From 74b56ec180f1bf480256e914e247c54b2da72c7e Mon Sep 17 00:00:00 2001 From: Kosy Anyanwu Date: Fri, 26 Apr 2024 16:15:30 +0200 Subject: [PATCH 01/18] WIP --- modules/tfe_init_replicated/variables.tf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/tfe_init_replicated/variables.tf b/modules/tfe_init_replicated/variables.tf index 9d0eab88..4cbcd3c8 100644 --- a/modules/tfe_init_replicated/variables.tf +++ b/modules/tfe_init_replicated/variables.tf @@ -17,10 +17,10 @@ variable "distribution" { default = null type = string description = "(Required) What is the OS distribution of the instance on which Terraoform Enterprise will be deployed?" - validation { - condition = contains(["rhel", "ubuntu"], var.distribution) - error_message = "Supported values for distribution are 'rhel', or 'ubuntu'." - } + # validation { + # condition = contains(["rhel", "ubuntu"], var.distribution) + # error_message = "Supported values for distribution are 'rhel', or 'ubuntu'." + # } } variable "tfe_license_secret_id" { @@ -95,4 +95,4 @@ variable "disk_path" { variable "replicated_configuration" { default = null description = "The settings that will be used to configure Replicated." -} \ No newline at end of file +} From 7a9ebcf8881a83e857b56da11d2fbef8975ec423 Mon Sep 17 00:00:00 2001 From: Kosy Anyanwu Date: Tue, 30 Apr 2024 13:28:53 +0200 Subject: [PATCH 02/18] WIP --- fixtures/test_proxy_init/templates/install_packages.func | 2 +- .../tfe_init_replicated/templates/install_packages.func | 4 ++-- .../tfe_init_replicated/templates/tfe_replicated.sh.tpl | 4 ++-- modules/tfe_init_replicated/variables.tf | 8 ++++---- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/fixtures/test_proxy_init/templates/install_packages.func b/fixtures/test_proxy_init/templates/install_packages.func index f622c7db..e6f81222 100644 --- a/fixtures/test_proxy_init/templates/install_packages.func +++ b/fixtures/test_proxy_init/templates/install_packages.func @@ -15,4 +15,4 @@ function install_packages { rm -f ./awscliv2.zip rm -rf ./aws } -%{ endif ~} \ No newline at end of file +%{ endif ~} diff --git a/modules/tfe_init_replicated/templates/install_packages.func b/modules/tfe_init_replicated/templates/install_packages.func index cbb54e70..ad01d259 100644 --- a/modules/tfe_init_replicated/templates/install_packages.func +++ b/modules/tfe_init_replicated/templates/install_packages.func @@ -4,7 +4,7 @@ function install_packages { # OS: Agnostic # Description: Install AWS packages - %{ if distribution == "rhel" ~} + %{ if distribution == "rhel" || distribution == "amazon-linux-2" ~} echo "[$(date +"%FT%T")] [Terraform Enterprise] Install unzip and SSMAgent with yum" | tee -a $log_pathname yum install -y \ firewalld \ @@ -39,4 +39,4 @@ function install_packages { install_packages () { : } -%{ endif ~} \ No newline at end of file +%{ endif ~} diff --git a/modules/tfe_init_replicated/templates/tfe_replicated.sh.tpl b/modules/tfe_init_replicated/templates/tfe_replicated.sh.tpl index 8445e0db..dab85585 100644 --- a/modules/tfe_init_replicated/templates/tfe_replicated.sh.tpl +++ b/modules/tfe_init_replicated/templates/tfe_replicated.sh.tpl @@ -104,7 +104,7 @@ echo "[$(date +"%FT%T")] [Terraform Enterprise] Skipping TlsBootstrapKey configu #------------------------------------------------------------------------------ ca_certificate_directory="/dev/null" -%{ if distribution == "rhel" ~} +%{ if distribution == "rhel" || distribution == "amazon-linux-2" ~} ca_certificate_directory=/usr/share/pki/ca-trust-source/anchors %{ else ~} ca_certificate_directory=/usr/local/share/ca-certificates/extra @@ -123,7 +123,7 @@ echo "[$(date +"%FT%T")] [Terraform Enterprise] Skipping CA certificate configur if [ -f "$ca_cert_filepath" ] then - %{ if distribution == "rhel" ~} + %{ if distribution == "rhel" || distribution == "amazon-linux-2" ~} update-ca-trust %{ else ~} diff --git a/modules/tfe_init_replicated/variables.tf