com> Content-Language: en-US From: Chuck Lever In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-ClientProxiedBy: CH2PR17CA0016.namprd17.prod.outlook.com (2603:10b6:610:53::26) To DS7PR10MB5134.namprd10.prod.outlook.com (2603:10b6:5:3a1::23) Precedence: bulk X-Mailing-List: kdevops@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS7PR10MB5134:EE_|CH3PR10MB7576:EE_ X-MS-Office365-Filtering-Correlation-Id: e4729411-155b-4ced-03eb-08dd73b81be5 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|366016; X-Microsoft-Antispam-Message-Info: =?utf-8?B?WE16djJxdXRZdll6YkJKb3NEZVZKd1RUaWluZStQOTJxbUZSUk1sbEpub3VF?= =?utf-8?B?UUFwRmF3Q3d0QUVITHFMb0IzRUhGaWp3RnBLSnZaYXpuVnUwV2ZTOUlkd2pL?= =?utf-8?B?Q0ZYamhxODlRdFhsUmlndHJNSlJ6N2V6KzhKUHNJMEZScSsvNTZYd0tGa3FG?= =?utf-8?B?THJSRjlkVks4YWNKTnEySmExVHgxdmpaUWdmZCtUVGo1UmRyOHJkQWFOcXNu?= =?utf-8?B?Tmp1eDc2QU1oQjRqc2dUaDk2d0FuVkgrak8yc0dicjZEOEtOT2QxZGtjM1Jk?= =?utf-8?B?N0N0NjZPMElRTTZqSVJqYTlLcmJtQm40QVI3aFJvUkcxSHQrWGpnc2xuMXI0?= =?utf-8?B?cHNSOUJlOG5DTGd2c3lPSmhoenljU1hPbnVLRTl4cGlFY25vaVNGYjNTaDhi?= =?utf-8?B?Vk9iMFQzQTVvcTZST2ZBMnhVZkFtMmpVSlV6MnNNeDBNWE0xUVQrM0hBa2Fq?= =?utf-8?B?a2xhV0RYbnc2bnUvc1ZHaTJ2NmFwRnNpdW9Da2JPSWhWVE16cE81ckFqQ3Fp?= =?utf-8?B?Q0xaQi8zZXhuLzJWZkZTWHRQZkU4bGxLRldoaUV6V0VIM044anQ1QVgrcm9n?= =?utf-8?B?b2tHQnVueFMwZXVaZzVGb0VDWFlIb2RPeTJ0WmJqMzB6YlhBN3dYM2hiVllx?= =?utf-8?B?TG5sTTZoYzBjdldtV0w3UGFmbEdiK1ZPY05vZG5DTGIzallsVjgvWEJWbHph?= =?utf-8?B?eDJya3gvUHkzZlVNUE1HT3dESS91STYzMFRoMTU3NnVpdHlESklpWVg2MTVt?= =?utf-8?B?dStneE5FMVZSY2llNHVMZ0NLV3EvaGExakdUZmpCazFYQ0xsL1FVOUVVWWU1?= =?utf-8?B?K1pnNldIa0pNQ1FyQ2o0VFdIOE5sVkdoeURidFY0MUZDblJodXBFZW1WTE9R?= =?utf-8?B?SFZvTE9hRUtqdVhxY3NmcjZuTmdrL2Z6Lzlqb20zUXJZVDAxbUNrRGN6cmtE?= =?utf-8?B?UGcrSDgyaEFuN1BTZy9tbThwaXUyaGpob3h3VjQvaTdMM2NTZzM3QzBKZDVm?= =?utf-8?B?c29sdnMwakxHSGxMTk9rZXI5eVJUWDI3VDl5ckhMUXNUOGdpSUN6Q2pjdS8v?= =?utf-8?B?RDZvQ3lDNUFLRU5IS0QxZnFaVzdwaVkreTRpV3IxT3NaRWdUWE9lL1FKNStx?= =?utf-8?B?UEV5aDRuV0gvUGdOS3pHNlNmdFFBY2RpVkdsODQ0NlBhb3ZXeWhKdTV6Y0xn?= =?utf-8?B?QlFEdk5UNk9IODJtcmllRytBSVk0L253c1pyTTk2L2JhRWlQNjhjV0c1cHF4?= =?utf-8?B?TThFdXVpSWJldTY2WjhrYStxWmxON3BrVGZwTlY4YTFMQ3pLcEt2dFpCZG0z?= =?utf-8?B?NDhjOVJWM1Y4MnlmVjUzeEYweXlFS2plYU92akxKVFl5bHJTWFYwc092aThD?= =?utf-8?B?ZFRHTnhSL2hoYkR6eEx2eTFkYllJcms1SFBkOXc1TnBFWUEzWFZmQ0l5ZHI2?= =?utf-8?B?VzBwNlZKbU9IbHFrL3VKMWdOTC9Ib1hwTDNkWFpzejBMTEN5L2s4VUtvT2pu?= =?utf-8?B?YzdnQzFySUt6eWFJYXZPZnJIYjFpTi9mcmI2YTl6UXhUUkxYYktoUllXOXVk?= =?utf-8?B?Q0NLV2tSMldwaVVJR0JkRWhHaVd5NS95cm9ocERuWUdBU2ZETGtTcVVFUUhn?= =?utf-8?B?cElnL1k4U1p2Tk5mZlA3c3FDZXdOME9jZlcvTUl0LzlWTEQzREl1QWFqUzY5?= =?utf-8?B?WmtXRUNHSjlrSk1QcmQwVGpRUTVpdTd1VlErblRDQ2ZHRGdUcjJXazFSL0Nh?= =?utf-8?B?c0hxOER5ZnUraHN4OE9SaCtEbDVLdWJyKy9UMmVQQUdCM0ZiU0dnWGVwVyt4?= =?utf-8?B?NzQ3K2lTaVdXLzA5WGUvdz09?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS7PR10MB5134.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?MG5tTDVPb0gwMzc2N3FGMEY5Q2xlaG81MlhiWDM3SVg1MkhoNjYwMkdmUFNx?= =?utf-8?B?NmZvVkI2SWNBUjBvaWx2a3k3OUc2aHo0dVJUUzhnMUNOb0pWTHRqNTJqRUVN?= =?utf-8?B?N1cxNTF2MDA2enU2OTVyNFNmaHdCSWo4c0lXaGVPdWZUbHpEanNqbVdsMkI1?