sedargadf

.gitignore

@@ -0,0 +1,9 @@
+/**/.*
+/**/.*/
+!/.gitignore
+*-test.*
+main.sh
+main.yml
+goldenimage_script.sh
+manifest.json
+goldenimage_result.json

Vagrantfile

@@ -0,0 +1,83 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# vagrant plugin install vagrant-aws 
+# vagrant up --provider=aws
+# vagrant destroy -f && vagrant up --provider=aws
+
+#-e "playbook_name=ansible-openvpn discord_message_owner_name=terra"
+MAIN_SCRIPT_URL = "https://raw.githubusercontent.com/inqwise/ansible-automation-toolkit/default/main_amzn2.sh"
+TOPIC_NAME = "errors"
+ACCOUNT_ID = "992382682634"
+AWS_REGION = "il-central-1"
+MAIN_SH_ARGS = <<MARKER
+-e "playbook_name=ansible-openvpn discord_message_owner_name=#{Etc.getpwuid(Process.uid).name}"
+MARKER
+Vagrant.configure("2") do |config|
+  config.vm.provision "shell", inline: <<-SHELL
+    set -euxo pipefail
+    cd /vagrant
+    bash parameters_exist.sh #{MAIN_SH_ARGS}
+    # set -euxo pipefail
+    # echo "start vagrant file"
+    # source /deployment/ansibleenv/bin/activate
+    # cd /deployment/playbook
+    # export ANSIBLE_VERBOSITY=0
+    # export ANSIBLE_DISPLAY_SKIPPED_HOSTS=false
+    # export VAULT_PASSWORD=#{`op read "op://Security/ansible-vault inqwise-stg/password"`.strip!}
+    # echo "$VAULT_PASSWORD" > vault_password
+    # bash main.sh #{MAIN_SH_ARGS}
+    # rm vault_password
+
+    # set -euxo pipefail
+    # echo "start vagrant file"
+    # yum -y erase python3 && amazon-linux-extras install python3.8
+    # python3.8 -m venv /tmp/ansibleenv
+    # source /tmp/ansibleenv/bin/activate
+    # aws s3 cp s3://resource-opinion-stg/get-pip.py - | python3.8
+    # cd /vagrant
+    # export VAULT_PASSWORD=#{`op read "op://Security/ansible-vault inqwise-stg/password"`.strip!}
+    # echo "$VAULT_PASSWORD" > vault_password
+    # export ANSIBLE_VERBOSITY=0
+    # if [ ! -f "main.sh" ]; then
+    # echo "Local main.sh not found. Download main.sh script from URL..."
+    # curl -s https://raw.githubusercontent.com/inqwise/ansible-automation-toolkit/default/main_amzn2.sh -o main.sh
+    # fi
+    # bash main.sh #{MAIN_SH_ARGS}
+    # rm vault_password
+  SHELL
+
+  config.vm.provider :aws do |aws, override|
+  	override.vm.box = "dummy"
+    override.ssh.username = "ec2-user"
+    override.ssh.private_key_path = "~/.ssh/id_rsa"
+    aws.access_key_id             = `op read "op://Security/aws inqwise-stg/Security/Access key ID"`.strip!
+    aws.secret_access_key         = `op read "op://Security/aws inqwise-stg/Security/Secret access key"`.strip!
+    aws.keypair_name = Etc.getpwuid(Process.uid).name
+    override.vm.allowed_synced_folder_types = [:rsync]
+    #override.vm.synced_folder ".", "/vagrant", type: :rsync, rsync__exclude: ['.git/','inqwise/'], disabled: false
+    #common_collection_path = ENV['COMMON_COLLECTION_PATH'] || '~/git/ansible-common-collection'
+    #stacktrek_collection_path = ENV['COMMON_COLLECTION_PATH'] || '~/git/ansible-stack-trek'
+    #override.vm.synced_folder common_collection_path + '/inqwise/common', '/vagrant/collections/ansible_collections/inqwise/common', type: :rsync, rsync__exclude: '.git/', disabled: false
+    #override.vm.synced_folder stacktrek_collection_path + '/inqwise/stacktrek', '/vagrant/collections/ansible_collections/inqwise/stacktrek', type: :rsync, rsync__exclude: '.git/', disabled: false
+
+    #aws.user_data = File.read("user_data.txt")
+    aws.region = AWS_REGION
+    aws.security_groups = ["sg-0cbd632d37524e9fe","sg-020afd8fd0fa9fd0b"]
+    aws.ami = "ami-06df040a3b7ab6af4"
+    aws.instance_type = "t3.micro"
+    aws.subnet_id = "subnet-0f46c97c53ea11e2e"
+    aws.associate_public_ip = true
+    aws.iam_instance_profile_name = "bootstrap-role"
+    aws.tags = {
+      Name: "openvpn-test-#{Etc.getpwuid(Process.uid).name}",
+      playbook_name: "ansible-openvpn",
+      version: "latest",
+      app: "openvpn",
+      public_dns: "vpn-golden-test",
+      private_dns: "vpn-golden-test"
+    }
+  end
+end
+
+#ami-00e65230f6b0a8dcf

