From e75abe2744ac5e951975436c2f2220a4e9237b34 Mon Sep 17 00:00:00 2001 From: lolli001 Date: Tue, 30 Jul 2024 13:18:48 -0400 Subject: [PATCH] Mass Updated Curl Issues --- build.pkr.hcl | 7 +-- buildspec.yml | 35 +++--------- main.tf | 51 ++++------------- rhel-arm-baseline.yaml | 126 ++++++++++++++++++++++------------------- 4 files changed, 90 insertions(+), 129 deletions(-) diff --git a/build.pkr.hcl b/build.pkr.hcl index f55a864..830b06c 100644 --- a/build.pkr.hcl +++ b/build.pkr.hcl @@ -9,18 +9,17 @@ variable "ansible_dir" { source "amazon-ebs" "rhel" { ami_name = "${var.project_name}-{{timestamp}}" - instance_type = "t3.micro" # Ensure the instance type is ARM64 compatible + instance_type = "t3.micro" # Instance type supporting x86_64 region = "us-gov-west-1" - source_ami = "ami-01c116d3e0152a132" # Updated AMI ID for Amazon-Linux + source_ami = "ami-03fadeeea589a106b" # Updated AMI ID for RHEL x86_64 ssh_username = "ec2-user" -# kms_key_id = "3b7f8ca7-6212-4b47-859d-bde50b75f501" # Static KMS Key ID } build { sources = ["source.amazon-ebs.rhel"] provisioner "ansible" { - playbook_file = "${var.ansible_dir}/rhel-arm-baseline.yaml" + playbook_file = "${var.ansible_dir}/rhel-baseline.yml" } post-processor "shell-local" { diff --git a/buildspec.yml b/buildspec.yml index fd6792c..d091010 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -13,37 +13,23 @@ phases: commands: - echo "Installing Python version 3.11 ..." - pyenv global $PYTHON_311_VERSION - - stat ${CODEBUILD_SRC_DIR_SourceAnsibleOutput}/init.sh && bash ${CODEBUILD_SRC_DIR_SourceAnsibleOutput}/init.sh ${CODEBUILD_SRC_DIR_SourceAnsibleOutput} || echo "No init.sh script found" - - which pip3 || curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py - - which pip3 || python3 get-pip.py --user - - stat $(python3 -m site --user-base)/bin/ansible-playbook || python3 -m pip install --user ansible pywinrm - - stat /bin/packer || curl -s -qL -o packer.zip https://releases.hashicorp.com/packer/1.10.3/packer_1.10.3_linux_amd64.zip - - stat /bin/packer || unzip -o packer.zip - - stat /bin/packer || $(mv packer /bin && rm packer.zip) - - echo "Installing pip, Ansible, and Packer" - - which pip3 || curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py && python3 get-pip.py --user - - stat $(python3 -m site --user-base)/bin/ansible-playbook || python3 -m pip install --user ansible pywinrm - - export PATH=$PATH:/root/.local/bin - - if ! stat /bin/packer; then - curl -s -qL -o packer.zip https://releases.hashicorp.com/packer/1.10.3/packer_1.10.3_linux_amd64.zip; - unzip -o packer.zip; - mv packer /bin; - rm packer.zip; - fi + - curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py && python3 get-pip.py --user + - python3 -m pip install --user ansible pywinrm + - curl -s -qL -o packer.zip https://releases.hashicorp.com/packer/1.10.3/packer_1.10.3_linux_amd64.zip + - unzip -o packer.zip -d /bin + - rm packer.zip + - echo "Installed pip, Ansible, and Packer" pre_build: commands: - echo "Configuring AWS credentials" - - echo "Fetching AWS credentials from ECS metadata service" - - echo "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI=${AWS_CONTAINER_CREDENTIALS_RELATIVE_URI}" - - curl -qL -o aws_credentials.json http://169.254.170.2/${AWS_CONTAINER_CREDENTIALS_RELATIVE_URI} > aws_credentials.json - - echo "Configuring AWS CLI" + - curl -qL -o aws_credentials.json http://169.254.170.2/${AWS_CONTAINER_CREDENTIALS_RELATIVE_URI} - aws configure set region $AWS_REGION - aws configure set aws_access_key_id `jq -r '.AccessKeyId' aws_credentials.json` - - export AWS_ACCESS_KEY_ID=`jq -r '.AccessKeyId' aws_credentials.json` - aws configure set