Skip to content

Add awscli role for bastion #85

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Dec 8, 2020
Merged

Add awscli role for bastion #85

merged 5 commits into from
Dec 8, 2020

Conversation

tei-k
Copy link
Contributor

@tei-k tei-k commented Nov 26, 2020
edited
Loading

Description

Authentication to eks cluster through the aws eks get-token command when using kubernetes module of scalar-terraform

ref: scalar-labs/scalar-terraform#236

Done

Add awscli role.

How to use

  • AWS
 $ ansible-playbook -i ${SCALAR_K8S_CONFIG_DIR}/inventory.ini playbooks/playbook-install-tools.yml -e "install_awscli=true"
  • Azure
 $ ansible-playbook -i ${SCALAR_K8S_CONFIG_DIR}/inventory.ini playbooks/playbook-install-tools.yml

@tei-k tei-k self-assigned this Nov 26, 2020
@tei-k tei-k changed the title [WIP] Add awscli role for bastion Add awscli role for bastion Nov 26, 2020
@tei-k tei-k requested review from feeblefakie and ymorimo November 26, 2020 07:20
@feeblefakie
Copy link
Collaborator

@tei-k CI seems failed. Can you check?

@tei-k
Copy link
Contributor Author

tei-k commented Nov 27, 2020

@feeblefakie

CI seems failed. Can you check?

OK! Fixed in b9b9887.

Ref:
https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#adding-a-system-path

@ymorimo
Copy link
Contributor

ymorimo commented Nov 27, 2020

Instead of adding a flag to the Ansible command, why don't you automate it? On HVM instances, the following task would be able to tell if the current host is an EC2 instance.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/identify_ec2_instances.html

test $(sudo dmidecode --string system-uuid 2>&1 | cut -c1-3) = "ec2"

@tei-k
Copy link
Contributor Author

tei-k commented Nov 27, 2020

Instead of adding a flag to the Ansible command, why don't you automate it? On HVM instances, the following task would be able to tell if the current host is an EC2 instance.

Beause I'm not sure what's the best way. 🤔

This method to determine whether a system is an EC2 instance is quick but potentially inaccurate because there is a small chance that a system that is not an EC2 instance could have a UUID that starts with these characters. Furthermore, for EC2 instances that are not using Amazon Linux, the distribution's implementation of SMBIOS might represent the UUID in little-endian format, therefore the "EC2" characters do not appear at the beginning of the UUID.

ymorimo
ymorimo reviewed Nov 30, 2020
View reviewed changes
Copy link
Contributor

@ymorimo ymorimo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tei-k I'm not sure how likely it is that the method of checking an "ec2" at the beginning of the dmidecode output is inaccurate, but I think it's good to go with a command-line option.
I hope there is a reliable way to determine that the host is an EC2 instance.
Then, added one comment in the documentation, please take a look.

tei-k and others added 2 commits December 4, 2020 15:28
@tei-k
Add description for install awscli
66c0024
@feeblefakie @ymorimo
Update docs/PrepareBastionTool.md
d0cf6b9 
Co-authored-by: Yusuke Morimoto <yusuke.morimoto@scalar-labs.com>
@ymorimo ymorimo self-requested a review December 4, 2020 07:31
feeblefakie
feeblefakie approved these changes Dec 8, 2020
View reviewed changes
Copy link
Collaborator

@feeblefakie feeblefakie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

ymorimo
ymorimo approved these changes Dec 8, 2020
View reviewed changes
Copy link
Contributor

@ymorimo ymorimo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@feeblefakie feeblefakie merged commit 9b28ed0 into master Dec 8, 2020
@feeblefakie feeblefakie deleted the add-awscli-for-bastion branch December 8, 2020 01:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ymorimo ymorimo ymorimo approved these changes

@feeblefakie feeblefakie feeblefakie approved these changes

Assignees

@tei-k tei-k

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tei-k @feeblefakie @ymorimo