Mass Updated Curl Issues

CSVD · Jul 30, 2024 · e75abe2 · e75abe2
1 parent edc292e
commit e75abe2
Show file tree

Hide file tree

Showing 4 changed files with 90 additions and 129 deletions.
diff --git a/build.pkr.hcl b/build.pkr.hcl
@@ -9,18 +9,17 @@ variable "ansible_dir" {
 
 source "amazon-ebs" "rhel" {
   ami_name      = "${var.project_name}-{{timestamp}}"
-  instance_type = "t3.micro"  # Ensure the instance type is ARM64 compatible
+  instance_type = "t3.micro"  # Instance type supporting x86_64
   region        = "us-gov-west-1"
-  source_ami    = "ami-01c116d3e0152a132"  # Updated AMI ID for Amazon-Linux
+  source_ami    = "ami-03fadeeea589a106b"  # Updated AMI ID for RHEL x86_64
   ssh_username  = "ec2-user"
-#  kms_key_id    = "3b7f8ca7-6212-4b47-859d-bde50b75f501"  # Static KMS Key ID
 }
 
 build {
   sources = ["source.amazon-ebs.rhel"]
 
   provisioner "ansible" {
-    playbook_file = "${var.ansible_dir}/rhel-arm-baseline.yaml"
+    playbook_file = "${var.ansible_dir}/rhel-baseline.yml"
   }
 
   post-processor "shell-local" {

diff --git a/buildspec.yml b/buildspec.yml
@@ -13,37 +13,23 @@ phases:
     commands:
       - echo "Installing Python version 3.11 ..."
       - pyenv global $PYTHON_311_VERSION
-      - stat ${CODEBUILD_SRC_DIR_SourceAnsibleOutput}/init.sh && bash ${CODEBUILD_SRC_DIR_SourceAnsibleOutput}/init.sh ${CODEBUILD_SRC_DIR_SourceAnsibleOutput} || echo "No init.sh script found"
-      - which pip3 || curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
-      - which pip3 || python3 get-pip.py --user
-      - stat $(python3 -m site --user-base)/bin/ansible-playbook || python3 -m pip install --user ansible pywinrm
-      - stat /bin/packer || curl -s -qL -o packer.zip https://releases.hashicorp.com/packer/1.10.3/packer_1.10.3_linux_amd64.zip
-      - stat /bin/packer || unzip -o packer.zip
-      - stat /bin/packer || $(mv packer /bin && rm packer.zip)
-      - echo "Installing pip, Ansible, and Packer"
-      - which pip3 || curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py && python3 get-pip.py --user
-      - stat $(python3 -m site --user-base)/bin/ansible-playbook || python3 -m pip install --user ansible pywinrm
-      - export PATH=$PATH:/root/.local/bin
-      - if ! stat /bin/packer; then
-          curl -s -qL -o packer.zip https://releases.hashicorp.com/packer/1.10.3/packer_1.10.3_linux_amd64.zip;
-          unzip -o packer.zip;
-          mv packer /bin;
-          rm packer.zip;
-        fi
+      - curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py && python3 get-pip.py --user
+      - python3 -m pip install --user ansible pywinrm
+      - curl -s -qL -o packer.zip https://releases.hashicorp.com/packer/1.10.3/packer_1.10.3_linux_amd64.zip
+      - unzip -o packer.zip -d /bin
+      - rm packer.zip
+      - echo "Installed pip, Ansible, and Packer"
 
   pre_build:
     commands:
       - echo "Configuring AWS credentials"
-      - echo "Fetching AWS credentials from ECS metadata service"
-      - echo "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI=${AWS_CONTAINER_CREDENTIALS_RELATIVE_URI}"
-      - curl -qL -o aws_credentials.json http://169.254.170.2/${AWS_CONTAINER_CREDENTIALS_RELATIVE_URI} > aws_credentials.json
-      - echo "Configuring AWS CLI"
+      - curl -qL -o aws_credentials.json http://169.254.170.2/${AWS_CONTAINER_CREDENTIALS_RELATIVE_URI}
       - aws configure set region $AWS_REGION
       - aws configure set aws_access_key_id `jq -r '.AccessKeyId' aws_credentials.json`
-      - export AWS_ACCESS_KEY_ID=`jq -r '.AccessKeyId' aws_credentials.json`
       - aws configure set aws_secret_access_key `jq -r '.SecretAccessKey' aws_credentials.json`
-      - export AWS_SECRET_ACCESS_KEY=`jq -r '.SecretAccessKey' aws_credentials.json`
       - aws configure set aws_session_token `jq -r '.Token' aws_credentials.json`
+      - export AWS_ACCESS_KEY_ID=`jq -r '.AccessKeyId' aws_credentials.json`
+      - export AWS_SECRET_ACCESS_KEY=`jq -r '.SecretAccessKey' aws_credentials.json`
       - export AWS_SESSION_TOKEN=`jq -r '.Token' aws_credentials.json`
 