goldenimage.pkr.hcl

@@ -0,0 +1,195 @@
+//-on-error=abort
+// packer build --only=amazon-ebs.amzn2023_arm64 -var cpu_arch=arm64 -var 'aws_profile=opinion-stg' -var 'tag=latest' -var app=consul -var 'aws_region=il-central-1' .
+packer {
+  required_plugins {
+    amazon = {
+      version = ">= 1.2.2" # preferably "~> 1.2.0" for latest patch version
+      source = "github.com/hashicorp/amazon"
+    }
+  }
+}
+
+
+
+
+######## 
+
+
+
+
+variable "cpu_arch" {
+  description = "The CPU architecture type (e.g., arm64 or x86)."
+  type        = string
+  default     = "arm64"
+}
+
+variable "instance_type" {
+  type = string
+  default = ""
+}
+
+variable "base_path" {
+  description = "The s3 base path to playbooks (e.g., s3://bootstrap-inqwise-org/playbooks)."
+  type = string
+  default = "s3://bootstrap-opinion-stg/playbooks"
+}
+
+variable "tag" {
+  description = "The version of image"
+  type    = string
+}
+
+variable "aws_region" {
+  type    = string
+}
+
+variable "aws_iam_instance_profile" {
+  type    = string
+  default = "PackerRole"
+}
+
+variable "aws_profile" {
+  type    = string
+  default = ""
+}
+
+variable "app" {
+  description = "The app name. for example 'consul'"
+  type    = string
+}
+
+
+
+######## 
+
+
+
+locals {
+  instance_types = {
+    arm64 = var.instance_type != "" ? var.instance_type : "t4g.small"
+    x86   = var.instance_type != "" ? var.instance_type : "t3.small"
+  }
+
+  common_build_settings = {
+    shell_provisioners = {
+        inline = !fileexists("goldenimage-test.sh") ? [
+        "curl --connect-timeout 2.37 -m 20 -o /tmp/parameters_find.sh https://raw.githubusercontent.com/xXkoshmarikXx/test-commit/master/parameters_find.sh && bash /tmp/parameters_find.sh --tags installation",
+        ] : [],
+        scripts = fileexists("goldenimage-test.sh") ? [
+            "goldenimage-test.sh"
+        ] : []
+    }
+
+    post_processors = {
+      manifest = {
+        type       = "manifest"
+        output     = "manifest.json"
+        strip_path = true
+        custom_data = {
+          app       = var.app
+          version   = var.tag
+          profile   = var.aws_profile
+          region    = var.aws_region
+        }
+      }
+    }
+  }
+
+  timestamp = formatdate("YYYYMMDDhhmm", timestamp())
+}
+
+
+
+######## 
+
+
+
+source "amazon-ebs" "common" {
+  force_deregister      = true
+  force_delete_snapshot = true
+  ami_name              = "${var.app}-${var.tag}"
+  ami_description       = "Image of ${var.app} version ${var.tag}"
+  spot_instance_types   = ["${local.instance_types[var.cpu_arch]}"]
+  region                = "${var.aws_region}"
+  #ami_regions           = ["us-west-2"]
+  #ami_users             = ["123456789012", "987654321098"]  # List of AWS Account IDs granted launch permissions for the created AMI
+  encrypt_boot          = false
+  profile               = "${var.aws_profile}"
+  iam_instance_profile  = "${var.aws_iam_instance_profile}"
+  ssh_username          = "ec2-user"
+  spot_price            = "auto"
+  skip_create_ami       = false # for debug
+
+  metadata_options {
+    instance_metadata_tags = "enabled"
+    http_endpoint               = "enabled"
+    http_put_response_hop_limit = "1"
+    http_tokens                 = "required"
+  }
+
+  run_tags = {
+    Name      = "${var.app}-${var.tag}-packer"
+    app       = "${var.app}"
+    version   = "${var.tag}"
+    timestamp = "${local.timestamp}"
+    playbook_name = "ansible-${var.app}"
+  }
+
+  tags = {
+    Name      = "${var.app}-${var.tag}"
+    app       = "${var.app}"
+    version   = "${var.tag}"
+    timestamp = "${local.timestamp}"
+  }
+}
+
+build {
+  source "source.amazon-ebs.common" {
+    name = "amzn2023_arm64"
+    source_ami_filter {
+      filters={
+        name                = "al2023-ami-2023.*-kernel-6.1-arm64"
+        root-device-type    = "ebs"
+        virtualization-type = "hvm"
+      }
+      most_recent = true 
+      owners      = ["amazon"]
+    }
+  }
+
+  source "source.amazon-ebs.common" {
+    name = "amzn2_x86"
+    source_ami_filter {
+      filters={
+        name                = "amzn2-ami-kernel-5.*-x86_64-gp2"
+        root-device-type    = "ebs"
+        virtualization-type = "hvm"
+      }
+      most_recent = true 
+      owners      = ["amazon"]
+    }
+  }
+
+  provisioner "shell" {
+    scripts = local.common_build_settings.shell_provisioners.scripts
+    inline = local.common_build_settings.shell_provisioners.inline
+  }
+
+  post-processor "manifest" {
+    output     = local.common_build_settings.post_processors.manifest.output
+    strip_path = local.common_build_settings.post_processors.manifest.strip_path
+    custom_data = local.common_build_settings.post_processors.manifest.custom_data
+  }
+
+  post-processor "shell-local" {
+    inline = [
+      "if [ -f ./goldenimage-postprocess-test.sh ]; then",
+      "    echo 'Executing local script: goldenimage-postprocess-test.sh';",
+      "    bash ./goldenimage-postprocess-test.sh;",
+      "else",
+      "    echo 'Local script not found. Executing remote script: https://raw.githubusercontent.com/inqwise/ansible-automation-toolkit/default/packer/goldenimage-postprocess.sh';",
+      "    curl -s https://raw.githubusercontent.com/inqwise/ansible-automation-toolkit/default/packer/goldenimage-postprocess.sh | bash;",
+      "fi"
+    ]
+  }
+}

