Added fixes to STS and updated Installation notes.

ibm-client-engineering · Mar 13, 2024 · 4028379 · 4028379
1 parent c88167a
commit 4028379
Show file tree

Hide file tree

Showing 3 changed files with 94 additions and 3 deletions.
diff --git a/assets/Cloudformation/STS-parameters-override.json b/assets/Cloudformation/STS-parameters-override.json
@@ -99,6 +99,10 @@
         "ParameterKey": "BootNodeIamRoleArn",
         "ParameterValue": "OCPInstall"
     },
+    {
+        "ParameterKey": "InstallerIamRoleArn:",
+        "ParameterValue": ""
+    },
     {
         "ParameterKey": "WatsonAssistant",
         "ParameterValue": "removed"
@@ -139,4 +143,5 @@
         "ParameterKey": "MetaLlamaLlamaTwo70bChat",
         "ParameterValue": "removed"
     }
+
 ]
diff --git a/assets/Cloudformation/cluster-sts.yml b/assets/Cloudformation/cluster-sts.yml
@@ -261,6 +261,10 @@ Parameters:
     Description: BootNode execution role arn. It is going to attached to BootNode EC2. The EC2 instance is resposible to trigger Openshift operation
     Type: String
     AllowedPattern: ^arn:aws:iam::\d{12}:role/[a-zA-Z0-9][\w-]*$
+  InstallerIamRoleArn:
+    Description: Install execution role arn. It is going to attached to BootNode EC2. The EC2 instance is resposible to trigger Openshift operation
+    Type: String
+    AllowedPattern: ^arn:aws:iam::\d{12}:role/[a-zA-Z0-9][\w-]*$
   CA:
     Description: >-
        Choose installed to install the Cognos Analytics service.
@@ -873,7 +877,7 @@ Resources:
             /bin/bash ./cp-deploy.sh vault set --vault-secret ocp-ssh-pub-key --vault-secret-file ~/.ssh/id_rsa.pub
 
             # STS token and temp credential
-            out=$(aws sts assume-role --role-arn ${BootNodeIamRoleArn} --role-session-name OCPInstall --output json)
+            out=$(aws sts assume-role --role-arn ${InstallerIamRoleArn} --role-session-name OCPInstall --output json)
             /bin/bash ./cp-deploy.sh vault set --vault-secret aws-access-key --vault-secret-value $(echo "$out" | jq -r '.Credentials.AccessKeyId')
             /bin/bash ./cp-deploy.sh vault set --vault-secret aws-secret-access-key --vault-secret-value $(echo "$out" | jq -r '.Credentials.SecretAccessKey')
             /bin/bash ./cp-deploy.sh vault set --vault-secret aws-session-token --vault-secret-value $(echo "$out" | jq -r '.Credentials.SessionToken')

diff --git a/docs/1-GettingStarted/3-Installation.mdx b/docs/1-GettingStarted/3-Installation.mdx
@@ -140,9 +140,90 @@ Become ```ec2-user```
 su ec2-user
 ```
 
-
 You will now be able to review deployment logs.
 
+<details>
+<summary><b> #### Fixing aws command in SSM </b></summary>
+SSM does not work exactly the same as SSH. If you intend to use any additional commands, such as ```aws```, then you need to do the following:
+
+Check the output of running the  ```aws``` command,
+If there is an error message like this:
+
+```
+[47863] Error loading Python lib '/usr/bin/libpython3.11.so.1.0': dlopen: /usr/bin/libpython3.11.so.1.0: cannot open shared object file: No such file or directory
+```
+Another possible error message:
+
+```
+$ aws
+Python path configuration:
+  PYTHONHOME = '/usr/bin'
+  PYTHONPATH = (not set)
+  program name = '/usr/bin/aws'
+  isolated = 0
+  environment = 0
+  user site = 0
+  safe_path = 0
+  import site = 0
+  is in build tree = 0
+  stdlib dir = ''
+  sys._base_executable = '/usr/bin/aws'
+  sys.base_prefix = ''
+  sys.base_exec_prefix = ''
+  sys.platlibdir = 'lib'
+  sys.executable = '/usr/bin/aws'
+  sys.prefix = ''
+  sys.exec_prefix = ''
+  sys.path = [
+    '/usr/bin/base_library.zip',
+    '/usr/bin/lib-dynload',
+    '/usr/bin',
+  ]
+Fatal Python error: init_fs_encoding: failed to get the Python codec of the filesystem encoding
+Python runtime state: core initialized
+ModuleNotFoundError: No module named 'encodings'
+
+Current thread 0x00007fed39a06c00 (most recent call first):
+  <no Python frame>
+```
+You may not have the correct $PATH. 
+
+Incorrect $PATH:
+```
+$ echo $PATH
+/home/ec2-user/.local/bin:/home/ec2-user/bin:/usr/bin:/usr/sbin
+```
+
+How to Correct $PATH:
+
+```
+export PATH="/home/ec2-user/.local/bin:/home/ec2-user/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin"
+```
+
+How to persist the change to $PATH:
+
+```
+echo 'export PATH="$HOME/.local/bin:$HOME/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin"' >> .bashrc
+```
+
+Confirm this change works:
+
+```
+$ echo $PATH
+/home/ec2-user/.local/bin:/home/ec2-user/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin
+$ aws
+
+usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]
+To see help text, you can run:
+
+  aws help
+  aws <command> help
+  aws <command> <subcommand> help
+
+aws: error: the following arguments are required: command
+```
+
+</details>
 
 #### Monitor the deployment
 
@@ -152,4 +233,5 @@ Check what folders exist in the ec2-home directory. if "cpd-status" has not been
 tail -f ~/cpd-status/log/cloud-pak-deployer
 ```
 
-This command will show the log file from the cp-deployer process. 
+This command will show the log file from the cp-deployer process. 
+