   build:
@@ -53,9 +39,6 @@ phases:
       - /bin/packer init build.pkr.hcl
       - ln -s ${CODEBUILD_SRC_DIR_SourceAnsibleOutput}/roles
       - /bin/packer build -var project_name=rhel-arm-image-pipeline-demo -var ansible_dir=${CODEBUILD_SRC_DIR_SourceAnsibleOutput} build.pkr.hcl
-      - echo "Running Packer build"
-      - packer init build.pkr.hcl
-      - packer build -var project_name=rhel-arm-image-pipeline-demo -var ansible_dir=${CODEBUILD_SRC_DIR_SourceAnsibleOutput} build.pkr.hcl
 
   post_build:
     commands:

diff --git a/main.tf b/main.tf
@@ -88,46 +88,17 @@ data "aws_codecommit_repository" "goss" {
   repository_name = "image-pipeline-goss-testing"
 }
 
-module "main" {
+module "rhel" {
   source                      = "HappyPathway/image-pipeline/aws"
-  project_name                = local.project_name
-  source_repo_name            = local.source_repo
-  source_repo_branch          = "main"
-  builder_image               = "aws/codebuild/standard:7.0"
-  create_new_repo             = false
-  create_new_role             = true
-  create_vpc_endpoint         = true
-  ssh_user                    = "ec2-user"
-  playbook                    = "hello-world.yaml"
-  terraform_version           = "1.8.5"
-  build_permissions_iam_doc   = data.aws_iam_policy_document.s3_access
-  build_environment_variables = [
-    for proxy_var in keys(local.proxy_env_vars) : {
-      name  = proxy_var
-      value = lookup(local.proxy_env_vars, proxy_var)
-      type  = "PLAINTEXT"
-    }
-  ]
-  ansible_repo                = data.aws_codecommit_repository.ansible
-  goss_repo                   = data.aws_codecommit_repository.goss
-  goss_profile                = "base-test"
-  state                       = local.state_config
-  vpc_config                  = local.vpc_config
-  source_ami                  = "ami-03fadeeea589a106b"
-  instance_type               = "t2.micro"
-}
-
-module "rhel-arm" {
-  source                      = "HappyPathway/image-pipeline/aws"
-  project_name                = "rhel-arm-image-pipeline-demo"
+  project_name                = "rhel-image-pipeline-demo"
   source_repo_name            = local.source_repo
   source_repo_branch          = "main"
   builder_image               = "aws/codebuild/standard:7.0"
   create_new_repo             = false
   create_new_role             = true
   create_vpc_endpoint         = false
   ssh_user                    = "ec2-user"
-  playbook                    = "rhel-arm-baseline.yaml"
+  playbook                    = "rhel-baseline.yml"
   terraform_version           = "1.8.5"
   build_permissions_iam_doc   = data.aws_iam_policy_document.s3_access
   build_environment_variables = [
@@ -139,11 +110,11 @@ module "rhel-arm" {
   ]
   ansible_repo                = data.aws_codecommit_repository.ansible
   goss_repo                   = data.aws_codecommit_repository.goss
-  goss_profile                = "rhel-arm-base-test"
+  goss_profile                = "rhel-base-test"
   state                       = local.state_config
   vpc_config                  = local.vpc_config
-  source_ami                  = "ami-01c116d3e0152a132"
-  instance_type               = "t3.micro"
+  source_ami                  = "ami-03fadeeea589a106b"  # x86_64 compatible AMI
+  instance_type               = "t3.micro"  # x86_64 compatible instance type
 }
 
