gregdek

Tweaks necessary to https://github.com/aquasecurity/kube-bench to get Bottlerocket to pass more checks.

Basically, the issue is that Bottlerocket does kubelet configuration slightly differently, so some paths
are different.

diff --git a/cfg/config.yaml b/cfg/config.yaml
index 55ff322..db5af12 100644
--- a/cfg/config.yaml
+++ b/cfg/config.yaml
@@ -120,11 +120,13 @@ node:

gregdek

RETIRED MODULES

What is module retirement? 

It is the flagging and ultimate removal of a module because it is no longer useful and may actively harm or confuse users by its continuing existence.

Why might a module be retired? There are three fundamental reasons:

* Because the module supports a product/project that is no longer
  supported / useful / exists.

gregdek

4:25 AM <gregdek> Hey, can someone join the bluejeans call so we can do some level checks?
4:26 AM <gregdek> https://bluejeans.com/856479228/
4:29 AM → crab joined (~ams@raven.toroid.org)
4:33 AM <gregdek> Hi crab :)
4:33 AM <gregdek> Will you be joining us for audio?
4:34 AM gregdek set the topic: Contributor summit audio: https://bluejeans.com/856479228/
4:52 AM *.net ↮ *.split → alvaroaleman joined  ↔ crab and rbergeron nipped out  
4:59 AM <gregdek> OK, we're starting.
5:01 AM → jimi|ansible and resmo joined  ← alvaroaleman left  
5:02 AM <jimi|ansible> howdy

gregdek

Keybase proof

I hereby claim:

• I am gregdek on github.
• I am gregdek (https://keybase.io/gregdek) on keybase.
• I have a public key whose fingerprint is 6584 1770 C1C4 111D 34A0 A19A F7E8 A548 F957 9444

To claim this, I am signing this object:

gregdek

103 error messages in the error log from a functional CIAB install:

[root@ciab200 eucalyptus]# grep ERROR cloud-error.log | wc -l
103
 
OK, a little digging indicates that 87 of these errors relate to the failure of loadbalancing to start:

[root@ciab200 eucalyptus]# grep ERROR cloud-error.log | grep loadbalanc | wc -l
87

gregdek

[root@ciab200 admin]# cat /var/log/eucalyptus/cloud-error.log 
Sun Feb 9 00:41:36 2014 ERROR [BindingCache:main] [com.eucalyptus.binding.BindingCache$InternalSoapBindingGenerator$RootObjectTypeBinding.process(BindingCache.java):668] BUG: Fix your message type definitions for class edu.ucsb.eucalyptus.msgs.ErrorResponse
Sun Feb 9 00:41:36 2014 ERROR [BindingCache:main] [com.eucalyptus.binding.BindingCache$InternalSoapBindingGenerator$RootObjectTypeBinding.process(BindingCache.java):669] BUG: Binding generation encountered an element naming conflict.  Using edu.ucsb.eucalyptus.msgs.ErrorResponse for edu.ucsb.eucalyptus.msgs.ErrorResponse
Sun Feb 9 00:42:11 2014 ERROR [BindingCache:main] [com.eucalyptus.binding.BindingCache$InternalSoapBindingGenerator$RootObjectTypeBinding.process(BindingCache.java):668] BUG: Fix your message type definitions for class edu.ucsb.eucalyptus.msgs.ErrorResponse
Sun Feb 9 00:42:11 2014 ERROR [BindingCache:main] [com.eucalyptus.binding.BindingCache$InternalSoapBindingGenerator$RootOb

gregdek

[2014-01-10T04:25:56+00:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
[2014-01-10T04:25:56+00:00] ERROR: execute[chmod +x //source/tools/eucalyptus-cloud] (eucalyptus::cloud-controller line 46) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '1'
---- Begin output of chmod +x //source/tools/eucalyptus-cloud ----
STDOUT: 
STDERR: chmod: cannot access `//source/tools/eucalyptus-cloud': No such file or directory
---- End output of chmod +x //source/tools/eucalyptus-cloud ----
Ran chmod +x //source/tools/eucalyptus-cloud returned 1
[2014-01-10T04:23:57+00:00] INFO: Forking chef instance to converge...
[2014-01-10T04:25:56+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)

gregdek

adb_unassignAddressType.c:3980: warning: 'k' may be used uninitialized in this function
adb_unassignAddressType.c: In function 'adb_unassignAddressType_set_disabledServices_at':
adb_unassignAddressType.c:3543: warning: 'k' may be used uninitialized in this function
adb_unassignAddressType.c: In function 'adb_unassignAddressType_set_services_at':
adb_unassignAddressType.c:3106: warning: 'k' may be used uninitialized in this function
adb_virtualMachineType.c: In function 'adb_virtualMachineType_set_virtualBootRecord_at':
adb_virtualMachineType.c:1677: warning: 'k' may be used uninitialized in this function
fatal: The remote end hung up unexpectedly
fatal: early EOF
fatal: index-pack failed

gregdek

Bringing machine 'eucadev-all' up with 'virtualbox' provider...
[eucadev-all] Importing base box 'centos'...
[eucadev-all] Matching MAC address for NAT networking...
[eucadev-all] Setting the name of the VM...
[eucadev-all] Clearing any previously set forwarded ports...
[Berkshelf] Updating Vagrant's berkshelf: '/Users/gregdek/.berkshelf/eucadev-all/vagrant/berkshelf-20131218-9757-gem7wr-eucadev-all'
[Berkshelf] Using yum (3.0.2)
[Berkshelf] Using ntp (1.5.0)
[Berkshelf] Using selinux (0.6.2)
[Berkshelf] Using bridger (0.0.1)

gregdek

Bringing machine 'eucadev-all' up with 'virtualbox' provider...
[eucadev-all] Importing base box 'centos'...
[eucadev-all] Matching MAC address for NAT networking...
[eucadev-all] Setting the name of the VM...
[eucadev-all] Clearing any previously set forwarded ports...
[Berkshelf] Updating Vagrant's berkshelf: '/Users/gregdek/.berkshelf/eucadev-all/vagrant/berkshelf-20131218-9757-gem7wr-eucadev-all'
[Berkshelf] Using yum (3.0.2)
[Berkshelf] Using ntp (1.5.0)
[Berkshelf] Using selinux (0.6.2)
[Berkshelf] Using bridger (0.0.1)