b/modules/tfe_init_replicated/variables.tf index 4cbcd3c8..6476e194 100644 --- a/modules/tfe_init_replicated/variables.tf +++ b/modules/tfe_init_replicated/variables.tf @@ -17,10 +17,10 @@ variable "distribution" { default = null type = string description = "(Required) What is the OS distribution of the instance on which Terraoform Enterprise will be deployed?" - # validation { - # condition = contains(["rhel", "ubuntu"], var.distribution) - # error_message = "Supported values for distribution are 'rhel', or 'ubuntu'." - # } + validation { + condition = contains(["rhel", "ubuntu", "amazon-linux-2"], var.distribution) + error_message = "Supported values for distribution are 'rhel', 'ubuntu' or amazon-linux-2." + } } variable "tfe_license_secret_id" { From 4777818f484b0c7fa23257fdf6410449470449d5 Mon Sep 17 00:00:00 2001 From: Kosy Anyanwu Date: Tue, 30 Apr 2024 19:41:59 +0200 Subject: [PATCH 03/18] Does amazon need this? --- .../templates/install_packages.func | 42 ++++++++++--------- 1 file changed, 23 insertions(+), 19 deletions(-) diff --git a/modules/tfe_init_replicated/templates/install_packages.func b/modules/tfe_init_replicated/templates/install_packages.func index ad01d259..3bb9634e 100644 --- a/modules/tfe_init_replicated/templates/install_packages.func +++ b/modules/tfe_init_replicated/templates/install_packages.func @@ -4,28 +4,32 @@ function install_packages { # OS: Agnostic # Description: Install AWS packages - %{ if distribution == "rhel" || distribution == "amazon-linux-2" ~} - echo "[$(date +"%FT%T")] [Terraform Enterprise] Install unzip and SSMAgent with yum" | tee -a $log_pathname - yum install -y \ - firewalld \ - unzip \ - https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm - systemctl enable amazon-ssm-agent - systemctl start amazon-ssm-agent - systemctl enable firewalld - systemctl start firewalld + %{ if distribution == "rhel" ~} + echo "[$(date +"%FT%T")] [Terraform Enterprise] Install unzip and SSMAgent with yum" | tee -a $log_pathname + yum install -y \ + firewalld \ + unzip \ + https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm + systemctl enable amazon-ssm-agent + systemctl start amazon-ssm-agent + systemctl enable firewalld + systemctl start firewalld %{ else ~} - echo "[$(date +"%FT%T")] [Terraform Enterprise] Install unzip with apt-get" | tee -a $log_pathname - apt-get update -y - apt-get install -y unzip + %{ if distribution != "amazon-linux-2" ~} + echo "[$(date +"%FT%T")] [Terraform Enterprise] Install unzip with apt-get" | tee -a $log_pathname + apt-get update -y + apt-get install -y unzip + %{ endif ~} %{ endif ~} - echo "[$(date +"%FT%T")] [Terraform Enterprise] Install AWS CLI" | tee -a $log_pathname - curl --noproxy '*' "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" - unzip awscliv2.zip - ./aws/install - rm -f ./awscliv2.zip - rm -rf ./aws + %{ if distribution != "amazon-linux-2" ~} + echo "[$(date +"%FT%T")] [Terraform Enterprise] Install AWS CLI" | tee -a $log_pathname + curl --noproxy '*' "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" + unzip awscliv2.zip + ./aws/install + rm -f ./awscliv2.zip + rm -rf ./aws + %{ endif ~} } %{ endif ~} From 75760192c16489eff0e31e7e4f45140bfbb24d1f Mon Sep 17 00:00:00 2001 From: Kosy Anyanwu Date: Thu, 2 May 2024 13:16:21 +0200 Subject: [PATCH 04/18] update --- .../templates/install_packages.func | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/modules/tfe_init_replicated/templates/install_packages.func b/modules/tfe_init_replicated/templates/install_packages.func index 3bb9634e..e151d628 100644 --- a/modules/tfe_init_replicated/templates/install_packages.func +++ b/modules/tfe_init_replicated/templates/install_packages.func @@ -22,14 +22,12 @@ function install_packages { %{ endif ~} %{ endif ~} - %{ if distribution != "amazon-linux-2" ~} - echo "[$(date +"%FT%T")] [Terraform Enterprise] Install AWS CLI" | tee -a $log_pathname - curl --noproxy '*' "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" - unzip awscliv2.zip - ./aws/install - rm -f ./awscliv2.zip - rm -rf ./aws - %{ endif ~} + echo "[$(date +"%FT%T")] [Terraform Enterprise] Install AWS CLI" | tee -a $log_pathname + curl --noproxy '*' "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" + unzip awscliv2.zip + ./aws/install + rm -f ./awscliv2.zip + rm -rf ./aws } %{ endif ~} From da55a466eb0b6ae73c6f7942038b38c30d412f38 Mon Sep 17 00:00:00 2001 From: Kosy Anyanwu Date: Thu, 2 May 2024 13:25:38 +0200 Subject: [PATCH 05/18] update --- .../templates/get_base64_secrets.func | 12 ++++++++---- .../templates/install_packages.func | 14 ++++++++------ 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/modules/tfe_init_replicated/templates/get_base64_secrets.func b/modules/tfe_init_replicated/templates/get_base64_secrets.func index 5dd7a1d8..b1b87e40 100644 --- a/modules/tfe_init_replicated/templates/get_base64_secrets.func +++ b/modules/tfe_init_replicated/templates/get_base64_secrets.func @@ -11,11 +11,15 @@ function get_base64_secrets { %{ if cloud == "aws" ~} function get_base64_secrets { - local secret_id=$1 - # OS: Agnostic # Description: Pull the Base 64 encoded secrets from AWS Secrets Manager + local secret_id=$1 - /usr/local/bin/aws secretsmanager get-secret-value --secret-id $secret_id | jq --raw-output '.SecretBinary,.SecretString | select(. != null)' + %{ if distribution == "amazon-linux-2" ~} + aws secretsmanager get-secret-value --secret-id $secret_id | jq --raw-output '.SecretBinary,.SecretString | select(. != null)' + %{ else ~} + # OS: Agnostic + /usr/local/bin/aws secretsmanager get-secret-value --secret-id $secret_id | jq --raw-output '.SecretBinary,.SecretString | select(. != null)' + %{ endif ~} } %{ endif ~} @@ -27,4 +31,4 @@ get_base64_secrets () { http_proxy="" https_proxy="" gcloud secrets versions access latest --secret="$secret_id" } -%{ endif ~} \ No newline at end of file +%{ endif ~} diff --git a/modules/tfe_init_replicated/templates/install_packages.func b/modules/tfe_init_replicated/templates/install_packages.func index e151d628..3bb9634e 100644 --- a/modules/tfe_init_replicated/templates/install_packages.func +++ b/modules/tfe_init_replicated/templates/install_packages.func @@ -22,12 +22,14 @@ function install_packages { %{ endif ~} %{ endif ~} - echo "[$(date +"%FT%T")] [Terraform Enterprise] Install AWS CLI" | tee -a $log_pathname - curl --noproxy '*' "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" - unzip awscliv2.zip - ./aws/install - rm -f ./awscliv2.zip - rm -rf ./aws + %{ if distribution != "amazon-linux-2" ~} + echo "[$(date +"%FT%T")] [Terraform Enterprise] Install AWS CLI" | tee -a $log_pathname + curl --noproxy '*' "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" + unzip awscliv2.zip + ./aws/install + rm -f ./awscliv2.zip + rm -rf ./aws + %{ endif ~} } %{ endif ~} From dfef2ff9004ed6fda66db63cf94d90435d7d34d9 Mon Sep 17 00:00:00 2001 From: Kosy Anyanwu Date: Thu, 2 May 2024 13:44:07 +0200 Subject: [PATCH 06/18] Update --- modules/tfe_init_replicated/functions.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/tfe_init_replicated/functions.tf b/modules/tfe_init_replicated/functions.tf index e1a1bf2b..3b84353f 100644 --- a/modules/tfe_init_replicated/functions.tf +++ b/modules/tfe_init_replicated/functions.tf @@ -4,6 +4,7 @@ locals { get_base64_secrets = templatefile("${path.module}/templates/get_base64_secrets.func", { cloud = var.cloud + distribution = var.distribution }) install_packages = templatefile("${path.module}/templates/install_packages.func", { @@ -16,4 +17,4 @@ locals { distribution = var.distribution enable_monitoring = var.enable_monitoring != null ? var.enable_monitoring : false }) -} \ No newline at end of file +} From 6a66866f63b46f30fa5c9adce5da1d6daad876fd Mon Sep 17 00:00:00 2001 From: Kosy Anyanwu Date: Thu, 2 May 2024 17:52:59 +0200 Subject: [PATCH 07/18] Update --- .../tfe_init_replicated/templates/install_packages.func | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/modules/tfe_init_replicated/templates/install_packages.func b/modules/tfe_init_replicated/templates/install_packages.func index 3bb9634e..5882b46b 100644 --- a/modules/tfe_init_replicated/templates/install_packages.func +++ b/modules/tfe_init_replicated/templates/install_packages.func @@ -14,12 +14,15 @@ function install_packages { systemctl start amazon-ssm-agent systemctl enable firewalld systemctl start firewalld + %{ elif distribution == "amazon-linux-2" ~} + yum install -y \ + firewalld + systemctl enable firewalld + systemctl start firewalld %{ else ~} - %{ if distribution != "amazon-linux-2" ~} echo "[$(date +"%FT%T")] [Terraform Enterprise] Install unzip with apt-get" | tee -a $log_pathname apt-get update -y apt-get install -y unzip - %{ endif ~} %{ endif ~} %{ if distribution != "amazon-linux-2" ~} From a8402e39dabc1538a55c6945a98b87e2e639d435 Mon Sep 17 00:00:00 2001 From: Kosy Anyanwu Date: Thu, 2 May 2024 18:04:57 +0200 Subject: [PATCH 08/18] update --- modules/tfe_init_replicated/functions.tf | 1 - .../templates/get_base64_secrets.func | 9 ++------ .../templates/install_packages.func | 21 +++++++------------ 3 files changed, 9 insertions(+), 22 deletions(-) diff --git a/modules/tfe_init_replicated/functions.tf b/modules/tfe_init_replicated/functions.tf index 3b84353f..c531f291 100644 --- a/modules/tfe_init_replicated/functions.tf +++ b/modules/tfe_init_replicated/functions.tf @@ -4,7 +4,6 @@ locals { get_base64_secrets = templatefile("${path.module}/templates/get_base64_secrets.func", { cloud = var.cloud - distribution = var.distribution }) install_packages = templatefile("${path.module}/templates/install_packages.func", { diff --git a/modules/tfe_init_replicated/templates/get_base64_secrets.func b/modules/tfe_init_replicated/templates/get_base64_secrets.func index b1b87e40..9dfa380f 100644 --- a/modules/tfe_init_replicated/templates/get_base64_secrets.func +++ b/modules/tfe_init_replicated/templates/get_base64_secrets.func @@ -13,13 +13,8 @@ function get_base64_secrets { function get_base64_secrets { # Description: Pull the Base 64 encoded secrets from AWS Secrets Manager local secret_id=$1 - - %{ if distribution == "amazon-linux-2" ~} - aws secretsmanager get-secret-value --secret-id $secret_id | jq --raw-output '.SecretBinary,.SecretString | select(. != null)' - %{ else ~} - # OS: Agnostic - /usr/local/bin/aws secretsmanager get-secret-value --secret-id $secret_id | jq --raw-output '.SecretBinary,.SecretString | select(. != null)' - %{ endif ~} + # OS: Agnostic + /usr/local/bin/aws secretsmanager get-secret-value --secret-id $secret_id | jq --raw-output '.SecretBinary,.SecretString | select(. != null)' } %{ endif ~} diff --git a/modules/tfe_init_replicated/templates/install_packages.func b/modules/tfe_init_replicated/templates/install_packages.func index 5882b46b..041ecd1e 100644 --- a/modules/tfe_init_replicated/templates/install_packages.func +++ b/modules/tfe_init_replicated/templates/install_packages.func @@ -4,7 +4,7 @@ function install_packages { # OS: Agnostic # Description: Install AWS packages - %{ if distribution == "rhel" ~} + %{ if distribution == "rhel" || distribution == "amazon-linux-2" ~} echo "[$(date +"%FT%T")] [Terraform Enterprise] Install unzip and SSMAgent with yum" | tee -a $log_pathname yum install -y \ firewalld \ @@ -14,25 +14,18 @@ function install_packages { systemctl start amazon-ssm-agent systemctl enable firewalld systemctl start firewalld - %{ elif distribution == "amazon-linux-2" ~} - yum install -y \ - firewalld - systemctl enable firewalld - systemctl start firewalld %{ else ~} echo "[$(date +"%FT%T")] [Terraform Enterprise] Install unzip with apt-get" | tee -a $log_pathname apt-get update -y apt-get install -y unzip %{ endif ~} - %{ if distribution != "amazon-linux-2" ~} - echo "[$(date +"%FT%T")] [Terraform Enterprise] Install AWS CLI" | tee -a $log_pathname - curl --noproxy '*' "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" - unzip awscliv2.zip - ./aws/install - rm -f ./awscliv2.zip - rm -rf ./aws - %{ endif ~} + echo "[$(date +"%FT%T")] [Terraform Enterprise] Install AWS CLI" | tee -a $log_pathname + curl --noproxy '*' "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" + unzip awscliv2.zip + ./aws/install + rm -f ./awscliv2.zip + rm -rf ./aws } %{ endif ~} From ce56be4efcd42e24790d513a475a54a3ab49121c Mon Sep 17 00:00:00 2001 From: Kosy Anyanwu Date: Mon, 6 May 2024 13:30:45 +0200 Subject: [PATCH 09/18] Add more checks --- modules/tfe_init_replicated/templates/tfe_replicated.sh.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/tfe_init_replicated/templates/tfe_replicated.sh.tpl b/modules/tfe_init_replicated/templates/tfe_replicated.sh.tpl index dab85585..1c361093 100644 --- a/modules/tfe_init_replicated/templates/tfe_replicated.sh.tpl +++ b/modules/tfe_init_replicated/templates/tfe_replicated.sh.tpl @@ -284,7 +284,7 @@ $install_pathname \ # ----------------------------------------------------------------------------- # Add docker0 to firewalld (for Red Hat instances only) # ----------------------------------------------------------------------------- -%{ if distribution == "rhel" && cloud != "google" ~} +%{ if distribution == "rhel" || distribution == "amazon-linux-2" && cloud != "google" ~} os_release=$(cat /etc/os-release | grep VERSION_ID | sed "s/VERSION_ID=\"\(.*\)\"/\1/g") if (( $(echo "$os_release < 8.0" | bc -l ) )); then echo "[$(date +"%FT%T")] [Terraform Enterprise] Disable SELinux (temporary)" | tee -a $log_pathname From 22d97e332f8653558c1c51384a4b2ce763f9002c Mon Sep 17 00:00:00 2001 From: Kosy Anyanwu Date: Mon, 6 May 2024 14:41:34 +0200 Subject: [PATCH 10/18] update distro name --- modules/tfe_init_replicated/templates/install_packages.func | 2 +- modules/tfe_init_replicated/templates/tfe_replicated.sh.tpl | 6 +++--- modules/tfe_init_replicated/variables.tf | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/tfe_init_replicated/templates/install_packages.func b/modules/tfe_init_replicated/templates/install_packages.func index 041ecd1e..65d73c30 100644 --- a/modules/tfe_init_replicated/templates/install_packages.func +++ b/modules/tfe_init_replicated/templates/install_packages.func @@ -4,7 +4,7 @@ function install_packages { # OS: Agnostic # Description: Install AWS packages - %{ if distribution == "rhel" || distribution == "amazon-linux-2" ~} + %{ if distribution == "rhel" || distribution == "amazon-linux-2023" ~} echo "[$(date +"%FT%T")] [Terraform Enterprise] Install unzip and SSMAgent with yum" | tee -a $log_pathname yum install -y \ firewalld \ diff --git a/modules/tfe_init_replicated/templates/tfe_replicated.sh.tpl b/modules/tfe_init_replicated/templates/tfe_replicated.sh.tpl index 1c361093..303a573b 100644 --- a/modules/tfe_init_replicated/templates/tfe_replicated.sh.tpl +++ b/modules/tfe_init_replicated/templates/tfe_replicated.sh.tpl @@ -104,7 +104,7 @@ echo "[$(date +"%FT%T")] [Terraform Enterprise] Skipping TlsBootstrapKey configu #------------------------------------------------------------------------------ ca_certificate_directory="/dev/null" -%{ if distribution == "rhel" || distribution == "amazon-linux-2" ~} +%{ if distribution == "rhel" || distribution == "amazon-linux-2023" ~} ca_certificate_directory=/usr/share/pki/ca-trust-source/anchors %{ else ~} ca_certificate_directory=/usr/local/share/ca-certificates/extra @@ -123,7 +123,7 @@ echo "[$(date +"%FT%T")] [Terraform Enterprise] Skipping CA certificate configur if [ -f "$ca_cert_filepath" ] then - %{ if distribution == "rhel" || distribution == "amazon-linux-2" ~} + %{ if distribution == "rhel" || distribution == "amazon-linux-2023" ~} update-ca-trust %{ else ~} @@ -284,7 +284,7 @@ $install_pathname \ # ----------------------------------------------------------------------------- # Add docker0 to firewalld (for Red Hat instances only) # ----------------------------------------------------------------------------- -%{ if distribution == "rhel" || distribution == "amazon-linux-2" && cloud != "google" ~} +%{ if distribution == "rhel" || distribution == "amazon-linux-2023" && cloud != "google" ~} os_release=$(cat /etc/os-release | grep VERSION_ID | sed "s/VERSION_ID=\"\(.