= =?utf-8?B?bHhVdjd0cnp4b0h6SGpFR0VwSVp1ZUpjQW5RNXdwbndXOUJrS05jNmtrOUx1?= =?utf-8?B?VXhoUUdhNzlDczBVRnZ0Ly9xUUNWOW1scTZXNUxBejdGT0pkM0crYW5CaFF6?= =?utf-8?B?TnkycG93ZWNwUWtLZ2FwU25EYVRNN016NXVUcmROQ3RvcDc3STREMitwWDhE?= =?utf-8?B?ZnJJTERpYVplbEJ3U1R5NnorekZMT2NkcENscXR4MW5icSt6OUp6a0dOUFF5?= =?utf-8?B?cmhFWHJuT3VOczhiRXozRlY1MVBWTWE3SzRId2ZrbkFIancrYmVSOEd2VDNY?= =?utf-8?B?TDRPSXFnMTJoajRMTVFBZVVKbmJwT0VENWpWVmplaEZsYkxjdkxId2pwdEtr?= =?utf-8?B?Y1ZLcGdneXZlbVBvSHVYei82Qk1LNm9sVjlhZnZHaXczVE8zc2ZDU1kwdzZR?= =?utf-8?B?UjdVMzhUcWFDYmpJUmRiM2hXK3RNS085REROcVU0U2xLNzFpQ3dMZmhyWFd1?= =?utf-8?B?SWdjTjg4REVsbGRoR2NqcE9FazdVNDVsdXJ3UEVWNDBjRUNHcVRvRWljSXVW?= =?utf-8?B?dnFnV0g3NzdYdTB5SXI0Uk1OMWorU3ZqdlpocFcxWW5wVXJkNzdhakRDaW93?= =?utf-8?B?VTRsbm5SYXhxNFhHV2RMamVjODQxa3Y5TzNGUTZ2QnBGQzk3MHBSajVhQU5K?= =?utf-8?B?d285b3dZYU93QVZUeWpKaDZxdGl3UlBnS2xsRHY2cGtLclJTY1lpUXVCSTF6?= =?utf-8?B?MGFNMkk4Tmg2MmE4dFFGMmhRU3lrM05hNDFDYTRKVlFmMG9OWmh2VUJ1NldJ?= =?utf-8?B?TXkyWGJHQkJvWmdjMTBqdzBER0Zib0o3ZEJ2UFVheTZHRk5MdG9uZHZSc2oz?= =?utf-8?B?Qnl0R1F4Q09LTDd0QkVjUE5CQTFoT3hnTVoyak9DZW13aEVtZk1GbmlvV1Rp?= =?utf-8?B?VVBNMDZSKzFGM0RZY2Q2OW9tWm4rR3JLTkxiZHRHcEhXN2s4Si9TOW1ocHFM?= =?utf-8?B?TWNqV0lBQXBYNVBGK1ZzVkZ2WXhTMVhFYjgyb0p1Rkp4Y1NIWmQ1eTB4WWFZ?= =?utf-8?B?VlNwSWFldlBpNEtBYmJHZlArbzFLRFRzckc3blZDZ0plcUNQdzdrQXB3ZDJr?= =?utf-8?B?eGxveWpjd0djTXlWNjRCVzRDSEsyK0VNN1N2V0c5aGo3RE41czl0RkxPendU?= =?utf-8?B?S1FmbnZmNVU4YVRNWVowWlZyMG0yNlk0OHkxSFdoZk9hbTNhb1c0NGJXS1VW?= =?utf-8?B?bno4N3VMK2JSL0RxT1VmTXptakQ1UTVBQWtyME1MVVJoQmpoQk80eE9NL203?= =?utf-8?B?bVBQcitQMENtaXR5Mi9PQW9GZ1hubUJBbXdUak1mTzN1OG90R1BpSUNJaWtQ?= =?utf-8?B?ODIvb1NnWlZ6emh6RXUwUG1TWGo1Yi9aQWdJaUhFd0RsRU9GbktXUHp4WDdn?= =?utf-8?B?ZUk5OE5VWThuVVg1Ujh3L0lmNXFGZndYRytPNWVhR0NQQ3RONUM1RVc2ZEE4?= =?utf-8?B?YU4wZzBCb2I4dUR1VDJuRUdEemY5NGJmak9tZjYvK0pxTGlQVk5hUzRRdVdK?= =?utf-8?B?aURXZG9HcEVzRjRUaUp5VDBaTDd0SlJxR1Y4b0Y5b1dZc0lsZ0lMWmZxK3VS?= =?utf-8?B?V3pCamFKbkpVeVNyaXZDS2UwTCtDUzhRem9USFhQOTdMZVdQejZ3TTNnQ0Yz?= =?utf-8?B?WUNCZHNaNGUxSjB2amNCM3JybG11Y1F2c2lRM09IMFJnSzBobDNLZTU5Umhu?= =?utf-8?B?V0laRXBVOTIxSjV3UGdkMTkvYSswSG9MSzBKdWJZQVd5MUZzdzVMN2hBUTRO?= =?utf-8?B?RGRTeW5kTExaVENBcmpPV1htOGE4WDExL3MweldRNE91RXJWMytoMkxlNyt1?= =?utf-8?B?REw0MEd5SzUzZ1B4b3I4NWl3czJXZnRaak1rQWNJK1hFWS9oeE51ZStBemtG?= =?utf-8?B?MHgvWGQ3cWpvOTA3bmhkbXJ3aE5WUTRhV25JYmFtV0V2QmZTemczUUh6RlY4?= =?utf-8?Q?VGDrCqukWbgQltC/l6oJeMfh1?= X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: BFOWcwq0u1vZF8ufEVeLofDOJHb4WiDZ4Il9YcEfXGjL12wyIqslYGDGyGpHvMKlExG+uYe6IzABa6imyFf6vVTjoyVl4jWCA4KwwSmoqlTbU6mWh/vlnUQLCTS6CYvJv19F2/7pqzOBs1/dxuzT91J608S2LrC2WcCHBnHbaKMcegPXqKrtp9xkVKB4Pp/CX9Jde5VVWOE1bfa0wmFa2rDgsovC4UZrjYV+6vGtvPFIuJ8A0LmZQnJRjYN2PfLF2+u4XIUyo1qX37y03m+i09YaJ725rMmhW3xyjWmsD978V8MQmw3X0E8syLCzPtTxxRTwm8mJ13Oc+zSuPVNOJUxUPB8+tOOna97e4D47gB157iyhnhNnZJmKIQxYa4eD+prJxytChoQJkKPpQAkbqOwDT6hGtVlDCHpoGAlyHKpgbz1YDzruJk/Z1SNBbpASXDlsuwehW3OHoGeHlZrzLeAUfdNRzo0IdIIrtJKTx7O+CNK9dq3TTo9gGv0qwH/K4N+i7L6YdO2aZ9rx1307faEcG1O0toR+EbTdLszD9ExoCJOK/MLDI6cnpGax1SGtjeisqFGiV+C/EmI5PW+WnP/NGlU/JEo6puEjRZXGMAI= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: e4729411-155b-4ced-03eb-08dd73b81be5 X-MS-Exchange-CrossTenant-AuthSource: DS7PR10MB5134.