Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[infra.ci.jenkins.io] Service Principal used to spawn Azure agents expires on 2024-06-30 #4154

Closed
6 tasks done
dduportal opened this issue Jun 27, 2024 · 5 comments
Closed
6 tasks done

[infra.ci.jenkins.io] Service Principal used to spawn Azure agents expires on 2024-06-30 #4154

dduportal opened this issue Jun 27, 2024 · 5 comments
Assignees
@dduportal
Labels
azure infra.ci.jenkins.io
Milestone
infra-team-sync-2...

Comments

@dduportal
Copy link
Contributor

dduportal commented Jun 27, 2024
edited
Loading

The Azure SP credential defined in https://github.com/jenkins-infra/azure/blob/baef2fc43660ac14e11d66e9861d1ea030e74715/infra.ci.jenkins.io.tf#L47 expires the 30 June 2024.

We need to:

  • Add this expiration date to the automation tracking system introduced by @smerle33 and @lemeurherve so we would have an automatic PR
  • Once the PR is open and ready to merge:
    • Announce the operation (infra.ci.jenkins.io won't be able to spin up Azure Virtual Machine agents during the operation: builds will be queued)
    • Merge the PR in jenkins-infra/azure to extend the credential expiry date (and dismiss the former credential)
    • Update the credential in SOPS. Note: once pushed to the repository chart-secrets, run one time the kubernetes-management job to apply the credential change
    • Restart the controller to ensure the new credentials is propagated and loaded in memory
    • Ensure Azure VM are spawned
    • Close announcement
@dduportal dduportal added this to the infra-team-sync-2024-07-02 milestone Jun 27, 2024
@github-actions GitHub Actions
Copy link

Take a look at these similar issues to see if there isn't already a response to your problem:

  1. 92% Service Principal used by infra.ci.jenkins.io to spawn Azure agents expires on 2024-03-22 #4000

@dduportal dduportal self-assigned this Jun 27, 2024
This was referenced Jun 27, 2024
Closed
Merged
dduportal added a commit to jenkins-infra/azure that referenced this issue Jun 28, 2024
@dduportal
chore(updatecli) track end date for the Azure client password used by…
c6320bf 
… Azure VM agents plugin in infra.ci.jenkins.io (#760)

Related to jenkins-infra/helpdesk#4154

This PR tracks the end date of the infra.ci.jenkins.io Azure Client
Password used to spawn Azure VM agents.

Signed-off-by: Damien Duportal <[email protected]>
@dduportal
Copy link
Contributor Author

Update:

@dduportal
Copy link
Contributor Author

Update:

@dduportal
Copy link
Contributor Author

dduportal commented Jun 28, 2024
edited
Loading

Update:

  • The controller restart was not sufficient enough: the old Azure API token was still used (and failing)
  • As pointed by @jayfranco999 we tried to reload JCasC which worked: a new API token was generated (as per controller logs) and Azure VM agents are now spun up

@dduportal
Copy link
Contributor Author

Announcement close

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dduportal dduportal

Labels
azure infra.ci.jenkins.io
Projects
None yet
Milestone
infra-team-sync-2024-07-02
Development

No branches or pull requests
1 participant
@dduportal