Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple OpenShift Environments in one AWS-Account #53

Open
dsprayman opened this issue May 14, 2018 · 2 comments
Open

Multiple OpenShift Environments in one AWS-Account #53

dsprayman opened this issue May 14, 2018 · 2 comments

Comments

@dsprayman
Copy link

dsprayman commented May 14, 2018
edited

Hi,
I try to setup an OpenShift Environment for Training purposes: cluster installation, generating project etc.

Thankfully I found the terraform-aws-openshift project :)

The idea I generated with Dave is just to copy the code in different folders and change the region as well as the cluster_name and cluster_id in the main.tf

So far so good, if you now want to make a new infrastructure ('make infrastructure') the following errors occured:

`3 error(s) occurred:

  • module.openshift.aws_iam_role.openshift-instance-role: 1 error(s) occurred:

  • aws_iam_role.openshift-instance-role: Error creating IAM Role openshift-instance-role: EntityAlreadyExists: Role with name openshift-instance-role already exists.
    status code: 409, request id: d0a10ff1-56d1-11e8-8d7f-6372f8cf09fc

  • module.openshift.aws_iam_policy.openshift-policy-forward-logs: 1 error(s) occurred:

  • aws_iam_policy.openshift-policy-forward-logs: Error creating IAM policy openshift-instance-forward-logs: EntityAlreadyExists: A policy called openshift-instance-forward-logs already exists. Duplicate names are not allowed.
    status code: 409, request id: d09e5161-56d1-11e8-963f-6d117c496f53

  • module.openshift.aws_iam_user.openshift-aws-user: 1 error(s) occurred:

  • aws_iam_user.openshift-aws-user: Error creating IAM User openshift-aws-user: EntityAlreadyExists: User with name openshift-aws-user already exists.
    status code: 409, request id: d09e50c9-56d1-11e8-8d7f-6372f8cf09fc`

I bolded the interesting passages which says that the IAM role, policy and user already exist.

Does anyone has an idea or an efficient way how to deal with that?
Is it possible to reuse those IAM roles, policies and users?
Or should I rename them in the modules?

Thanks a lot and best regards!
@dsprayman
Copy link
Author

Short update, what did I do - hardcoding:

Create multiple folders, set the variables and change the name of the roles: search&replace with sed.
[set {new name} as your favorite prefix.]

`
find terraform-aws-openshift -type f -exec sed -i 's/openshift-instance-role/{new-name}-instance-role/g' {} +

find terraform-aws-openshift -type f -exec sed -i 's/openshift-instance-forward-logs/{new-name}-instance-forward-logs/g' {} +

find terraform-aws-openshift -type f -exec sed -i 's/openshift-aws-user/{new-name}-aws-user/g' {} +

find terraform-aws-openshift -type f -exec sed -i 's/openshift-instance-profile/{new-name}-instance-profile/g' {} +

find terraform-aws-openshift -type f -exec sed -i 's/bastion-instance-profile/bastion-{new-name}-instance-profile/g' {} +
`

Not pretty efficient.
Are those profiles and instances neccessary?

Any other (smart) suggestions?

@dwmkerr
Copy link
Owner

dwmkerr commented May 20, 2018

I'll look into whether there's a good way to eliminate the roles, probably not entirely but there might be something I can do on the Terraform side to make things more straightforward. Thanks for sharing your solution @dspree!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dwmkerr @dsprayman