Merge branch 'master' of github.com:CodeNow/devops-scripts into add-web-and-enterprise-sign-in

* 'master' of github.com:CodeNow/devops-scripts:
  Change variable names for ansible variables in dock launch script
  Change vars names. Remove unused ENVs
  PR comments
  PR comments
  Vault tokens will only be added to the user-data script and then to the instance if the AWS/S3 keys are not provided
  Update README.md
  Update README.md

Author: thejsj

README.md

@@ -18,11 +18,13 @@ https://github.com/CodeNow/devops-scripts
 3. Change to the devops scripts repo directory and run the following command:
 `ln -s /<local-path-to-devops-scripts>/ssh/config ~/.ssh/config`
 
-4. Obtain the “Keys of Power” from someone who can already deploy (ask Anand if you don’t know). Depending on what you want to deploy you'll receive `*.pem` files.
+4. Obtain the "Ansible Secrets" zip from one password
 
-5. Move the “Keys of Power” .pem  files to your `~/.ssh` directory
+5. Unzip file obtained above into `devops-scripts/ansible/secrets`
 
-6. Install two required tools onto your machine:
+6. Copy the `*.pem` files from `devops-scripts/ansible/secrets` to your `~/.ssh` directory
+
+7. Install two required tools onto your machine:
 ```bash
 brew update && brew install vault daemon
 ```

ansible/roles/builder/tasks/main.yml

@@ -55,7 +55,7 @@
   tags: [ deploy ]
   become: true
   copy:
-    src=../../../secrets/docker-client/{{ file_name_item }}
+    src=./secrets/docker-client/{{ file_name_item }}
     dest={{ build_dir }}/{{ name }}
     owner=ubuntu
     group=ubuntu

ansible/roles/dock_launch_config/tasks/main.yml

@@ -11,6 +11,8 @@
     - app_name: "krain"
     - enviroment_vars: enviroment_vars
 
+# this requires the use of gnu/coreutils base64 (`brew install coreutils`)
+# Allows us to use same base64 locally and in host
 - name: encode krain config to base64
   shell: cat ~/{{ app_name }}.conf | base64 -w 0
   register: krain_base64
@@ -29,7 +31,9 @@
     - app_name: "charon"
     - enviroment_vars: enviroment_vars
 
-- name: encode krain config to base64
+# this requires the use of gnu/coreutils base64 (`brew install coreutils`)
+# Allows us to use same base64 locally and in host
+- name: encode charon config to base64
   shell: cat ~/{{ app_name }}.conf | base64 -w 0
   register: charon_base64
   vars:

ansible/roles/dock_launch_config/templates/init.tmpl

@@ -1,10 +1,11 @@
 #!/bin/bash
 
-# Set ENV files
-export CONSUL_PORT={{ consul_api_port }}
-export CONSUL_HOSTNAME={{ consul_host_address }}
-export VAULT_PORT={{ vault_port }}
+{% set has_token = ( ec2_describe_aws_access_key is defined and
+        ec2_describe_aws_secret_key is defined and
+        dock_registry_s3_access_key is defined and
+        dock_registry_s3_secret_key is defined ) %}
 
+{% if not has_token %}
 # Create directory for env
 mkdir -p /opt/runnable/dock-init/consul-resources/vault/{{ node_env }}
 chown ubuntu:ubuntu /opt/runnable/dock-init/consul-resources/vault/{{ node_env }}
@@ -14,6 +15,7 @@ chmod 0711 /opt/runnable/dock-init/consul-resources/vault/{{ node_env }}
 {% for item in tokens %}
 echo {{ item.value }} > /opt/runnable/dock-init/consul-resources/vault/{{ node_env }}/{{ item.file_name }}
 {% endfor %}
+{% endif %}
 
 # Add upstart files for charon and krain
 mkdir -p /docker/app-logs/
@@ -34,5 +36,14 @@ start amazon-ssm-agent
 service krain start
 service charon start
 {% if not is_dock_pool %}
-CONSUL_HOSTNAME={{ consul_host_address }} CONSUL_PORT={{ consul_api_port }} VAULT_PORT={{ vault_port }} bash /opt/runnable/dock-init/init.sh | tee /var/log/user-script-dock-init.log
+CONSUL_HOSTNAME={{ consul_host_address }} \
+CONSUL_PORT={{ consul_api_port }} \
+VAULT_PORT={{ vault_port }} \
+{% if has_token %}
+S3_ACCESS_KEY={{ dock_registry_s3_access_key }} \
+S3_SECRET_KEY={{ dock_registry_s3_secret_key }} \
+AWS_ACCESS_KEY={{ ec2_describe_aws_access_key }} \
+AWS_SECRET_KEY={{ ec2_describe_aws_secret_key }} \
+{% endif %}
+bash /opt/runnable/dock-init/init.sh | tee /var/log/user-script-dock-init.log
 {% endif %}