mirror of
https://github.com/trailofbits/algo.git
synced 2025-09-09 05:23:16 +02:00
db02a8f8aa
- Add no_log directives to all cloud provider credential handling - Set privacy-focused defaults (StrongSwan logging disabled, DNSCrypt syslog off) - Implement privacy role with log rotation, history clearing, and log filtering - Add Privacy Considerations section to README - Make all privacy features configurable and enabled by default This update significantly reduces Algo's logging footprint to enhance user privacy while maintaining the ability to enable logging for debugging when needed.
91 lines
3.2 KiB
YAML
91 lines
3.2 KiB
YAML
---
|
|
- pause:
|
|
prompt: |
|
|
Enter your AWS Access Key ID (http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html)
|
|
Note: Make sure to use an IAM user with an acceptable policy attached (see https://github.com/trailofbits/algo/blob/master/docs/deploy-from-ansible.md)
|
|
echo: false
|
|
register: _aws_access_key
|
|
when:
|
|
- aws_access_key is undefined
|
|
- lookup('env','AWS_ACCESS_KEY_ID')|length <= 0
|
|
|
|
- pause:
|
|
prompt: |
|
|
Enter your AWS Secret Access Key (http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html)
|
|
echo: false
|
|
register: _aws_secret_key
|
|
when:
|
|
- aws_secret_key is undefined
|
|
- lookup('env','AWS_SECRET_ACCESS_KEY')|length <= 0
|
|
|
|
- set_fact:
|
|
access_key: "{{ aws_access_key | default(_aws_access_key.user_input|default(None)) | default(lookup('env','AWS_ACCESS_KEY_ID'), true) }}"
|
|
secret_key: "{{ aws_secret_key | default(_aws_secret_key.user_input|default(None)) | default(lookup('env','AWS_SECRET_ACCESS_KEY'), true) }}"
|
|
no_log: true
|
|
|
|
- block:
|
|
- name: Get regions
|
|
aws_region_info:
|
|
aws_access_key: "{{ access_key }}"
|
|
aws_secret_key: "{{ secret_key }}"
|
|
region: us-east-1
|
|
register: _aws_regions
|
|
no_log: true
|
|
|
|
- name: Set facts about the regions
|
|
set_fact:
|
|
aws_regions: "{{ _aws_regions.regions | sort(attribute='region_name') }}"
|
|
|
|
- name: Set the default region
|
|
set_fact:
|
|
default_region: >-
|
|
{% for r in aws_regions %}
|
|
{%- if r['region_name'] == "us-east-1" %}{{ loop.index }}{% endif %}
|
|
{%- endfor %}
|
|
|
|
- pause:
|
|
prompt: |
|
|
What region should the server be located in?
|
|
(https://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region)
|
|
{% for r in aws_regions %}
|
|
{{ loop.index }}. {{ r['region_name'] }}
|
|
{% endfor %}
|
|
|
|
Enter the number of your desired region
|
|
[{{ default_region }}]
|
|
register: _algo_region
|
|
when: region is undefined
|
|
|
|
- name: Set algo_region and stack_name facts
|
|
set_fact:
|
|
algo_region: >-
|
|
{% if region is defined %}{{ region }}
|
|
{%- elif _algo_region.user_input %}{{ aws_regions[_algo_region.user_input | int -1 ]['region_name'] }}
|
|
{%- else %}{{ aws_regions[default_region | int - 1]['region_name'] }}{% endif %}
|
|
stack_name: "{{ algo_server_name | replace('.', '-') }}"
|
|
|
|
- block:
|
|
- name: Get existing available Elastic IPs
|
|
ec2_eip_info:
|
|
aws_access_key: "{{ access_key }}"
|
|
aws_secret_key: "{{ secret_key }}"
|
|
region: "{{ algo_region }}"
|
|
register: raw_eip_addresses
|
|
no_log: true
|
|
|
|
- set_fact:
|
|
available_eip_addresses: "{{ raw_eip_addresses.addresses | selectattr('association_id', 'undefined') | list }}"
|
|
|
|
- pause:
|
|
prompt: >-
|
|
What Elastic IP would you like to use?
|
|
{% for eip in available_eip_addresses %}
|
|
{{ loop.index }}. {{ eip['public_ip'] }}
|
|
{% endfor %}
|
|
|
|
Enter the number of your desired Elastic IP
|
|
register: _use_existing_eip
|
|
|
|
- set_fact:
|
|
existing_eip: "{{ available_eip_addresses[_use_existing_eip.user_input | int -1 ]['allocation_id'] }}"
|
|
when: cloud_providers.ec2.use_existing_eip
|