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Apr 2025 20:34:33.8532 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: JEISO1F9xGcvL+7EXuXuCmQveCyhOPta1lZIrKL0TNmw6iuWHPy/0HQFE4vj1jpmGS5Vu6rCpAq67zO+e08C4Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR10MB7576 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1095,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-04-04_09,2025-04-03_03,2024-11-22_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999 spamscore=0 phishscore=0 bulkscore=0 suspectscore=0 adultscore=0 mlxscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2502280000 definitions=main-2504040140 X-Proofpoint-GUID: sfleBKD4HJvf57c6KwqOLMHBrLFj4STG X-Proofpoint-ORIG-GUID: sfleBKD4HJvf57c6KwqOLMHBrLFj4STG On 4/4/25 3:19 PM, Luis Chamberlain wrote: > On Fri, Apr 04, 2025 at 02:35:19PM -0400, Chuck Lever wrote: >> On 4/4/25 2:28 PM, Luis Chamberlain wrote: >>> On Fri, Apr 04, 2025 at 02:24:37PM -0400, Chuck Lever wrote: >>>> On 4/4/25 2:06 PM, Luis Chamberlain wrote: >>>>> On Fri, Apr 04, 2025 at 12:10:49PM -0400, Chuck Lever wrote: >>>>>> On a related topic, if we ever want to fully support running the kdevops >>>>>> /control host/ in the cloud, terraform supports an authentication >>>>>> mechanism that just uses the local instance's service principal, so >>>>>> no extra authentication material is needed for provisioning the test >>>>>> runners as separate cloud instances. Interesting to consider. >>>>> >>>>> Sorry I failed to understand this, what is mean by separate cloud >>>>> instances? >>>> >>>> The usual situation is the control host (where terraform runs) is >>>> outside the cloud. Like, on your workstation. I'm talking about a >>>> scenario where kdevops and terraform are running on an instance in the >>>> same cloud as where your target nodes are going to run. >>>> >>>> In that case, terraform can scoop up the service principal for that >>>> instance, and use it in place of dot file authentication parameters. >>>> So you don't have to maintain the dot file on the instance that is >>>> running terraform, if it is already in the cloud. >>> >>> I see, so you first bring that cloud instance, and then use that as >>> your command and control for test nodes. Does that first cloud instance >>> need to be instantiated through another kdevops setup? >> >> No, you can create it with terraform or from the cloud console. Start it >> up when you want, or leave it running. >> >> I'm wondering if we can get a cloud devops pipeline to trigger it when >> it sees a PR against a watched repo. Haven't really thought that >> through. > > OK well so when we add a new commit to kdevops we should ideally try to > run a test if the commit is related to terraform or all commits to just > verify we don't break cloud instance support. Given we already rely on > dedicated github hosted servers, if such hosted servers have the > credential files in place then the below would work to automatically > trigger a cloud instance