Introduce post_bootstrap_config

Trivadis · Dec 16, 2021 · 67e83cb · 67e83cb
1 parent b8320dd
commit 67e83cb
Show file tree

Hide file tree

Showing 9 changed files with 86 additions and 7 deletions.
diff --git a/cloudinit/bastion_config.template.sh b/cloudinit/bastion_config.template.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+# ------------------------------------------------------------------------------
+# Trivadis - Part of Accenture, Platform Factory - Transactional Data Platform
+# Saegereistrasse 29, 8152 Glattbrugg, Switzerland
+# ------------------------------------------------------------------------------
+# Name.......: bastion_config.template.sh
+# Author.....: Stefan Oehrli (oes) [email protected]
+# Editor.....: Stefan Oehrli
+# Date.......: 2021.12.16
+# Revision...: 
+# Purpose....: Script to configure the bastion host after bootstrap
+# Notes......: --
+# Reference..: --
+# License....: Apache License Version 2.0, January 2004 as shown
+#              at http://www.apache.org/licenses/
+# ------------------------------------------------------------------------------
+# - Customization --------------------------------------------------------------
+HOST=${HOST:-$(hostname)}
+# - End of Customization -------------------------------------------------------
+
+# - Default Values -------------------------------------------------------------
+# source genric environment variables and functions
+export SCRIPT_NAME=$(basename $0)               # script name
+export SCRIPT_BIN_DIR=$(dirname $0)             # script bin directory
+# define logfile and logging
+export LOG_BASE=${LOG_BASE:-"$SCRIPT_BIN_DIR"}  # Use script directory as default logbase
+# Define Logfile but first reset LOG_BASE if directory does not exists
+if [ ! -d ${LOG_BASE} ] || [ ! -w ${LOG_BASE} ] ; then
+    echo "INFO : set LOG_BASE to /tmp"
+    export LOG_BASE="/tmp"
+fi
+TIMESTAMP=$(date "+%Y.%m.%d_%H%M%S")
+readonly LOGFILE="$LOG_BASE/$(basename $SCRIPT_NAME .sh)_$TIMESTAMP.log"
+# - EOF Default Values ---------------------------------------------------------
+
+# - Initialization -------------------------------------------------------------
+# Define a bunch of bash option see 
+# https://www.gnu.org/software/bash/manual/html_node/The-Set-Builtin.html
+set -o nounset                              # stop script after 1st cmd failed
+set -o errexit                              # exit when 1st unset variable found
+set -o pipefail                             # pipefail exit after 1st piped commands failed
+
+# initialize logfile
+touch $LOGFILE 2>/dev/null
+exec &> >(tee -a "$LOGFILE")                # Open standard out at `$LOG_FILE` for write.  
+exec 2>&1  
+
+echo "INFO: Start post bootstrap bastion configuration on host $(hostname) at $(date)"
+
+echo "INFO: Finish post bootstrap bastion configuration on host $(hostname) at $(date)"
+# --- EOF ----------------------------------------------------------------------
diff --git a/cloudinit/bastion_host.yaml b/cloudinit/bastion_host.yaml
@@ -52,6 +52,13 @@ write_files:
     content: |
       ${guacamole_initialization}
 
+# Add post bootstrap script -------------------------------------------------------
+  - path: "/root/post_bootstrap_config.sh"
+    permissions: "0750"
+    encoding: "gzip+base64"
+    content: |
+      ${post_bootstrap_config}
+
 # Add Guacamole connections script -------------------------------------------
   - path: "/home/${guacamole_user}/02_connections.sql"
     permissions: "0644"
@@ -104,5 +111,8 @@ runcmd:
 
 # Setup guacamole
   - /home/${guacamole_user}/guacamole_init.sh
+
+# Post Bootstrap
+  - nohup /root/post_bootstrap_config.sh > /root/post_bootstrap_config.log 2>&1 & 
 # --- EOF Run configuration commands -----------------------------------------
 # --- EOF --------------------------------------------------------------------
diff --git a/compute.tf b/compute.tf
@@ -45,6 +45,7 @@ resource "oci_core_instance" "bastion" {
       authorized_keys       = base64gzip(local.ssh_authorized_keys)
       etc_hosts             = base64gzip(local.hosts_file)
       fail2ban_config       = local.fail2ban_config
+      post_bootstrap_config = base64gzip(local.post_bootstrap_config)
       guacamole_initialization = base64gzip(templatefile("${path.module}/scripts/guacamole_init.template.sh", {
         webhost_name       = var.webhost_name
         webproxy_name      = var.webproxy_name