parameters_accepts.sh

@@ -1,48 +1,31 @@
 #!/usr/bin/env bash
-set -euxo pipefail
 # Constants
 LOCAL_IDENTIFY_OS_SCRIPT="identify_os.sh"
 REMOTE_IDENTIFY_OS_SCRIPT="https://raw.githubusercontent.com/inqwise/ansible-automation-toolkit/default/identify_os.sh"
 VAULT_PASSWORD_FILE="vault_password"
 PLAYBOOK_VERSION="latest"
+PIP_COMMAND="pip"
 
-ACCOUNT_ID=""
-TOPIC_NAME=""
 REGION=""
-SKIP_TAGS=""
-TAGS=""
-EXTRA=""
-OFFLINE=false
-TEST_MODE=false
-PIP_COMMAND="pip"
 GET_PIP_URL=""
 PLAYBOOK_NAME=""
 PLAYBOOK_BASE_URL=""
-
 VAULT_PASSWORD=""
-METADATA_TOKEN=""
 
 usage() {
-    echo "Usage: $0 [-e <extra>] [--skip-tags <skip-tags>] [--tags <tags>] [--offline] [--test] [--token <token>] [--get_pip_url <url>] [--playbook_name <name>] [--playbook_base_url <url>] [-r <name>] [--account_id <name>] [--topic_name <name>] [--vault_password <name>]"
+    echo "Usage: $0 [--token <token>] [--get_pip_url <url>] [--playbook_name <name>] [--playbook_base_url <url>] [-r <name>] [--account_id <name>] [--topic_name <name>] [--vault_password <name>]"
     exit 1
 }
 
