adding rhell, because at this point its too easy not to

CSVD · Jul 12, 2024 · 3a45832 · 3a45832
1 parent 73e0f21
commit 3a45832
Show file tree

Hide file tree

Showing 2 changed files with 82 additions and 7 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1 +1,37 @@
-.terraform*
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore transient lock info files created by terraform apply
+.terraform.tfstate.lock.info
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
diff --git a/main.tf b/main.tf
@@ -2,7 +2,7 @@
 locals {
     proxy_env_vars = {
         HTTP_PROXY = "http://proxy.tco.census.gov:3128"
-        NO_PROXY = ".census.gov,169.254.169.254,148.129.*,10.*,172.18.*,172.22.*,172.23.*,172.24.*,172.25.*,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com,.gcr.io,.pkg.dev"
+        NO_PROXY = ".census.gov,169.254.169.254,148.129.*,10.*,172.18.*,172.22.*,172.23.*,172.24.*,172.25.*,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com,.gcr.io,.pkg.dev,${local._vpc_config.region}.compute.internal,.${local._vpc_config.region}.compute.internal"
         HTTPS_PROXY = "http://proxy.tco.census.gov:3128"
     }
     source_repo   = "linux-image-pipeline"
@@ -112,6 +112,46 @@ module "main" {
 }
 
 
+module "rhel" {
+  source                      = "HappyPathway/image-pipeline/aws"
+  project_name                = "rhel-image-pipeline-demo"
+  source_repo_name            = local.source_repo
+  source_repo_branch          = "main"
+  builder_image               = "aws/codebuild/standard:7.0"
+  create_new_repo             = false
+  create_new_role             = true
+  create_vpc_endpoint         = false # we already created one for this vpc
+  ssh_user                    = "ec2-user"
+  playbook                    = "rhel-baseline.yaml"
+  terraform_version           = "1.8.5"
+  build_permissions_iam_doc   = data.aws_iam_policy_document.s3_access
+  build_environment_variables = [ 
+   for proxy_var in keys(local.proxy_env_vars) :
+   { 
+     name=proxy_var, 
+     value=lookup(local.proxy_env_vars, proxy_var),
+     type = "PLAINTEXT"
+   }
+  ]
+  ansible_repo                = data.aws_codecommit_repository.ansible
+  goss_repo                   = data.aws_codecommit_repository.goss
+  goss_profile                = "rhel-base-test"
+  state = local.state_config
+  vpc_config = local.vpc_config
+  source_ami = "ami-0ce8fc041db68907c"
+  instance_type = "t2.micro"
+}
+
+resource random_password winrm {
+  length           = 24
+  override_special = "$*!"
+  special = true
+}
+
+output password {
+  value = nonsensitive(random_password.winrm.result)
+}
+
 module "windows" {
   source                      = "HappyPathway/image-pipeline/aws"
   project_name                = "windows-image-pipeline-demo"
@@ -120,13 +160,12 @@ module "windows" {
   builder_image               = "aws/codebuild/standard:7.0"
   create_new_repo             = false
   create_new_role             = true
-  ssh_user                    = "ec2-user"
-  playbook                    = "hello-world.yaml"
+  playbook                    = "windows-baseline.yaml"
   terraform_version           = "1.8.5"
   build_permissions_iam_doc   = data.aws_iam_policy_document.s3_access
   winrm_credentials = {
     username = "Administrator"
-    password = "DavesAwesomeSauce"
+    password = random_password.winrm.result
   }
   userdata = "userdata/winrm.ps1"
   build_environment_variables = [ 
@@ -139,10 +178,10 @@ module "windows" {
   ]
   ansible_repo                = data.aws_codecommit_repository.ansible
   goss_repo                   = data.aws_codecommit_repository.goss
-  goss_profile                = "base-test"
+  goss_profile                = "windows-base-test"
   state = local.state_config
   vpc_config = local.vpc_config
-  source_ami = "ami-0f2604a0914ed017e"
+  source_ami = "ami-012fffaddacaa52ff"
   instance_type = "t2.xlarge"
 }