Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ansible role for AWS #6

Merged
merged 3 commits into from
Aug 19, 2022
Merged

Conversation

avery-blanchard
Copy link
Contributor

Add ansible role for AWS. This role is not ready for use. The ansible AWS module currently does not have the functionality to create an AMI with UEFI and TPM enabled. An issue has been opened regarding this. Next steps and potential blockers are addressed in the README for when the development of the playbook can resume. @lkatalin

Signed-off-by: Avery Blanchard <[email protected]>
Signed-off-by: Avery Blanchard <[email protected]>
Copy link
Collaborator

@lkatalin lkatalin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few small nits, otherwise my inclination is to go ahead and merge it. It can serve as a placeholder until the AWS ansible module PR comes through and/or until we upload the manual setup instructions separately.

3. Select your user
4. Select 'Security credentials'
5. Click 'Create access key'
6. Record your Access key ID and secret key for authenticating the playbook
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would add something like "Your access key ID is displayed in the table in the AWS console. Your secret key is the key itself." I think the first 3 times I read this, I thought they were two different keys.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The secret key is also displayed in the console (only when first created), and is not the .csv file downloaded. I will add more clarity on the keys!

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is fine

5. Run script to configure environment for ansible.
```
./set_env_var.sh --help
"Usage: ./set_env_var.sh <AWS access key ID> <AWS secret key> <AWS region>"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the AWS secret key supposed to be a file path to your key? Or what format does it expect here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you can think of a better way to handle this, let me know. The two keys required to authenticate ansible are just displayed in the console when the access key is created. The .csv contains another value that does not match either the value for the secret key nor the access key ID. Currently, the secret key and access key ID are to be copied by the user when it is created then passed into the script.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This makes more sense now

Signed-off-by: Avery Blanchard <[email protected]>
Copy link
Collaborator

@lkatalin lkatalin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! The .csv file is parsed correctly by your env vars script. We can troubleshoot the actual automation later and/or add some manual instructions as a placeholder.

@lkatalin
Copy link
Collaborator

@mpeters What do you think, can we merge?

@mpeters mpeters merged commit f8f2a4b into keylime:main Aug 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants