Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove ansible vault requirement #292

Merged
merged 6 commits into from
Jul 26, 2024
Merged

Remove ansible vault requirement #292

merged 6 commits into from
Jul 26, 2024

Conversation

BMartinos
Copy link
Collaborator

@BMartinos BMartinos commented May 8, 2024
edited by coderabbitai bot

The Vault is no longer needed as the docker login is also not needed to execute the ansible script.
This is currently also a blocker for anyone wanting to use ansible to provision the servers and they dont have access to keepass to retrieve the vault password

Additional update was to make the default user configurable within the inventory. It was assumed the default user will always be ubuntu, and statically adding the ubuntu user to the docker group. This is now part of the docker_users list to dynamically define/update the default user in use

Summary by CodeRabbit

  • Documentation

    • Updated Ansible playbook instructions by removing --ask-vault-pass option and eliminating Vault and Keepass sections.

  • New Features

    • Added a user with username ubuntu to the docker_users list.

  • Refactor

    • Simplified Ansible roles by removing tasks related to ubuntu user management and Docker Hub login.
    • Added a task to create Docker daemon config path if it doesn't exist.

  • Chores

    • Removed Docker Hub login credentials from configuration files.

@BMartinos
Remove the need to docker login
250a09a 
The docke rlogin isnt needed as the images are publicly available.
Removing the inclusion of vault/keepass references
@BMartinos
Define dynamic default user
e2b088d 
It was ssumed the default user will always be called "ubuntu"
Allow the default user to be updated and added to the list of docker users
The key is excluded as the default user is already added to the authorised leys list, they just need to be assigned to the docker group
@BMartinos
Skip key assignement for user if empty
314a797 
If the user doesnt have an SSH key defined, skip the step for adding the key to authorised users list
@BMartinos
Revert "Skip key assignement for user if empty"
96b3cf2 
This reverts commit 314a797.
rcrichton
rcrichton approved these changes May 8, 2024
View reviewed changes
Copy link
Member

@rcrichton rcrichton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, has this been tested a proved working with a platform deploy done? I didn't run this myself.

@BMartinos
Copy link
Collaborator Author

Hi @rcrichton Ive tested this successfully within my local environment making use of a local VM to run the ansible script against. Below is a screencast of this being tested (making use of a multipass VM instance)

Screencast.from.08-05-2024.10.05.23.webm

@rcrichton
Copy link
Member

@coderabbitai review

@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented May 10, 2024

Actions Performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented May 10, 2024
edited

Walkthrough

The changes streamline Ansible configurations for Docker setups by removing unnecessary tasks and credentials, updating user entries, and refining conditions within playbooks. Vault-related sections have been eliminated for better security, and instructions updated accordingly. Major adjustments include adding and configuring the ubuntu user, and removing Docker Hub login tasks and credentials.

Changes

File Path Change Summary
infrastructure/ansible/README.md Removed --ask-vault-pass option, eliminated Vault/Keepass sections, and updated usage instructions
infrastructure/ansible/inventories/development/... Added ubuntu to docker_users, removed Docker Hub login credentials
infrastructure/ansible/roles/common/tasks/main.yml Added condition to loop for sudoers and docker_users
infrastructure/ansible/roles/docker/tasks/main.yml Removed tasks for ubuntu user in sudo group and Docker Hub login, added task for Docker daemon config path

Poem

In Ansible's dance, simplicity found,
The rabbit's work, changes abound.
Ubuntu joined the Docker crew,
Instructions cleaned, security grew.
Credentials stripped, a lighter path,
Progress made, the rabbit laughs. 🐇✨

Tip

AI model upgrade

gpt-4o model for reviews and chat is now live

OpenAI claims that this model is better at understanding and generating code than the previous models. Please join our Discord Community to provide any feedback or to report any issues.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share
Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai generate interesting stats about this repository and render them as a table.
    • @coderabbitai show all the console.log statements in this repository.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot reviewed May 10, 2024
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

Out of diff range and nitpick comments (5)
infrastructure/ansible/README.md (5)

Line range hint 6-6: Consider revising the repeated phrase "Ansible Docker Community Collection installed" to enhance clarity.

