Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

algo should be able to run unattended, with more options and authentication read from variables or files #14382

Closed
lefth opened this issue Dec 14, 2021 · 3 comments
Closed

algo should be able to run unattended, with more options and authentication read from variables or files #14382

lefth opened this issue Dec 14, 2021 · 3 comments

Comments

@lefth
Copy link

lefth commented Dec 14, 2021

Is your feature request related to a problem? Please describe.
I had to retry running algo several times to get a working VPN. The failures mostly weren't algo's fault, for example some were caused by network timeouts or other errors within AWS. But it was very frustrating to need to input the same options and authentication each time, especially needing to wait for the program to execute logic in between each prompt.

Describe the solution you'd like

  1. Authentication should be automatic where possible. It currently works to set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables, but this should be documented. AWS_PROFILE should also be read and used to parse credentials from ~/.aws/credentials.
  2. It would be ideal if the configuration questions could be handled by an optional section of config.cfg. The user would probably not fill these out on the first run (since it's easier to just answer the questions), but if re-running is needed, the user could fully fill out these options in the config file.

Describe alternatives you've considered
An alternative solution would be to prompt for all data at the start of program execution, but I assume that would be harder, due to algo needing to do some processing before it knows the right questions to ask.

Additional context
Of course it still makes sense to prompt if additional info is needed. Unattended operation doesn't need to be completely unattended.
@lefth lefth changed the title algo should be able to run unattended with more algo should be able to run unattended, with more options and authentication read from variables or files Dec 14, 2021
@davidemyers
Copy link
Contributor

This may be mostly a matter of improving the documentation in Deployment from Ansible. For many providers Algo can be run without having to respond to a prompt. Some of the credential variables that are accepted (shown with dummy values) are:

DO_API_TOKEN="token"
AWS_ACCESS_KEY_ID="key_id"
AWS_SECRET_ACCESS_KEY="access_key"
GCE_CREDENTIALS_FILE_PATH="path/gce.json"
VULTR_API_CONFIG="path/vultr.ini"
LINODE_API_TOKEN="token"

Here's an excerpt from a script I use for deployments:

SERVER_NAME="vpn12"
PROVIDER="ec2"
REGION="us-east-1"

./algo -e  "provider=${PROVIDER}
            server_name=${SERVER_NAME}
            region=${REGION}
            ondemand_cellular=true
            ondemand_wifi=true
            ondemand_wifi_exclude=
            dns_adblocking=false
            ssh_tunneling=false
            store_pki=true"

@lefth
Copy link
Author

lefth commented Dec 31, 2021

I see that's already documented with an example, and that page is linked from README.md (but thanks for mentioning it here!) It seems like the main variable that isn't checked is AWS_PROFILE. If the profile is set, some other programs get the authentication info from ~/.aws/credentials.

@jackivanov
Copy link
Collaborator

It's documented. PRs to add AWS_PROFILE are welcome!

lefth added a commit to lefth/algo that referenced this issue Apr 5, 2022
@lefth
Read AWS credentials from disk with AWS_PROFILE and AWS_SHARED_CREDEN…
ead2ae3 
…TIALS_FILE (trailofbits#14382)

Other programs can read from ~/.aws/credentials, and now Algo can as well.
lefth added a commit to lefth/algo that referenced this issue Apr 5, 2022
@lefth
Read AWS credentials from disk (trailofbits#14382)
6e4668e 
Other programs can read the AWS key and secret from ~/.aws/credentials
(or other configuration file), and with this change Algo can as well.

Optional environment variables: AWS_PROFILE, AWS_SHARED_CREDENTIALS_FILE

The file is not read if the credentials are already set as an Ansible
variable or an environment variable.
lefth added a commit to lefth/algo that referenced this issue Apr 5, 2022
@lefth
Read AWS credentials from disk (trailofbits#14382)
0cd040b 
Other programs can read the AWS key and secret from ~/.aws/credentials
(or other configuration file), and with this change Algo can as well.

Optional environment variables: AWS_PROFILE, AWS_SHARED_CREDENTIALS_FILE

The file is not read if the credentials are already set as an Ansible
variable or an environment variable.
lefth added a commit to lefth/algo that referenced this issue Apr 5, 2022
@lefth
Read AWS credentials from disk (trailofbits#14382)
ae6bdc9 
Other programs can read the AWS key and secret from ~/.aws/credentials
(or other configuration file), and with this change Algo can as well.

Optional environment variables: AWS_PROFILE, AWS_SHARED_CREDENTIALS_FILE

The file is not read if the credentials are already set as an Ansible
variable or an environment variable.
@lefth lefth mentioned this issue Apr 5, 2022
Open
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lefth @jackivanov @davidemyers