search

tmobile / pacbot

PacBot (Policy as Code Bot)
https://tmobile.github.io/pacbot/
Apache License 2.0
1.29k stars 276 forks source link

Required Complete Pacbot flow documentation to debug application & Accessing Keypair issue #397

Open keerthikanthn opened 4 years ago

keerthikanthn commented 4 years ago

❔ Question

Hi team , We are including Pacbot application to our cloud environment but facing issues as data is not populated into pacbot application when we provide already existing keypair instead of Pacbot generated keypair.

  1. If pacbot generates it own keypair - Pacbot is working by fetching data after 1 or 2hrs .

  2. If we provided with own keypair name [ test keypair] and putting pem file /opt/pacbot/installer/data/output/test.pem - Pacbot is not fetching data even after 1 or 2 hrs.

i checked AWS batch - compute environment instance which is attached with test keypair and it is in enable state .

So can you guys suggest on this issue and on top of it can you guys provide us with complete end to end flow documentation so that it will be easy for us to debug pacbot application to solve issues.

🔦 Context

💻 Code Sample

kaykumar commented 4 years ago

@sajeer-nooh can you please help @keerthikanthn

sajeer-nooh commented 4 years ago

Hi @keerthikanthn

To use your own key pair, you should follow the below steps

  1. Go to installer/resources/batch/env.py line 22 (https://github.com/tmobile/pacbot/blob/master/installer/resources/batch/env.py#L22)
  2. Add your own key pair name
  3. Delete line 32 to 40 (https://github.com/tmobile/pacbot/blob/master/installer/resources/batch/env.py#L32)
  4. Pacbot installer by default use "pacbot" as the prefix for all the names. So in order to avoid this you should use custom resource by adding the below attribute(code) to the class class RuleEngineBatchJobEnv(BatchComputeEnvironmentResource): at line number 29 (https://github.com/tmobile/pacbot/blob/master/installer/resources/batch/env.py#L29) 
    available_args = {
'compute_environment_name': {'required': True, 'prefix': True, 'sep': '-'},
'compute_resources': {
    'required': True,
    'inline_args': {
        'instance_role': {'required': True},
        'instance_type': {'required': True},
        'max_vcpus': {'required': True},
        'min_vcpus': {'required': True},
        'desired_vcpus': {'required': False},
        'ec2_key_pair': {'required': False},
        'security_group_ids': {'required': True},
        'subnets': {'required': True},
        'resource_type': {'required': True, 'tf_arg_key': "type"},
        'compute_resources_tags': {'required': False, 'tf_arg_key': "tags"}
    }
},
'service_role': {'required': True},
'env_type': {'required': True, 'tf_arg_key': "type"},
'ecs_cluster_arn': {'required': False, 'prefix': True, 'sep': '-'},
}

    So that the class looks like 

class RuleEngineBatchJobEnv(BatchComputeEnvironmentResource):
    compute_environment_name = ""
    instance_role = ECSRoleInstanceProfile.get_output_attr('arn')
    instance_type = [Settings.get('BATCH_INSTANCE_TYPE', "m4.xlarge")]
    max_vcpus = 256
    min_vcpus = 0
    desired_vcpus = 0
    ec2_key_pair = ""
    resource_type = "EC2"
    security_group_ids = [InfraSecurityGroupResource.get_output_attr('id')]
    subnets = Settings.get('VPC')['SUBNETS']
    env_type = "MANAGED"
    service_role = BatchRole.get_output_attr('arn')
    compute_resources_tags = get_all_resource_tags()

    available_args = {
        'compute_environment_name': {'required': True, 'prefix': True, 'sep': '-'},
        'compute_resources': {
            'required': True,
            'inline_args': {
                'instance_role': {'required': True},
                'instance_type': {'required': True},
                'max_vcpus': {'required': True},
                'min_vcpus': {'required': True},
                'desired_vcpus': {'required': False},
                'ec2_key_pair': {'required': False},
                'security_group_ids': {'required': True},
                'subnets': {'required': True},
                'resource_type': {'required': True, 'tf_arg_key': "type"},
                'compute_resources_tags': {'required': False, 'tf_arg_key': "tags"}
            }
        },
        'service_role': {'required': True},
        'env_type': {'required': True, 'tf_arg_key': "type"},
        'ecs_cluster_arn': {'required': False, 'prefix': True, 'sep': '-'},
    }
keerthikanthn commented 4 years ago

Thanks for suggestions. In the time of ur response, I tried myself to figure it out to fix I did a similar kind of changes.

  1. Given existing keypair name [ ex: kk-key ] at (https://github.com/tmobile/pacbot/blob/master/installer/resources/batch/env.py#L22)

  2. Placed kk-key.pem file at Output folder of https://github.com/tmobile/pacbot/tree/master/installer/data/output

  3. but to avoid the "pacbot" name appending to the keypair , i just made changes in (https://github.com/tmobile/pacbot/blob/master/installer/core/terraform/resources/aws/batch.py#L25) prefix to False.

  4. Installed pacbot application.

Its worked for custom keypair.

But Can you help us by providing end to end flow of pacbot documentation like how it works , how API calls going because it is taking more time to figure out an issue during installations or if data not populated on pacbot UI.

Right now im facing another issue which will be posted in a separate post.

Once again , Thanks for ur answers. It supported my analysis.

@sajeer-nooh suggest me if anything wrong in 3rd point approach.