test. > > For example below could be a .github/workflows/aws.yml which would > run on every single commit we submit to kdevops. This would just > do a bringup and destroy. > > If the console creates a cloud instance, and github can get > access to it as a dedicated self hosted runner, and it will > persist then that guest can simply just be a bare bones guest > to run ansible as the command and control center. And the example > below could be used to push github actions onto the runner. > > Could this step be removed and have github directly do the bringup? I think you can hide the authentication material in one or more GitHub secrets, if we were to explicitly enable support for passing terraform authentication parameters via environment variables. Then the GH Action can just run the terraform steps ("make bringup" and "make destroy") without effort. But more below. > I suspect we can rely on github docker containers which just run > kdevops configs for the cloud for it, but they won't be hosted on > the respective cloud of choice. Other than that, it would be nice > if github integrated support for instantiating a simple guest just > to be command control. Otherwise a dedicated self hosted runner outside > of the cloud could just have the credentials file. As far as I can tell, the major four all implement devops pipelines that can hook into GitHub pull requests and bring up instances and what not. Seems like that might obviate the need for managing authentication material on GitHub itself...? Check out AWS CloudBuild: https://docs.aws.amazon.com/codebuild/latest/userguide/concepts.html You give it a little yaml file that tells it to watch a GitHub repo and then execute steps on AWS when it notices a PR. Very much like a GitHub Action, but the runner is on AWS and not GitHub, and because the activity is triggered by an AWS service (CloudBuild) the API authentication step is already done. OCI calls this "Instance Principal Authentication": https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdk_authentication_methods.htm#sdk_authentication_methods_instance_principaldita Basically the service principal in the instance where terraform is running is used to provision new terraform resources. So we set up one of these CloudBuild projects for each cloud provider, and for any PR in linux-kdevops/kdevops, it will try a bringup/destroy sequence on that cloud. The build logs can be placed in a public spot on the AWS web site. So I would need to add a Kconfig widget to each cloud provider's submenu to select "Instance Principal Authentication" (or whatever terminology that cloud provider users) and then kdevops will set up the terraform provider block properly for that scenario. > The kdeops-ci repo [0] has sufficient workflow branch examples, some of which > we are already using for different subsystems to trigger runs with > kevops on dedicated servers. If a subsystem wanted to leverage the cloud > their defconfig would just have the setup for the respective cloud of > choice. For example defconfigs/linux-xfs-kpd is what se use for testing > pushes