Merge pull request #631 from CodeNow/conditionally-add-vault-tokens

henrymollman · web-flow · commit d4c8e676fe2e · 2017-04-13T15:01:50.000-07:00
Vault tokens will only be added to the user-data script and then to t…
diff --git a/ansible/roles/builder/tasks/main.yml b/ansible/roles/builder/tasks/main.yml
@@ -55,7 +55,7 @@
   tags: [ deploy ]
   become: true
   copy:
-    src=../../../secrets/docker-client/{{ file_name_item }}
+    src=./secrets/docker-client/{{ file_name_item }}
     dest={{ build_dir }}/{{ name }}
     owner=ubuntu
     group=ubuntu
diff --git a/ansible/roles/dock_launch_config/tasks/main.yml b/ansible/roles/dock_launch_config/tasks/main.yml
@@ -11,6 +11,8 @@
     - app_name: "krain"
     - enviroment_vars: enviroment_vars
 
+# this requires the use of gnu/coreutils base64 (`brew install coreutils`)
+# Allows us to use same base64 locally and in host
 - name: encode krain config to base64
   shell: cat ~/{{ app_name }}.conf | base64 -w 0
   register: krain_base64
@@ -29,7 +31,9 @@
     - app_name: "charon"
     - enviroment_vars: enviroment_vars
 
-- name: encode krain config to base64
+# this requires the use of gnu/coreutils base64 (`brew install coreutils`)
+# Allows us to use same base64 locally and in host
+- name: encode charon config to base64
   shell: cat ~/{{ app_name }}.conf | base64 -w 0
   register: charon_base64
   vars:
diff --git a/ansible/roles/dock_launch_config/templates/init.tmpl b/ansible/roles/dock_launch_config/templates/init.tmpl
@@ -5,6 +5,12 @@ export CONSUL_PORT={{ consul_api_port }}
 export CONSUL_HOSTNAME={{ consul_host_address }}
 export VAULT_PORT={{ vault_port }}
 
+{% set has_token = ( s3_access_key is defined and
+        s3_secret_key is defined and
+        aws_access_key is defined and
+        aws_secret_key is defined ) %}
+
+{% if not has_token %}
 # Create directory for env
 mkdir -p /opt/runnable/dock-init/consul-resources/vault/{{ node_env }}
 chown ubuntu:ubuntu /opt/runnable/dock-init/consul-resources/vault/{{ node_env }}
@@ -14,6 +20,7 @@ chmod 0711 /opt/runnable/dock-init/consul-resources/vault/{{ node_env }}
 {% for item in tokens %}
 echo {{ item.value }} > /opt/runnable/dock-init/consul-resources/vault/{{ node_env }}/{{ item.file_name }}
 {% endfor %}
+{% endif %}
 
 # Add upstart files for charon and krain
 mkdir -p /docker/app-logs/
@@ -34,5 +41,9 @@ start amazon-ssm-agent
 service krain start
 service charon start
 {% if not is_dock_pool %}
+{% if has_token %}
+CONSUL_HOSTNAME={{ consul_host_address }} CONSUL_PORT={{ consul_api_port }} VAULT_PORT={{ vault_port }} S3_ACCESS_KEY={{ s3_access_key }} S3_SECRET_KEY={{ s3_secret_key }} AWS_ACCESS_KEY={{ aws_access_key }} AWS_SECRET_KEY={{ aws_secret_key }} bash /opt/runnable/dock-init/init.sh | tee /var/log/user-script-dock-init.log
+{% else %}
 CONSUL_HOSTNAME={{ consul_host_address }} CONSUL_PORT={{ consul_api_port }} VAULT_PORT={{ vault_port }} bash /opt/runnable/dock-init/init.sh | tee /var/log/user-script-dock-init.log
 {% endif %}
+{% endif %}
