Permalink
Browse files

Only set AWS_ environment variables if overrides are present in role …

…vars

default(omit) is only valid for task parameters. If app_secrets does not contain
secret_key and access_key, do not include them as environment variables for
collectstatic. This will fallback to an IAM profile role in packer.
  • Loading branch information...
lopopolo committed Nov 11, 2018
1 parent f8ae83a commit f69a09882b665e5b83f0e1d61b8b03ba304be76b
Showing with 11 additions and 3 deletions.
  1. +11 −3 ansible/roles/hyperbola-app/tasks/app-deploy.yml
@@ -49,14 +49,22 @@
creates: "{{ deploy_helper.new_release_path }}/venv/**/*django*"
environment:
VIRTUAL_ENV: "{{ deploy_helper.new_release_path }}/venv"
- name: manage.py collectstatic
- name: manage.py collectstatic with AWS creds override
command: "{{ deploy_helper.new_release_path }}/venv/bin/python {{ deploy_helper.new_release_path }}/manage.py collectstatic --no-input"
args:
creates: "{{ deploy_helper.new_release_path }}/assets/staticfiles.json"
environment:
ENVIRONMENT: "{{ hyperbola_environment }}"
AWS_ACCESS_KEY_ID: "{{ app_secrets.aws_access_key | default(omit) }}"
AWS_SECRET_ACCESS_KEY: "{{ app_secrets.aws_secret_access_key | default(omit) }}"
AWS_ACCESS_KEY_ID: "{{ app_secrets.aws_access_key }}"
AWS_SECRET_ACCESS_KEY: "{{ app_secrets.aws_secret_access_key }}"
when: app_secrets.aws_access_key is defined and app_secrets.aws_secret_access_key is defined
- name: manage.py collectstatic with instance profile
command: "{{ deploy_helper.new_release_path }}/venv/bin/python {{ deploy_helper.new_release_path }}/manage.py collectstatic --no-input"
args:
creates: "{{ deploy_helper.new_release_path }}/assets/staticfiles.json"
environment:
ENVIRONMENT: "{{ hyperbola_environment }}"
when: app_secrets.aws_access_key is not defined and app_secrets.aws_secret_access_key is not defined
- name: Install gunicorn config
template:
src: "gunicorn.py.j2"

0 comments on commit f69a098

Please sign in to comment.