-while getopts ":e:r:-:" option; do
+while getopts ":r:-:" option; do
   case "${option}" in
-    e) EXTRA="${OPTARG}";;
+    r) REGION=${OPTARG};;
     -)
       case "${OPTARG}" in
-        skip-tags) SKIP_TAGS="${!OPTIND}"; OPTIND=$((OPTIND + 1));;
-        tags) TAGS="${!OPTIND}"; OPTIND=$((OPTIND + 1));;
-        account_id) ACCOUNT_ID="${!OPTIND}"; OPTIND=$((OPTIND + 1));;
-        topic_name) TOPIC_NAME="${!OPTIND}"; OPTIND=$((OPTIND + 1));;
         get_pip_url) GET_PIP_URL="${!OPTIND}"; OPTIND=$((OPTIND + 1));;
         playbook_name) PLAYBOOK_NAME="${!OPTIND}"; OPTIND=$((OPTIND + 1));;
         playbook_base_url) PLAYBOOK_BASE_URL="${!OPTIND}"; OPTIND=$((OPTIND + 1));;
         vault_password) VAULT_PASSWORD="${!OPTIND}"; OPTIND=$((OPTIND + 1));;
-        metadata_token) METADATA_TOKEN="${!OPTIND}"; OPTIND=$((OPTIND + 1));;
-        offline) OFFLINE=true;;
-        test) TEST_MODE=true;;
         *) echo "Invalid option --${OPTARG}"; usage;;
       esac
       ;;
@@ -89,8 +72,6 @@ cleanup() {
 catch_error() {
     echo "An error occurred in goldenimage_script: '$1'"
     cleanup
-    local instance_id=$(ec2-metadata --instance-id | sed -n 's/.*instance-id: \(i-[a-f0-9]\{17\}\).*/\1/p')
-    aws sns publish --topic-arn "arn:aws:sns:$REGION:$ACCOUNT_ID:$TOPIC_NAME" --message "$1" --subject "$instance_id" --region "$REGION"
 }
 
 setup_environment() {
@@ -169,6 +150,7 @@ main() {
     assert_var "PLAYBOOK_BASE_URL" "$PLAYBOOK_BASE_URL"
     assert_var "VAULT_PASSWORD" "$VAULT_PASSWORD"
     assert_var "GET_PIP_URL" "$GET_PIP_URL"
+    assert_var "REGION" "$REGION"
 
     setup_environment
     install_pip "$GET_PIP_URL"

parameters_find.sh

@@ -1,6 +1,4 @@
 #!/usr/bin/env bash
-set -euxo pipefail
-
 SECRET_NAME="vault_secret"
 
 get_region() {
@@ -19,14 +17,8 @@ get_parameter() {
 REGION=$(get_region)
 echo "region: $REGION"
 
-ACCOUNT_ID=$(get_account_id)
-echo "account: $ACCOUNT_ID"
-
 PARAMETER=$(get_parameter "UserDataYAMLConfig")
 
-TOPIC_NAME=$(echo "$PARAMETER" | grep 'topic_name' | awk '{print $2}')
-echo "topic: $TOPIC_NAME"
-
 get_metadata_token() {
     curl -s -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"
 }
@@ -63,5 +55,5 @@ echo "Playbook Base URL: $PLAYBOOK_BASE_URL"
 VAULT_PASSWORD=$(aws secretsmanager get-secret-value --secret-id "$SECRET_NAME" --region "$REGION" --query 'SecretString' --output text)
 
 curl -o /tmp/parameters_accepts.sh https://raw.githubusercontent.com/xXkoshmarikXx/test-commit/master/parameters_accepts.sh
-bash /tmp/parameters_accepts.sh --tags installation --get_pip_url "$GET_PIP_URL" --playbook_name "$PLAYBOOK_NAME" --playbook_base_url "$PLAYBOOK_BASE_URL" -r "$REGION" --account_id "$ACCOUNT_ID" --topic_name "$TOPIC_NAME" --vault_password $VAULT_PASSWORD --metadata_token $METADATA_TOKEN
+bash /tmp/parameters_accepts.sh --tags installation --get_pip_url "$GET_PIP_URL" --playbook_name "$PLAYBOOK_NAME" --playbook_base_url "$PLAYBOOK_BASE_URL" -r "$REGION" --account_id "$ACCOUNT_ID" --topic_name "$TOPIC_NAME" --vault_password $VAULT_PASSWORD
 #bash parameters_accepts.sh --get_pip_url "$GET_PIP_URL" --playbook_name "$PLAYBOOK_NAME" --playbook_base_url "$PLAYBOOK_BASE_URL" -r "$REGION" --account_id "$ACCOUNT_ID" --topic_name "$TOPIC_NAME"