*\)\"/\1/g") if (( $(echo "$os_release < 8.0" | bc -l ) )); then echo "[$(date +"%FT%T")] [Terraform Enterprise] Disable SELinux (temporary)" | tee -a $log_pathname diff --git a/modules/tfe_init_replicated/variables.tf b/modules/tfe_init_replicated/variables.tf index 6476e194..27df0e84 100644 --- a/modules/tfe_init_replicated/variables.tf +++ b/modules/tfe_init_replicated/variables.tf @@ -18,8 +18,8 @@ variable "distribution" { type = string description = "(Required) What is the OS distribution of the instance on which Terraoform Enterprise will be deployed?" validation { - condition = contains(["rhel", "ubuntu", "amazon-linux-2"], var.distribution) - error_message = "Supported values for distribution are 'rhel', 'ubuntu' or amazon-linux-2." + condition = contains(["rhel", "ubuntu", "amazon-linux-2023"], var.distribution) + error_message = "Supported values for distribution are 'rhel', 'ubuntu' or amazon-linux-2023." } } From 42370def5f15a20eefd743b61ebd50a92dbc3a57 Mon Sep 17 00:00:00 2001 From: Kosy Anyanwu Date: Mon, 6 May 2024 16:47:18 +0200 Subject: [PATCH 11/18] continue without ssm --- .../templates/install_packages.func | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/modules/tfe_init_replicated/templates/install_packages.func b/modules/tfe_init_replicated/templates/install_packages.func index 65d73c30..01a055b6 100644 --- a/modules/tfe_init_replicated/templates/install_packages.func +++ b/modules/tfe_init_replicated/templates/install_packages.func @@ -15,9 +15,20 @@ function install_packages { systemctl enable firewalld systemctl start firewalld %{ else ~} - echo "[$(date +"%FT%T")] [Terraform Enterprise] Install unzip with apt-get" | tee -a $log_pathname - apt-get update -y - apt-get install -y unzip + %{ if distribution == "amazon-linux-2023" ~} + echo "[$(date +"%FT%T")] [Terraform Enterprise] Install unzip and SSMAgent with yum" | tee -a $log_pathname + yum install -y \ + firewalld \ + unzip + systemctl enable amazon-ssm-agent + systemctl start amazon-ssm-agent + systemctl enable firewalld + systemctl start firewalld + %{ else ~} + echo "[$(date +"%FT%T")] [Terraform Enterprise] Install unzip with apt-get" | tee -a $log_pathname + apt-get update -y + apt-get install -y unzip + %{ endif ~} %{ endif ~} echo "[$(date +"%FT%T")] [Terraform Enterprise] Install AWS CLI" | tee -a $log_pathname From 34f9835bd088cda4cfd0a7906400566a1673d23f Mon Sep 17 00:00:00 2001 From: Kosy Anyanwu Date: Mon, 6 May 2024 18:04:13 +0200 Subject: [PATCH 12/18] Add docker --- .../tfe_init_replicated/templates/install_packages.func | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/tfe_init_replicated/templates/install_packages.func b/modules/tfe_init_replicated/templates/install_packages.func index 01a055b6..e54a9552 100644 --- a/modules/tfe_init_replicated/templates/install_packages.func +++ b/modules/tfe_init_replicated/templates/install_packages.func @@ -4,7 +4,7 @@ function install_packages { # OS: Agnostic # Description: Install AWS packages - %{ if distribution == "rhel" || distribution == "amazon-linux-2023" ~} + %{ if distribution == "rhel" ~} echo "[$(date +"%FT%T")] [Terraform Enterprise] Install unzip and SSMAgent with yum" | tee -a $log_pathname yum install -y \ firewalld \ @@ -24,6 +24,11 @@ function install_packages { systemctl start amazon-ssm-agent systemctl enable firewalld systemctl start firewalld + + yum uninstall docker -y + yum install docker-24.0.5-1.amzn2023.0.3 -y + systemctl start docker + systemctl