I think evertyhign works ;)

CSVD · Sep 10, 2024 · 53eff6e · 53eff6e
1 parent 68bd83c
commit 53eff6e
Show file tree

Hide file tree

Showing 8 changed files with 152 additions and 60 deletions.
diff --git a/.gitignore b/.gitignore
@@ -36,3 +36,5 @@ override.tf.json
 .terraformrc
 terraform.rc
 ghe-runner
+**/terraform.tfstate
+**/terraform.tfvars
diff --git a/.secrets/.terraform.lock.hcl b/.secrets/.terraform.lock.hcl
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
diff --git a/ansible_parameters.tf b/ansible_parameters.tf
@@ -8,36 +8,25 @@ locals {
   packer = {
     aap = {
       ami = {
-        pipeline_workflow_url = ""
+        pipeline_workflow_url = "https://automationcontroller.compute.csp1.census.gov/api/v2/workflow_job_templates/7208/launch"
       }
     }
     atx = {
       host = {
-        ansible_pswd = ""
-        ansible_user = ""
-        action       = ""
-        ipv4         = ""
-        name         = ""
-        osver        = ""
+        ansible_user = "winamipipelineapi"
+        action       = "add_host"
+        osver        = "win2022"
       }
       api = {
-        usr_name = ""
-        usr_pswd = ""
+        usr_name = "winamipipelineapi"
       }
-      inventory = ""
+      inventory = "WIN-AMI-PIPELINE"
     }
   }
 
-  ansible_secrets = {
-    packer_atx_host_ansible_pswd = local.packer.atx.host.ansible_pswd
-    packer_atx_api_usr_pswd      = local.packer.atx.api.usr_pswd
-  }
-
   ansible_parameters = {
     packer_aap_ami_pipeline_workflow_url = local.packer.aap.ami.pipeline_workflow_url
     packer_atx_api_usr_name              = local.packer.atx.api.usr_name
-    packer_atx_host_name                 = local.packer.atx.host.name
-    packer_atx_host_ipv4                 = local.packer.atx.host.ipv4
     packer_atx_host_osver                = local.packer.atx.host.osver
     packer_atx_inventory                 = local.packer.atx.inventory
     packer_atx_host_action               = local.packer.atx.host.action
@@ -48,8 +37,8 @@ locals {
 
 # Managed Parameters: Parameters not listed in var.nonmanaged_parameters are fully managed by Terraform.
 resource "aws_ssm_parameter" "managed_parameters" {
-  for_each = tomap({ for k, v in local.ssm_parameters : k => v if !contains(var.nonmanaged_parameters, k) })
-  name     = "/image-pipeline/${var.project_name}/${each.key}"
+  for_each = tomap(local.ansible_parameters)
+  name     = "/image-pipeline/windows-image-pipeline-demo/${each.key}"
   type     = "StringList"
   value    = each.value
 }
diff --git a/docker.tf b/docker.tf
@@ -5,7 +5,7 @@ locals {
   ubuntu_images = [
     "22.04_edge", "23.10", "24.10", "22.04_stable"
   ]
-  image_config = [
+  image_config = concat([
     for image in local.ubuntu_images : {
       enabled         = true
       dest_path       = null
@@ -15,7 +15,19 @@ locals {
       source_tag      = image
       tag             = image
     }
-  ]
+  ],
+  [
+    {
+      enabled         = true
+      dest_path       = null
+      name            = "python"
+      source_image    = "ubuntu/python"
+      source_registry = "public.ecr.aws"
+      source_tag      = "3.12-24.04_stable"
+      tag             = "3.12-24.04_stable"
+    }
+
+  ])
 }
 
 module "ecr-clone" {
@@ -61,9 +73,9 @@ module "docker" {
     name = aws_s3_bucket.assets_bucket.bucket
     key  = "image-pipeline-goss-testing.zip"
   }
-  docker_test_enabled = true
-  state               = local.state_config
-  vpc_config          = local.vpc_config
+  docker_build = true
+  state        = local.state_config
+  vpc_config   = local.vpc_config
   image = {
     # source image metadata 
     source_image       = "ubuntu"