to branches to the linux-kdevops/linux-xfs-kpd and only Carlos > has access to push to that repo. Which dedicated self hosted runner is > opaque to kdevops, but it can easily have cloud credentials to easily > do bringup. > > I hadn't enabled the below on kdevops just because of lack of time of > testing, and trying to then optimize the cost so that a super bare bones > cloud istanace would be used for every kdevops commit pushed. As long as the instance configurations are fairly minimal, they can be kept in the free tier on most if not all cloud providers. You do need an active credit card to open a cloud account, though. > However, > that's a bit extreme of course, and we can tone it down to only commits > perhaps that touch kdevops. But if that works, then by all means so > would a push to a git tree as we do with linux-kdevops/linux-xfs-kpd > using the examples in the branches for /linux-kdevops/kdevops-ci. > > [0] https://github.com/linux-kdevops/kdevops-ci > > name: Run kdevops on self-hosted runner for aws cloud instances > > on: > workflow_dispatch: # Add this for manual triggering of the workflow > > jobs: > run-kdevops: > name: Run kdevops CI > runs-on: [self-hosted, Linux, X64] > steps: > - name: Checkout repository > uses: actions/checkout@v4 > > - name: Set CI metadata for kdevops-results-archive > run: | > echo "$(basename ${{ github.repository }})" > ci.trigger > LOG=$(git log -1 --pretty=format:"%s") > ci.subject > echo "cloud aws:" $LOG" > ci.subject > # Start out pessimistic > echo "not ok" > ci.result > echo "Nothing to write home about." > ci.commit_extra > > - name: Set kdevops path > run: echo "KDEVOPS_PATH=$GITHUB_WORKSPACE" >> $GITHUB_ENV > > - name: Configure git > run: | > git config --global --add safe.directory '*' > git config --global user.name "kdevops" > git config --global user.email "kdevops@lists.linux.dev" > > - name: Run kdevops make defconfig-repo > run: | > KDEVOPS_TREE_REF="${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}" > SHORT_PREFIX="$(echo ${KDEVOPS_TREE_REF:0:12})" > make KDEVOPS_HOSTS_PREFIX="$SHORT_PREFIX" defconfig-aws > > - name: Run kdevops make > run: | > make -j$(nproc) > > - name: Run kdevops make bringup > run: | > make bringup > > - name: Just check the kernel > run: | > make uname > echo "ok" > ci.result > > - name: Start SSH Agent > if: always() # Ensure this step runs even if previous steps failed > uses: webfactory/ssh-agent@v0.9.0 > with: > ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} > > - name: Build our kdevops archive results > if: always() # This ensures the step runs even if previous steps failed > run: | > make ci-archive > > - name: Upload our kdevops results archive > if: always() # This ensures the step runs even if previous steps failed > uses: actions/upload-artifact@v4 > with: > name: kdevops-ci-results > path: ${{ env.KDEVOPS_PATH }}/archive/*.zip > > # Ensure make destroy always runs, even on failure > - name: Run kdevops make destroy > if: always() # This ensures the step runs even if previous steps failed > run: | > make destroy -- Chuck Lever