ansible_aws_deployer icon indicating copy to clipboard operation
ansible_aws_deployer copied to clipboard

Published 20 hours ago verified publisher icon sborenst

Example secret vars file needs to indicate aws information is needed

Open gnunn1 opened this issue 8 years ago • 8 comments

The file hosts.bu-workshop.j2 requires the aws_secret_* variables be defined, should the example_secret_vars.yml be updated to include these or is the expectation that they should be read from ~/.aws/credentials and something is not working for me?

gnunn1 avatar Dec 01 '16 17:12 gnunn1

From the documentation:

-- Each "environment" has two vars files _vars and _secret_vars in the Environment folder. The example_secret_vars file shows the format for what to put in your bu-workshop_secret_vars file, if you were using the bu-workshop playbook.

The bu-workshop_vars file contains most of the configuration settings to use in the environment. Really the only ones you should expect to modify are the domain-related and number of (workshop) user options. All AMIs and sizing is preconfigured and automatic for the AWS region you deploy into.

thoraxe avatar Dec 01 '16 17:12 thoraxe

It's quite possible I'm misunderstanding what you are getting at being very new to ansible, all I was suggesting is that the file example_secret_vars.yml, which is acting as a template, be updated to include aws_access_key_id and aws_secret_access_key so someone trying this out knows he has to fill them in.

gnunn1 avatar Dec 01 '16 17:12 gnunn1

No worries --

If you're using -e config=bu-workshop and the bu-workshop playbooks, the stuff is written so that it expects to look for a vars file that is called bu-workshop_secret_vars. You correctly interpreted the next part -- copy the example_secret_vars.yml to bu-workshop_secret_vars and put in the necessary "secret" information.

thoraxe avatar Dec 01 '16 17:12 thoraxe

I think all I'm getting at is that the only way I knew I had to populate the aws_secret variables specifically was to actually run the script and watch it fail. While the documentation as you point out says to copy the example_secret_vars.yml that file only has placeholders for the Red Hat subscription variables in it so there is no way for the user to know in advance about the need for the aws_secret variables.

That's why I'm saying to populate the example file with placeholder versions of the aws_secret variables, so the user knows he has to do this. That file already has placeholders for the Red Hat subscription credentials, just add this as well to make it a more user friendly experience, i.e.:

rhel_subscription_user: rhn-user
rhel_subscription_pass: 'Password'
rhel_pool_id:
  - "POOLID"
aws_access_key_id: aws-key-id
aws_secret_access_key: aws-secret-key

If the variables required are going to vary by config and you don't think other configs are very likely to need the aws_secret variables, then maybe update the workshop section in Readme.MD to mention these variables specifically.

gnunn1 avatar Dec 01 '16 18:12 gnunn1

OK, I understand what you're saying now.

The example file needs to be updated. I'll reopen this issue and change the subject.

thoraxe avatar Dec 01 '16 19:12 thoraxe

@gnunn1 let me know if you think the subject is more appropriate/accurate now?

thoraxe avatar Dec 01 '16 19:12 thoraxe

That's fine, thanks for your patience

gnunn1 avatar Dec 01 '16 19:12 gnunn1

I'll take a look at this. On first run, you can do a check to see if the credential files exists. If it does not, prompt the user to generate and provide aws credentials.

johannes-cabal avatar Dec 05 '16 19:12 johannes-cabal