enable docker %{ else ~} echo "[$(date +"%FT%T")] [Terraform Enterprise] Install unzip with apt-get" | tee -a $log_pathname apt-get update -y From be2bb001d9239232931e0cb1a18ed250d4127711 Mon Sep 17 00:00:00 2001 From: Kosy Anyanwu Date: Mon, 6 May 2024 18:09:56 +0200 Subject: [PATCH 13/18] no docker flag --- modules/tfe_init_replicated/templates/tfe_replicated.sh.tpl | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/tfe_init_replicated/templates/tfe_replicated.sh.tpl b/modules/tfe_init_replicated/templates/tfe_replicated.sh.tpl index 303a573b..9edff5d1 100644 --- a/modules/tfe_init_replicated/templates/tfe_replicated.sh.tpl +++ b/modules/tfe_init_replicated/templates/tfe_replicated.sh.tpl @@ -279,6 +279,9 @@ $install_pathname \ %{ if airgap_pathname != null ~} airgap \ %{ endif ~} + %{ if distribution == "amazon-linux-2023" ~} + no-docker \ + %{ endif ~} | tee -a $log_pathname # ----------------------------------------------------------------------------- From 396e10d6a3551e87dba33dc631a969cebe519671 Mon Sep 17 00:00:00 2001 From: Kosy Anyanwu Date: Mon, 6 May 2024 18:23:14 +0200 Subject: [PATCH 14/18] fix issue --- modules/tfe_init_replicated/templates/install_packages.func | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/tfe_init_replicated/templates/install_packages.func b/modules/tfe_init_replicated/templates/install_packages.func index e54a9552..eb22b3c0 100644 --- a/modules/tfe_init_replicated/templates/install_packages.func +++ b/modules/tfe_init_replicated/templates/install_packages.func @@ -25,7 +25,7 @@ function install_packages { systemctl enable firewalld systemctl start firewalld - yum uninstall docker -y + yum remove docker -y yum install docker-24.0.5-1.amzn2023.0.3 -y systemctl start docker systemctl enable docker From 1446f289561fce0138298dbc576d77d66acb6074 Mon Sep 17 00:00:00 2001 From: Kosy Anyanwu Date: Mon, 6 May 2024 19:55:54 +0200 Subject: [PATCH 15/18] do we need this? --- modules/tfe_init_replicated/templates/tfe_replicated.sh.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/tfe_init_replicated/templates/tfe_replicated.sh.tpl b/modules/tfe_init_replicated/templates/tfe_replicated.sh.tpl index 9edff5d1..8910a45a 100644 --- a/modules/tfe_init_replicated/templates/tfe_replicated.sh.tpl +++ b/modules/tfe_init_replicated/templates/tfe_replicated.sh.tpl @@ -287,7 +287,7 @@ $install_pathname \ # ----------------------------------------------------------------------------- # Add docker0 to firewalld (for Red Hat instances only) # ----------------------------------------------------------------------------- -%{ if distribution == "rhel" || distribution == "amazon-linux-2023" && cloud != "google" ~} +%{ if distribution == "rhel" && cloud != "google" ~} os_release=$(cat /etc/os-release | grep VERSION_ID | sed "s/VERSION_ID=\"\(.*\)\"/\1/g") if (( $(echo "$os_release < 8.0" | bc -l ) )); then echo "[$(date +"%FT%T")] [Terraform Enterprise] Disable SELinux (temporary)" | tee -a $log_pathname From ce8cd540458b3ea4b67be30cdcfbed591f4e6ce0 Mon Sep 17 00:00:00 2001 From: Kosy Anyanwu Date: Wed, 15 May 2024 12:57:13 +0200 Subject: [PATCH 16/18] refactor --- .../templates/install_packages.func | 41 ++++++++----------- 1 file changed, 18 insertions(+), 23 deletions(-) diff --git a/modules/tfe_init_replicated/templates/install_packages.func b/modules/tfe_init_replicated/templates/install_packages.func index eb22b3c0..695ab5a9 100644 --- a/modules/tfe_init_replicated/templates/install_packages.func +++ b/modules/tfe_init_replicated/templates/install_packages.func @@ -4,36 +4,31 @@ function install_packages { # OS: Agnostic # Description: Install AWS packages - %{ if distribution == "rhel" ~} + %{ if distribution == "rhel" || distribution == "amazon-linux-2023" ~} echo "[$(date +"%FT%T")] [Terraform Enterprise] Install unzip and SSMAgent with yum" | tee -a $log_pathname - yum install -y \ - firewalld \ - unzip \ - https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm - systemctl enable amazon-ssm-agent - systemctl start amazon-ssm-agent - systemctl enable firewalld - systemctl start firewalld - %{ else ~} - %{ if distribution == "amazon-linux-2023" ~} - echo "[$(date +"%FT%T")] [Terraform Enterprise] Install unzip and SSMAgent with yum" | tee -a $log_pathname - yum install -y \ - firewalld \ - unzip - systemctl enable amazon-ssm-agent - systemctl start amazon-ssm-agent - systemctl enable firewalld - systemctl start firewalld + yum install -y firewalld unzip + + %{ if distribution == "rhel" ~} + # Amazon Linux 2023 already has amazon-ssm-agent so install on rhel only + yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm + %{ endif ~} + %{ if distribution == "amazon-linux-2023" ~} yum remove docker -y yum install docker-24.0.5-1.amzn2023.0.3 -y + systemctl start docker systemctl enable docker - %{ else ~} - echo "[$(date +"%FT%T")] [Terraform Enterprise] Install unzip with apt-get" | tee -a $log_pathname - apt-get update -y - apt-get install -y unzip %{ endif ~} + + systemctl enable amazon-ssm-agent + systemctl start amazon-ssm-agent + systemctl enable firewalld + systemctl start firewalld + %{ else ~} + echo "[$(date +"%FT%T")] [Terraform Enterprise] Install unzip with apt-get" | tee -a $log_pathname + apt-get update -y + apt-get install -y unzip %{ endif ~} echo "[$(date +"%FT%T")] [Terraform Enterprise] Install AWS CLI" | tee -a $log_pathname From a95498d660ab02fc440dcdf5bc3f9d26f566e242 Mon Sep 17 00:00:00 2001 From: Kosy Anyanwu Date: Wed, 15 May 2024 13:29:55 +0200 Subject: [PATCH 17/18] Update messages --- modules/tfe_init_replicated/templates/install_packages.func | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/tfe_init_replicated/templates/install_packages.func b/modules/tfe_init_replicated/templates/install_packages.func index 695ab5a9..713ea6b9 100644 --- a/modules/tfe_init_replicated/templates/install_packages.func +++ b/modules/tfe_init_replicated/templates/install_packages.func @@ -5,15 +5,17 @@ function install_packages { # Description: Install AWS packages %{ if distribution == "rhel" || distribution == "amazon-linux-2023" ~} - echo "[$(date +"%FT%T")] [Terraform Enterprise] Install unzip and SSMAgent with yum" | tee -a $log_pathname + echo "[$(date +"%FT%T")] [Terraform Enterprise] Install unzip and firewalld with yum" | tee -a $log_pathname yum install -y firewalld unzip %{ if distribution == "rhel" ~} # Amazon Linux 2023 already has amazon-ssm-agent so install on rhel only + echo "[$(date +"%FT%T")] [Terraform Enterprise] Install ssm-agent with yum" | tee -a $log_pathname yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm %{ endif ~} %{ if distribution == "amazon-linux-2023" ~} + echo "[$(date +"%FT%T")] [Terraform Enterprise] Remove existing docker and install v24 with yum" | tee -a $log_pathname yum remove docker -y yum install docker-24.0.5-1.amzn2023.0.3 -y From 97df27816b890847f77a31f4a2c3564cf1adb0bc Mon Sep 17 00:00:00 2001 From: Kosy Anyanwu Date: Wed, 15 May 2024 16:40:59 +0200 Subject: [PATCH 18/18] cleanup --- modules/tfe_init_replicated/templates/get_base64_secrets.func | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/tfe_init_replicated/templates/get_base64_secrets.func b/modules/tfe_init_replicated/templates/get_base64_secrets.func index 9dfa380f..b438bc01 100644 --- a/modules/tfe_init_replicated/templates/get_base64_secrets.func +++ b/modules/tfe_init_replicated/templates/get_base64_secrets.func @@ -11,9 +11,10 @@ function get_base64_secrets { %{ if cloud == "aws" ~} function get_base64_secrets { - # Description: Pull the Base 64 encoded secrets from AWS Secrets Manager local secret_id=$1 # OS: Agnostic + # Description: Pull the Base 64 encoded secrets from AWS Secrets Manager + /usr/local/bin/aws secretsmanager get-secret-value --secret-id $secret_id | jq --raw-output '.SecretBinary,.SecretString | select(. != null)' } %{ endif ~}