diff --git a/doc/variables.md b/doc/variables.md
@@ -27,6 +27,7 @@ Variables for the configuration of the terraform module, defined in [variables](
 | `admin_email`              | Admin email used to configure Let's encrypt.                                                               |                   | [email protected]                     |
 | `bastion_boot_volume_size` | Size of the boot volume.                                                                                   |                   | 50                                   |
 | `bootstrap_cloudinit_template`        | Bootstrap script to provision the bastion host.                                                            |                   | n/a                                  |
+| `post_bootstrap_config`        | Post Bootstrap script to provision the bastion host.                                                            |                   | n/a                                  |
 | `bastion_dns_registration` | Whether to register the bastion host in DNS zone.                                                          | true/false        | true                                 |
 | `bastion_enabled`          | Whether to create the bastion host or not.                                                                 | true/false        | false                                |
 | `bastion_image_id`         | Provide a custom image id for the bastion host or leave as OEL (Oracle Enterprise Linux).                  | OCID              | OEL                                  |

diff --git a/examples/main.tf b/examples/main.tf
@@ -66,6 +66,7 @@ module "tvdlab-bastion" {
   bastion_ocpus                = var.bastion_ocpus
   bastion_memory_in_gbs        = var.bastion_memory_in_gbs
   bootstrap_cloudinit_template = var.bootstrap_cloudinit_template
+  post_bootstrap_config        = var.post_bootstrap_config
   bastion_state                = var.bastion_state
   bastion_os                   = var.bastion_os
   bastion_os_version           = var.bastion_os_version

diff --git a/examples/terraform.tfvars.example b/examples/terraform.tfvars.example
@@ -42,6 +42,7 @@ bastion_ocpus                   = 1
 bastion_memory_in_gbs           = 8
 bastion_state                   = "RUNNING"
 bootstrap_cloudinit_template    = ""
+post_bootstrap_config           = ""
 ssh_public_key                  = ""
 ssh_public_key_path             = ""
 #bastion_subnet 

diff --git a/examples/variables.tf b/examples/variables.tf
@@ -134,6 +134,12 @@ variable "bootstrap_cloudinit_template" {
   type        = string
 }
 
+variable "post_bootstrap_config" {
+  description = "Host environment config script used after bootstrap host."
+  default     = ""
+  type        = string
+}
+
 variable "ssh_public_key" {
   description = "the content of the ssh public key used to access the bastion. set this or the ssh_public_key_path"
   default     = ""

diff --git a/locals.tf b/locals.tf
@@ -15,13 +15,15 @@
 # ---------------------------------------------------------------------------
 
 locals {
-  availability_domain   = data.oci_identity_availability_domains.ad_list.availability_domains[var.ad_index - 1].name
-  resource_name         = var.resource_name == "" ? data.oci_identity_compartment.compartment.name : var.resource_name
-  resource_shortname    = lower(replace(local.resource_name, "-", ""))
-  bastion_image_id      = var.bastion_image_id == "OEL" ? data.oci_core_images.oracle_images.images.0.id : var.bastion_image_id
-  ssh_public_key_path   = var.ssh_public_key_path == "" ? "${path.module}/etc/authorized_keys.template" : var.ssh_public_key_path
-  ssh_authorized_keys   = var.ssh_public_key != "" ? var.ssh_public_key : file(local.ssh_public_key_path)
-  hosts_file            = var.hosts_file == "" ? "${path.module}/etc/hosts.template" : var.hosts_file
+  availability_domain = data.oci_identity_availability_domains.ad_list.availability_domains[var.ad_index - 1].name
+  resource_name       = var.resource_name == "" ? data.oci_identity_compartment.compartment.name : var.resource_name
+  resource_shortname  = lower(replace(local.resource_name, "-", ""))
+  bastion_image_id    = var.bastion_image_id == "OEL" ? data.oci_core_images.oracle_images.images.0.id : var.bastion_image_id
+  ssh_public_key_path = var.ssh_public_key_path == "" ? "${path.module}/etc/authorized_keys.template" : var.ssh_public_key_path
+  ssh_authorized_keys = var.ssh_public_key != "" ? var.ssh_public_key : file(local.ssh_public_key_path)
+  hosts_file          = var.hosts_file == "" ? "${path.module}/etc/hosts.template" : var.hosts_file
+
+  post_bootstrap_config = var.post_bootstrap_config == "" ? "${path.module}/cloudinit/bastion_config.template.sh" : var.post_bootstrap_config
   guacamole_connections = var.guacamole_connections == "" ? "${path.module}/scripts/guacamole_connections.template.sql" : var.guacamole_connections
   # define and render fail2ban configuration
   fail2ban_template = var.fail2ban_template == "" ? "${path.module}/etc/fail2ban.template.conf" : var.fail2ban_template

diff --git a/variables.tf b/variables.tf
@@ -134,6 +134,12 @@ variable "bootstrap_cloudinit_template" {
   type        = string
 }
 
+variable "post_bootstrap_config" {
+  description = "Host environment config script used after bootstrap host."
+  default     = ""
+  type        = string
+}
+
 variable "ssh_public_key" {
   description = "the content of the ssh public key used to access the bastion. set this or the ssh_public_key_path"
   default     = ""