diff --git a/github-runner.tf b/github-runner.tf
@@ -0,0 +1,47 @@
+module "github-runner" {
+  source            = "HappyPathway/image-pipeline/aws"
+  project_name      = "github-runner"
+  builder_image     = "aws/codebuild/standard:7.0"
+  create_new_role   = true
+  ssh_user          = "ec2-user"
+  terraform_version = "1.8.5"
+  build_environment_variables = [
+    for proxy_var in keys(local.proxy_env_vars) :
+    {
+      name  = proxy_var,
+      value = lookup(local.proxy_env_vars, proxy_var),
+      type  = "PLAINTEXT"
+    }
+  ]
+  packer_source_type = "S3"
+  packer_config      = "docker-ubuntu-base-python-install.pkr.hcl"
+  packer_bucket = {
+    name = aws_s3_bucket.assets_bucket.bucket
+    key  = "docker-image-pipeline.zip"
+  }
+  ansible_source_type = "S3"
+  ansible_bucket = {
+    name = aws_s3_bucket.assets_bucket.bucket
+    key  = "image-pipeline-ansible-playbooks.zip"
+  }
+  playbook         = "github-runner.yaml"
+  goss_profile     = "github-runner"
+  goss_source_type = "S3"
+  goss_bucket = {
+    name = aws_s3_bucket.assets_bucket.bucket
+    key  = "image-pipeline-goss-testing.zip"
+  }
+  docker_build = true
+  state        = local.state_config
+  vpc_config   = local.vpc_config
+  image = {
+    # source image metadata 
+    source_image       = "ubuntu"
+    source_tag         = "24.04"
+    source_docker_repo = "docker-image-pipeline"
+    # destination image metadata
+    dest_image       = "github-runner"
+    dest_tag         = "latest"
+    dest_docker_repo = "docker-image-pipeline"
+  }
+}
diff --git a/main.tf b/main.tf
@@ -21,7 +21,9 @@ data "aws_iam_policy_document" "assets_bucket_policy_document" {
       identifiers = [
         module.amazon_linux.iam_arn,
         module.rhel.iam_arn,
-        module.docker.iam_arn
+        module.docker.iam_arn,
+        module.windows.iam_arn,
+        module.github-runner.iam_arn
       ]
     }
 
@@ -78,16 +80,6 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "state_bucket_encr
   }
 }
 
-data "aws_iam_policy_document" "s3_access" {
-  statement {
-    effect  = "Allow"
-    actions = ["s3:*"]
-    resources = [
-      aws_s3_bucket.state_bucket.arn,
-      aws_s3_bucket.assets_bucket.arn
-    ]
-  }
-}
 
 resource "aws_security_group" "allow_amznlinux_cdn" {
   name        = "allow_amznlinux_cdn"

diff --git a/windows.tf b/windows.tf
@@ -4,28 +4,46 @@ resource "random_password" "winrm" {
   special          = true
 }
 
+locals {
+  winrm_credentials = {
+    username = "Administrator"
+    password = random_password.winrm.result
+  }
+}
+
+
+
 module "windows" {
   source            = "HappyPathway/image-pipeline/aws"
   project_name      = "windows-image-pipeline-demo"
   builder_image     = "aws/codebuild/standard:7.0"
   create_new_role   = true
-  playbook          = "windows-baseline.yaml"
+  playbook          = "aap_register.yaml"
   terraform_version = "1.8.5"
-  winrm_credentials = {
-    username = "Administrator"
-    password = random_password.winrm.result
-  }
-  userdata = "userdata/winrm.ps1"
+  winrm_credentials = local.winrm_credentials
+  userdata          = "userdata/winrm.ps1"
   build_environment_variables = [
     for proxy_var in keys(local.proxy_env_vars) : {
       name  = proxy_var
       value = lookup(local.proxy_env_vars, proxy_var)
       type  = "PLAINTEXT"
     }
   ]
-  packer_repo  = data.aws_codecommit_repository.windows
-  ansible_repo = data.aws_codecommit_repository.ansible
-  goss_repo    = data.aws_codecommit_repository.goss
+  packer_source_type = "S3"
+  packer_bucket = {
+    name = aws_s3_bucket.assets_bucket.bucket
+    key  = "windows-image-pipeline.zip"
+  }
+  ansible_source_type = "S3"
+  ansible_bucket = {
+    name = aws_s3_bucket.assets_bucket.bucket
+    key  = "image-pipeline-ansible-playbooks.zip"
+  }
+  goss_source_type = "S3"
+  goss_bucket = {
+    name = aws_s3_bucket.assets_bucket.bucket
+    key  = "image-pipeline-goss-testing.zip"
+  }
   goss_profile = "windows-base-test"
   state        = local.state_config
   vpc_config   = local.vpc_config
@@ -35,3 +53,11 @@ module "windows" {
   }
 }
 
+output "winrm_credentials" {
+  sensitive = true
+  value = {
+    username = "Administrator"
+    password = random_password.winrm.result
+  }
+}
+