Add new AWS creds secret for running kola tests

In this PR we add the aws-fcos-kola-bot-config secret that
represents credentials to use when running kola tests in AWS.

This will allow us to upload builds to the prod Fedora Account
(more locked down security) and do testing in our community Fedora
Account where we have control over the credentials handed out.

Author: dustymabe

HACKING.md

@@ -150,7 +150,7 @@ If you're planning to test changes, it would be best to fork
 this repo so that you do your work there. The workflow
 requires a remote repo to which to push changes.
 
-### Creating AWS credentials config
+### Creating AWS credentials configs
 
 If you are in production where we upload builds to S3 OR you want to
 test uploading to S3 as part of your pipeline development, you need to
@@ -159,7 +159,7 @@ create a credentials config as a secret within OpenShift.
 First create a file with your secret content:
 
 ```
-cat <<'EOF' > /path/to/file
+cat <<'EOF' > /path/to/upload-secret
 [default]
 aws_access_key_id=keyid
 aws_secret_access_key=key
@@ -169,7 +169,23 @@ EOF
 Then create the secret in OpenShift:
 
 ```
-oc create secret generic aws-fcos-builds-bot-config --from-file=config=/path/to/file
+oc create secret generic aws-fcos-builds-bot-config --from-file=config=/path/to/upload-secret
+```
+
+We also have a second AWS config that can be used for running kola
+tests. If you have a single account that has enough permissions for
+both then you can use the same account for both uploading builds and
+running kola tests (i.e. re-use `upload-secret` from above. If not then
+you can use a second set of credentials for the kola tests.
+
+```
+cat <<'EOF' > /path/to/kola-secret
+[default]
+aws_access_key_id=keyid
+aws_secret_access_key=key
+EOF
+
+oc create secret generic aws-fcos-kola-bot-config --from-file=config=/path/to/kola-secret
 ```
 
 ### Create a Jenkins instance with a persistent volume backing store

Jenkinsfile.kola.aws

@@ -55,6 +55,7 @@ podTemplate(cloud: 'openshift', label: 'coreos-assembler', yaml: pod, defaultCon
 
         stage('AWS Kola Run') {
           utils.shwrap("""
+          export AWS_CONFIG_FILE=\${AWS_FCOS_KOLA_BOT_CONFIG}
           kola run -p aws --aws-ami ${ami} --aws-region ${ami_region} -b fcos -j 10 || :
           tar -cf - _kola_temp/ | xz -c9 > _kola_temp.tar.xz
           """)

manifests/pod.yaml

@@ -20,12 +20,17 @@ spec:
      env:
        - name: AWS_FCOS_BUILDS_BOT_CONFIG
          value: /.aws-fcos-builds-bot-config/config
+       - name: AWS_FCOS_KOLA_BOT_CONFIG
+         value: /.aws-fcos-kola-bot-config/config
      volumeMounts:
      - name: data
        mountPath: /srv/
      - name: aws-fcos-builds-bot-config
        mountPath: /.aws-fcos-builds-bot-config/
        readOnly: true
+     - name: aws-fcos-kola-bot-config
+       mountPath: /.aws-fcos-kola-bot-config/
+       readOnly: true
      - name: github-token
        mountPath: /.github
        readOnly: true
@@ -42,6 +47,11 @@ spec:
     secret:
       secretName: aws-fcos-builds-bot-config
       optional: true
+  # This secret is used for running aws kola tests
+  - name: aws-fcos-kola-bot-config
+    secret:
+      secretName: aws-fcos-kola-bot-config
+      optional: true
   - name: github-token
     secret:
       secretName: coreosbot-github-token

manifests/sleep.yaml

@@ -15,12 +15,17 @@ spec:
      env:
        - name: AWS_FCOS_BUILDS_BOT_CONFIG
          value: /.aws-fcos-builds-bot-config/config
+       - name: AWS_FCOS_KOLA_BOT_CONFIG
+         value: /.aws-fcos-kola-bot-config/config
      volumeMounts:
      - name: data
        mountPath: /srv/
      - name: aws-fcos-builds-bot-config
        mountPath: /.aws-fcos-builds-bot-config/
        readOnly: true
+     - name: aws-fcos-kola-bot-config
+       mountPath: /.aws-fcos-kola-bot-config/
+       readOnly: true
      securityContext:
        privileged: false
   volumes:
@@ -32,3 +37,8 @@ spec:
     secret:
       secretName: aws-fcos-builds-bot-config
       optional: true
+  # This secret is used for running aws kola tests
+  - name: aws-fcos-kola-bot-config
+    secret:
+      secretName: aws-fcos-kola-bot-config
+      optional: true