aws_secret_access_key `jq -r '.SecretAccessKey' aws_credentials.json` - - export AWS_SECRET_ACCESS_KEY=`jq -r '.SecretAccessKey' aws_credentials.json` - aws configure set aws_session_token `jq -r '.Token' aws_credentials.json` + - export AWS_ACCESS_KEY_ID=`jq -r '.AccessKeyId' aws_credentials.json` + - export AWS_SECRET_ACCESS_KEY=`jq -r '.SecretAccessKey' aws_credentials.json` - export AWS_SESSION_TOKEN=`jq -r '.Token' aws_credentials.json` build: @@ -53,9 +39,6 @@ phases: - /bin/packer init build.pkr.hcl - ln -s ${CODEBUILD_SRC_DIR_SourceAnsibleOutput}/roles - /bin/packer build -var project_name=rhel-arm-image-pipeline-demo -var ansible_dir=${CODEBUILD_SRC_DIR_SourceAnsibleOutput} build.pkr.hcl - - echo "Running Packer build" - - packer init build.pkr.hcl - - packer build -var project_name=rhel-arm-image-pipeline-demo -var ansible_dir=${CODEBUILD_SRC_DIR_SourceAnsibleOutput} build.pkr.hcl post_build: commands: diff --git a/main.tf b/main.tf index fe37153..50d40cb 100644 --- a/main.tf +++ b/main.tf @@ -88,38 +88,9 @@ data "aws_codecommit_repository" "goss" { repository_name = "image-pipeline-goss-testing" } -module "main" { +module "rhel" { source = "HappyPathway/image-pipeline/aws" - project_name = local.project_name - source_repo_name = local.source_repo - source_repo_branch = "main" - builder_image = "aws/codebuild/standard:7.0" - create_new_repo = false - create_new_role = true - create_vpc_endpoint = true - ssh_user = "ec2-user" - playbook = "hello-world.yaml" - terraform_version = "1.8.5" - build_permissions_iam_doc = data.aws_iam_policy_document.s3_access - build_environment_variables = [ - for proxy_var in keys(local.proxy_env_vars) : { - name = proxy_var - value = lookup(local.proxy_env_vars, proxy_var) - type = "PLAINTEXT" - } - ] - ansible_repo = data.aws_codecommit_repository.ansible - goss_repo = data.aws_codecommit_repository.goss - goss_profile = "base-test" - state = local.state_config - vpc_config = local.vpc_config - source_ami = "ami-03fadeeea589a106b" - instance_type = "t2.micro" -} - -module "rhel-arm" { - source = "HappyPathway/image-pipeline/aws" - project_name = "rhel-arm-image-pipeline-demo" + project_name = "rhel-image-pipeline-demo" source_repo_name = local.source_repo source_repo_branch = "main" builder_image = "aws/codebuild/standard:7.0" @@ -127,7 +98,7 @@ module "rhel-arm" { create_new_role = true create_vpc_endpoint = false ssh_user = "ec2-user" - playbook = "rhel-arm-baseline.yaml" + playbook = "rhel-baseline.yml" terraform_version = "1.8.5" build_permissions_iam_doc = data.aws_iam_policy_document.s3_access build_environment_variables = [ @@ -139,11 +110,11 @@ module "rhel-arm" { ] ansible_repo = data.aws_codecommit_repository.ansible goss_repo = data.aws_codecommit_repository.goss - goss_profile = "rhel-arm-base-test" + goss_profile = "rhel-base-test" state = local.state_config vpc_config = local.vpc_config - source_ami = "ami-01c116d3e0152a132" - instance_type = "t3.micro" + source_ami = "ami-03fadeeea589a106b" # x86_64 compatible AMI + instance_type = "t3.micro" # x86_64 compatible instance type } resource "random_password" "winrm" { @@ -172,10 +143,10 @@ module "windows" { password = random_password.winrm.result } userdata = "userdata/winrm.ps1" - build_environment_variables = [ + build_environment_variables = [ for proxy_var in keys(local.proxy_env_vars) : - { - name=proxy_var, + { + name=proxy_var, value=lookup(local.proxy_env_vars, proxy_var), type = "PLAINTEXT" } @@ -185,6 +156,6 @@ module "windows" { goss_profile = "windows-base-test" state = local.state_config vpc_config = local.vpc_config - source_ami = "ami-012fffaddacaa52ff" - instance_type = "t2.xlarge" + source_ami = "ami-012fffaddacaa52ff" # x86_64 compatible AMI + instance_type = "t2.xlarge" # x86_64 compatible instance type } \ No newline at end of file diff --git a/rhel-arm-baseline.yaml b/rhel-arm-baseline.yaml index 9049e43..fb54232 100644 --- a/rhel-arm-baseline.yaml +++ b/rhel-arm-baseline.yaml @@ -1,71 +1,79 @@ --- - name: RHEL ARM Baseline - hosts: all - become: true +  hosts: all +  become: true +  tasks: +    - name: Ensure latest packages are installed +      package: +        name: '*' +        state: latest - tasks: - - name: Ensure latest packages are installed - yum: - name: '*' - state: latest +    - name: Install required packages +      package: +        name: +          - vim +          - git +          - wget +          - net-tools +          - unzip +          - epel-release +          - htop +        state: present - - name: Install required packages - yum: - name: - - vim - - git - - curl - - wget - - net-tools - - unzip - - epel-release - - htop - state: present +    - name: Remove curl-minimal if installed +      package: +        name: curl-minimal +        state: absent - - name: Create example user - user: - name: exampleuser - state: present - groups: wheel - shell: /bin/bash - password: "{{ 'password' | password_hash('sha512') }}" # Change 'password' to a secure password or hash +    - name: Install curl +      package: +        name: curl +        state: present - - name: Configure SSH for exampleuser - authorized_key: - user: exampleuser - state: present - key: "{{ lookup('file', '/path/to/exampleuser_ssh_key.pub') }}" # Replace with the actual path to the public key +    - name: Create example user +      user: +        name: exampleuser +        state: present +        groups: wheel +        shell: /bin/bash +        password: "{{ 'password' | password_hash('sha512') }}"  # Change 'password' to a secure password or hash - - name: Ensure firewalld is installed and running - yum: - name: firewalld - state: present +    - name: Configure SSH for exampleuser +      authorized_key: +        user: exampleuser +        state: present +        key: "{{ lookup('file', '/path/to/exampleuser_ssh_key.pub') }}"  # Replace with the actual path to the public key - - name: Start and enable firewalld - service: - name: firewalld - state: started - enabled: yes +    - name: Ensure firewalld is installed and running +      package: +        name: firewalld +        state: present - - name: Open SSH port in firewall - firewalld: - service: ssh - permanent: true - state: enabled - immediate: yes +    - name: Start and enable firewalld +      service: +        name: firewalld +        state: started +        enabled: yes - - name: Disable SELinux - selinux: - state: disabled +    - name: Open SSH port in firewall +      firewalld: +        service: ssh +        permanent: true +        state: enabled +        immediate: yes - - name: Set timezone to UTC - command: timedatectl set-timezone UTC +    - name: Disable SELinux +      selinux: +        state: disabled - - name: Reboot the system to apply changes - reboot: - msg: "Reboot initiated by Ansible for baseline setup" - connect_timeout: 5 - reboot_timeout: 600 - pre_reboot_delay: 0 - post_reboot_delay: 30 - test_command: whoami \ No newline at end of file +    - name: Set timezone to UTC +      command: timedatectl set-timezone UTC + +    - name: Reboot the system to apply changes +      reboot: +        msg: "Reboot initiated by Ansible for baseline setup" +        connect_timeout: 5 +        reboot_timeout: 600 +        pre_reboot_delay: 0 +        post_reboot_delay: 30 +        test_command: whoami \ No newline at end of file