 resource "random_password" "winrm" {
@@ -172,10 +143,10 @@ module "windows" {
     password = random_password.winrm.result
   }
   userdata = "userdata/winrm.ps1"
-  build_environment_variables = [ 
+  build_environment_variables = [
    for proxy_var in keys(local.proxy_env_vars) :
-   { 
-     name=proxy_var, 
+   {
+     name=proxy_var,
      value=lookup(local.proxy_env_vars, proxy_var),
      type = "PLAINTEXT"
    }
@@ -185,6 +156,6 @@ module "windows" {
   goss_profile                = "windows-base-test"
   state = local.state_config
   vpc_config = local.vpc_config
-  source_ami = "ami-012fffaddacaa52ff"
-  instance_type = "t2.xlarge"
+  source_ami = "ami-012fffaddacaa52ff"  # x86_64 compatible AMI
+  instance_type = "t2.xlarge"  # x86_64 compatible instance type
 }
diff --git a/rhel-arm-baseline.yaml b/rhel-arm-baseline.yaml
@@ -1,71 +1,79 @@
 ---
 - name: RHEL ARM Baseline
-  hosts: all
-  become: true
+  hosts: all
+  become: true
+  tasks:
+    - name: Ensure latest packages are installed
+      package:
+        name: '*'
+        state: latest
 
-  tasks:
-    - name: Ensure latest packages are installed
-      yum:
-        name: '*'
-        state: latest
+    - name: Install required packages
+      package:
+        name:
+          - vim
+          - git
+          - wget
+          - net-tools
+          - unzip
+          - epel-release
+          - htop
+        state: present
 
-    - name: Install required packages
-      yum:
-        name:
-          - vim
-          - git
-          - curl
-          - wget
-          - net-tools
-          - unzip
-          - epel-release
-          - htop
-        state: present
+    - name: Remove curl-minimal if installed
+      package:
+        name: curl-minimal
+        state: absent
 
-    - name: Create example user
-      user:
-        name: exampleuser
-        state: present
-        groups: wheel
-        shell: /bin/bash
-        password: "{{ 'password' | password_hash('sha512') }}"  # Change 'password' to a secure password or hash
+    - name: Install curl
+      package:
+        name: curl
+        state: present
 
-    - name: Configure SSH for exampleuser
-      authorized_key:
-        user: exampleuser
-        state: present
-        key: "{{ lookup('file', '/path/to/exampleuser_ssh_key.pub') }}"  # Replace with the actual path to the public key
+    - name: Create example user
+      user:
+        name: exampleuser
+        state: present
+        groups: wheel
+        shell: /bin/bash
+        password: "{{ 'password' | password_hash('sha512') }}"  # Change 'password' to a secure password or hash
 
-    - name: Ensure firewalld is installed and running
-      yum:
-        name: firewalld
-        state: present
+    - name: Configure SSH for exampleuser
+      authorized_key:
+        user: exampleuser
+        state: present
+        key: "{{ lookup('file', '/path/to/exampleuser_ssh_key.pub') }}"  # Replace with the actual path to the public key
 
-    - name: Start and enable firewalld
-      service:
-        name: firewalld
-        state: started
-        enabled: yes
+    - name: Ensure firewalld is installed and running
+      package:
+        name: firewalld
+        state: present
 
-    - name: Open SSH port in firewall
-      firewalld:
-        service: ssh
-        permanent: true
-        state: enabled
-        immediate: yes
+    - name: Start and enable firewalld
+      service:
+        name: firewalld
+        state: started
+        enabled: yes
 
-    - name: Disable SELinux
-      selinux:
-        state: disabled
+    - name: Open SSH port in firewall
+      firewalld:
+        service: ssh
+        permanent: true
+        state: enabled
+        immediate: yes
 
-    - name: Set timezone to UTC
-      command: timedatectl set-timezone UTC
+    - name: Disable SELinux
+      selinux:
+        state: disabled
 
-    - name: Reboot the system to apply changes
-      reboot:
-        msg: "Reboot initiated by Ansible for baseline setup"
-        connect_timeout: 5
-        reboot_timeout: 600
-        pre_reboot_delay: 0
-        post_reboot_delay: 30
-        test_command: whoami
+    - name: Set timezone to UTC
+      command: timedatectl set-timezone UTC
+
+    - name: Reboot the system to apply changes
+      reboot:
+        msg: "Reboot initiated by Ansible for baseline setup"
+        connect_timeout: 5
+        reboot_timeout: 600
+        pre_reboot_delay: 0
+        post_reboot_delay: 30
+        test_command: whoami