-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ansible role for AWS #6
Conversation
Signed-off-by: Avery Blanchard <[email protected]>
3d75b71
to
ed1ad30
Compare
Signed-off-by: Avery Blanchard <[email protected]>
ed1ad30
to
ad3a595
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few small nits, otherwise my inclination is to go ahead and merge it. It can serve as a placeholder until the AWS ansible module PR comes through and/or until we upload the manual setup instructions separately.
keylime-ansible-aws/README.md
Outdated
3. Select your user | ||
4. Select 'Security credentials' | ||
5. Click 'Create access key' | ||
6. Record your Access key ID and secret key for authenticating the playbook |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would add something like "Your access key ID is displayed in the table in the AWS console. Your secret key is the key itself." I think the first 3 times I read this, I thought they were two different keys.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The secret key is also displayed in the console (only when first created), and is not the .csv file downloaded. I will add more clarity on the keys!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is fine
keylime-ansible-aws/README.md
Outdated
5. Run script to configure environment for ansible. | ||
``` | ||
./set_env_var.sh --help | ||
"Usage: ./set_env_var.sh <AWS access key ID> <AWS secret key> <AWS region>" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the AWS secret key supposed to be a file path to your key? Or what format does it expect here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you can think of a better way to handle this, let me know. The two keys required to authenticate ansible are just displayed in the console when the access key is created. The .csv contains another value that does not match either the value for the secret key nor the access key ID. Currently, the secret key and access key ID are to be copied by the user when it is created then passed into the script.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This makes more sense now
Signed-off-by: Avery Blanchard <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! The .csv file is parsed correctly by your env vars script. We can troubleshoot the actual automation later and/or add some manual instructions as a placeholder.
@mpeters What do you think, can we merge? |
Add ansible role for AWS. This role is not ready for use. The ansible AWS module currently does not have the functionality to create an AMI with UEFI and TPM enabled. An issue has been opened regarding this. Next steps and potential blockers are addressed in the README for when the development of the playbook can resume. @lkatalin