- Ansible Docker Community Collection installed
+ Ansible Docker Community Collection is installed

Line range hint 23-23: Add a comma after "all.yml_" for better readability.

- all.yml_.  To have docker access you need to add your ssh key to the  `docker_users` var in the _/inventories/{ENVIRONMENT}/group_vars/all.yml_.
+ all.yml_,  To have docker access you need to add your ssh key to the  `docker_users` var in the _/inventories/{ENVIRONMENT}/group_vars/all.yml_.

Line range hint 25-25: Consider rephrasing to avoid repetitive wording and enhance readability.

- An authorised user will need to run the `provision_servers.yml` playbook to add your ssh key to the servers.
+ An authorised user must execute the `provision_servers.yml` playbook to add your ssh key to the servers.

Line range hint 29-29: Correct the verb form for better grammatical accuracy.

- else ansible might complains, for each server run:
+ else ansible might complain, for each server run:

Line range hint 35-35: Insert a comma after "known_hosts" for improved readability.

- ~/.ssh/known_hosts ```  To run a playbook you should do:
+ ~/.ssh/known_hosts, ```  To run a playbook you should do:
Review Details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits Files that changed from the base of the PR and between d618d2f and 96b3cf2.
Files selected for processing (4)
  • infrastructure/ansible/README.md (2 hunks)
  • infrastructure/ansible/inventories/development/group_vars/all.yml (2 hunks)
  • infrastructure/ansible/roles/common/tasks/main.yml (1 hunks)
  • infrastructure/ansible/roles/docker/tasks/main.yml (2 hunks)
Files skipped from review due to trivial changes (2)
  • infrastructure/ansible/inventories/development/group_vars/all.yml
  • infrastructure/ansible/roles/docker/tasks/main.yml
Additional Context Used
LanguageTool (5)
infrastructure/ansible/README.md (5)

Near line 6: Possible typo: you repeated a word
Context: ...s - Linux OS to run commands - Install Ansible - Ansible Docker Community Collection installed ...

Near line 23: Possible missing comma found.
Context: ...T}/group_vars/all.yml_. To have docker access you need to add your ssh key to the `d...

Near line 25: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ...vars/all.yml_. An authorised user will need to run the provision_servers.yml playboo...

Near line 29: The modal verb ‘might’ requires the verb’s base form.
Context: ...our known hosts file else ansible might complains, for each server run: ```sh ssh-keysca...

Near line 35: It seems that a comma is missing.
Context: ...st> >> ~/.ssh/known_hosts To run a playbook you should do: bash ansible-playboo...

Additional comments not posted (1)
infrastructure/ansible/roles/common/tasks/main.yml (1)

34-34: Ensure that the condition item.key is defined is correctly placed to prevent errors during execution when certain expected variables are undefined.

coderabbitai[bot]
coderabbitai bot reviewed Jul 3, 2024
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 96b3cf2 and f0d167a.

Files selected for processing (1)
  • infrastructure/ansible/inventories/development/group_vars/all.yml (2 hunks)
Additional comments not posted (1)
infrastructure/ansible/inventories/development/group_vars/all.yml (1)

37-38: Verify the correctness of the new user entry.

The new entry with the username ubuntu has been added to the docker_users list. Ensure that this user exists and is intended to be part of the docker_users list.

rcrichton
rcrichton approved these changes Jul 26, 2024
View reviewed changes
Copy link
Member

@rcrichton rcrichton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@rcrichton rcrichton merged commit b7410a3 into main Jul 26, 2024
3 checks passed
@rcrichton rcrichton deleted the remove-ansible-vault-requirement branch July 26, 2024 06:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderabbitai coderabbitai coderabbitai left review comments

@rcrichton rcrichton rcrichton approved these changes

@bradsawadye bradsawadye Awaiting requested review from bradsawadye

@drizzentic drizzentic Awaiting requested review from drizzentic

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@BMartinos @rcrichton @drizzentic