diff --git a/.github/workflows/sync-to-codecommit.yml b/.github/workflows/sync-to-codecommit.yml new file mode 100644 index 0000000..cfcd699 --- /dev/null +++ b/.github/workflows/sync-to-codecommit.yml @@ -0,0 +1,29 @@ +name: Sync to CodeCommit + +on: + push: + branches: + - master + +jobs: + sync: + runs-on: ubuntu-latest + + steps: + - name: Checkout the repository + uses: actions/checkout@v2 + + - name: Configure Git for CodeCommit + run: | + git config --global credential.helper '!aws codecommit credential-helper $@' + git config --global credential.UseHttpPath true + + - name: Sync to CodeCommit - Goss Testing + run: | + git remote add goss-upstream ssh://git-codecommit.us-gov-west-1.amazonaws.com/v1/repos/image-pipeline-goss-testing + git push goss-upstream master --force + + - name: Sync to CodeCommit - Ansible Playbooks + run: | + git remote add ansible-upstream ssh://git-codecommit.us-gov-west-1.amazonaws.com/v1/repos/image-pipeline-ansible-playbooks + git push ansible-upstream master --force \ No newline at end of file diff --git a/ansible/rhel-arm-baseline.yaml b/ansible/rhel-arm-baseline.yaml new file mode 100644 index 0000000..d01cea0 --- /dev/null +++ b/ansible/rhel-arm-baseline.yaml @@ -0,0 +1,21 @@ +--- +- name: RHEL ARM Baseline Configuration + hosts: all + become: true + tasks: + - name: Ensure latest packages are installed + yum: + name: '*' + state: latest + - name: Install required packages + yum: + name: + - vim + - git + - curl + state: present + - name: Create a user + user: + name: exampleuser + state: present + groups: wheel \ No newline at end of file diff --git a/buildspec.yml b/buildspec.yml new file mode 100644 index 0000000..7783626 --- /dev/null +++ b/buildspec.yml @@ -0,0 +1,22 @@ +version: 0.2 + +phases: + install: + runtime-versions: + python: 3.11 + commands: + - echo "Installing necessary dependencies" + - pip install ansible + - pip install awscli + build: + commands: + - echo "Running Packer build" + - packer build -var project_name=rhel-arm-image-pipeline-demo -var ansible_dir=${CODEBUILD_SRC_DIR_SourceAnsibleOutput} modules/image-pipeline/build.pkr.hcl + post_build: + commands: + - echo "Saving the AMI ID" + - packer build -var 'ami_id=$(cat ami_id.txt)' modules/image-pipeline/build.pkr.hcl + +artifacts: + files: + - ami_id.txt \ No newline at end of file diff --git a/main.tf b/main.tf index 2b9abca..aaa5963 100644 --- a/main.tf +++ b/main.tf @@ -127,7 +127,7 @@ module "rhel-arm" { create_new_role = true create_vpc_endpoint = false ssh_user = "ec2-user" - playbook = "rhel-arm-baseline.yaml" + playbook = "ansible/rhel-arm-baseline.yaml" # Ensure the path is correct terraform_version = "1.8.5" build_permissions_iam_doc = data.aws_iam_policy_document.s3_access build_environment_variables = [ @@ -147,6 +147,7 @@ module "rhel-arm" { } + resource random_password winrm { length = 24 override_special = "$*!" diff --git a/modules/image-pipeline/build.pkr.hcl b/modules/image-pipeline/build.pkr.hcl index c38e35a..dc091fe 100644 --- a/modules/image-pipeline/build.pkr.hcl +++ b/modules/image-pipeline/build.pkr.hcl @@ -8,8 +8,21 @@ variable "ansible_dir" { default = "" } +packer { + required_plugins { + amazon = { + version = ">= 1.3.2" + source = "github.com/hashicorp/amazon" + } + ansible = { + version = ">= 1.1.1" + source = "github.com/hashicorp/ansible" + } + } +} + source "amazon-ebs" "rhel-arm" { - ami_name = "${var.project_name}-{{timestamp}}" + ami_name = "${var.project_name}-${timestamp()}" instance_type = "t4g.micro" region = "us-gov-west-1" source_ami = "ami-0ce8fc041db68907c" @@ -17,9 +30,10 @@ source "amazon-ebs" "rhel-arm" { } build { + name = "${var.project_name}" sources = ["source.amazon-ebs.rhel-arm"] provisioner "ansible" { - playbook_file = "${var.ansible_dir}/rhel-arm-baseline.yaml" + playbook_file = "${var.ansible_dir}/ansible/rhel-arm-baseline.yaml" } }