Aws dns imdsv2 #4979
Aws dns imdsv2 #4979
Conversation
|
Welcome |
I've read the docs. This isn't a new DNS API integration, just an addition to an already-existing integration. |
|
The OpenBSD tests are failing. Relevant output is: In one of my re-runs, it looked like it did actually complete: The tests have passed on Docker, MacOS, Windows, and FreeBSD. |
|
you can get a openbad vm here to debug: |
|
I ran the tests against the bare fork (without my changes), and the OpenBSD automated tests appear to have failed in the same way - output looks like cert was generated, but the test still fails. |
|
_use_metadata() is broken on OpenBSD, I don't think many DNS APIs were originally tested at all under OpenBSD (ksh). |
|
That might fix it? I don't have any test environment available for route53/aws. |
Thanks @j-c-m , that change did get me past the OpenBSD tests. It then failed on NetBSD tests :( |
|
That looks like an error in the vm setup, from the actions just re-run the failed jobs, should pass.
… On Mar 11, 2024, at 5:19 PM, derytim ***@***.***> wrote:
***@***.*** <j-c-m@e2de58a>
That might fix it? I don't have any test environment available for route53/aws.
Thanks @j-c-m <https://github.com/j-c-m> , that change did get me past the OpenBSD tests.
It then failed on NetBSD tests :(
exec shell: bash run.sh onInitialized
/usr/bin/bash
Config file: netbsd-9.3.conf
Run 'prepare' in VM
Running prepare: pkg_add curl socat
exec ssh: pkg_add curl socat
/usr/bin/bash /home/runner/work/_actions/vmactions/netbsd-vm/v1/run.sh execSSHSH
Config file: netbsd-9.3.conf
sh: pkg_add: not found
Error: The process '/usr/bin/bash' failed with exit code 127 ```
—
Reply to this email directly, view it on GitHub <#4979 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABLFTFYAYMEVKTK4B3LGUUDYXZC2NAVCNFSM6AAAAABCT56POSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSOBZGYZDKMZWGE>.
You are receiving this because you were mentioned.
|
|
No dice, same error. Setup can't find |
|
rebase your code to the latest dev branch first. |
|
Yep that’s it, his feature branch is missing b79c3f5
… On Mar 13, 2024, at 11:58 AM, neil ***@***.***> wrote:
rebase your code to the latest dev branch first.
—
Reply to this email directly, view it on GitHub <#4979 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABLFTF7IL7OVJZQBFFVTN6TYYCHVFAVCNFSM6AAAAABCT56POSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSOJVGE4TGMZRGQ>.
You are receiving this because you were mentioned.
|
|
Thanks, that seemed to do it. |
|
do you need to update the usage here? |
|
Hi, I upgraded acme.sh and try rerun --renew command but no luck. I'm getting this error: When I try to get role credentials manually from metadata service it works but using acme.sh |
This uses IMDSv2 on EC2 instances, if available. (I don't think you can launch an instance that ONLY supports IMDSv1. If you had an instance running for years, maybe it doesn't support IMDSv2).
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
https://aws.amazon.com/blogs/security/get-the-full-benefits-of-imdsv2-and-disable-imdsv1-across-your-aws-infrastructure/
Tested this on an EC2 instance using just IMDSv2, using both, and using both (but forcing it to use IMDSv1).
#4960