diff --git a/.gitignore b/.gitignore index e79eb23..2faf43d 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,37 @@ -.terraform* +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc diff --git a/main.tf b/main.tf index fa3d211..b8f55cb 100644 --- a/main.tf +++ b/main.tf @@ -2,7 +2,7 @@ locals { proxy_env_vars = { HTTP_PROXY = "http://proxy.tco.census.gov:3128" - NO_PROXY = ".census.gov,169.254.169.254,148.129.*,10.*,172.18.*,172.22.*,172.23.*,172.24.*,172.25.*,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com,.gcr.io,.pkg.dev" + NO_PROXY = ".census.gov,169.254.169.254,148.129.*,10.*,172.18.*,172.22.*,172.23.*,172.24.*,172.25.*,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com,.gcr.io,.pkg.dev,${local._vpc_config.region}.compute.internal,.${local._vpc_config.region}.compute.internal" HTTPS_PROXY = "http://proxy.tco.census.gov:3128" } source_repo = "linux-image-pipeline" @@ -112,6 +112,46 @@ module "main" { } +module "rhel" { + source = "HappyPathway/image-pipeline/aws" + project_name = "rhel-image-pipeline-demo" + source_repo_name = local.source_repo + source_repo_branch = "main" + builder_image = "aws/codebuild/standard:7.0" + create_new_repo = false + create_new_role = true + create_vpc_endpoint = false # we already created one for this vpc + ssh_user = "ec2-user" + playbook = "rhel-baseline.yaml" + terraform_version = "1.8.5" + build_permissions_iam_doc = data.aws_iam_policy_document.s3_access + build_environment_variables = [ + for proxy_var in keys(local.proxy_env_vars) : + { + name=proxy_var, + value=lookup(local.proxy_env_vars, proxy_var), + type = "PLAINTEXT" + } + ] + ansible_repo = data.aws_codecommit_repository.ansible + goss_repo = data.aws_codecommit_repository.goss + goss_profile = "rhel-base-test" + state = local.state_config + vpc_config = local.vpc_config + source_ami = "ami-0ce8fc041db68907c" + instance_type = "t2.micro" +} + +resource random_password winrm { + length = 24 + override_special = "$*!" + special = true +} + +output password { + value = nonsensitive(random_password.winrm.result) +} + module "windows" { source = "HappyPathway/image-pipeline/aws" project_name = "windows-image-pipeline-demo" @@ -120,13 +160,12 @@ module "windows" { builder_image = "aws/codebuild/standard:7.0" create_new_repo = false create_new_role = true - ssh_user = "ec2-user" - playbook = "hello-world.yaml" + playbook = "windows-baseline.yaml" terraform_version = "1.8.5" build_permissions_iam_doc = data.aws_iam_policy_document.s3_access winrm_credentials = { username = "Administrator" - password = "DavesAwesomeSauce" + password = random_password.winrm.result } userdata = "userdata/winrm.ps1" build_environment_variables = [ @@ -139,10 +178,10 @@ module "windows" { ] ansible_repo = data.aws_codecommit_repository.ansible goss_repo = data.aws_codecommit_repository.goss - goss_profile = "base-test" + goss_profile = "windows-base-test" state = local.state_config vpc_config = local.vpc_config - source_ami = "ami-0f2604a0914ed017e" + source_ami = "ami-012fffaddacaa52ff" instance_type = "t2.xlarge" }