Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat/add/packer/steps #2412

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

feat/add/packer/steps #2412

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions .github/workflows/packer-build-ami.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
name: Packer build AWS AMI's
on:
workflow_dispatch:
branches:
- prod
Comment on lines +1 to +5
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider parameterizing the branch name.

For flexibility, consider parameterizing the branch name to allow triggering the workflow on different branches.

-      - prod
+      - ${{ secrets.BRANCH_NAME }}
Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
name: Packer build AWS AMI's
on:
workflow_dispatch:
branches:
- prod
name: Packer build AWS AMI's
on:
workflow_dispatch:
branches:
- ${{ secrets.BRANCH_NAME }}

Comment on lines +4 to +5
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Parameterize the branch name for flexibility.

To allow triggering the workflow on different branches, consider parameterizing the branch name using a GitHub secret.

Apply this diff:

-      - prod
+      - ${{ secrets.BRANCH_NAME }}

Ensure that the BRANCH_NAME secret is set in the repository settings.

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
branches:
- prod
branches:
- ${{ secrets.BRANCH_NAME }}


jobs:
plan:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fix the YAML syntax error.

The static analysis tool actionlint has detected a YAML parsing error at this line. Please ensure that the YAML syntax is valid.

Tools
actionlint

8-8: could not parse as YAML: yaml: line 8: did not find expected key

(syntax-check)

environment: Terraform
defaults:
run:
working-directory: /home/runner/work/ballerine/deploy/aws_ami
runs-on: ubuntu-latest
name: Packer build Artifacts
steps:
- name: Checkout to Git
uses: actions/checkout@v2

- name: Assume Role
uses: ./
env:
ROLE_ARN: ${{ secrets.AWS_PACKER_ROLE }}
ROLE_SESSION_NAME: packersession
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
DURATION_SECONDS: 900

Comment on lines +19 to +27
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use the AWS Assume Role Action for better security.

Instead of using a custom action and hardcoding AWS credentials, it's recommended to use the official AWS Assume Role Action for assuming an AWS role. This approach is more secure and maintainable.

Apply this diff to switch to the AWS Assume Role Action:

-    - name: Assume Role
-      uses: ./
-      env:
-        ROLE_ARN: ${{ secrets.AWS_PACKER_ROLE }}
-        ROLE_SESSION_NAME: packersession
-        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        DURATION_SECONDS: 900
+    - name: Assume Role
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        role-to-assume: ${{ secrets.AWS_PACKER_ROLE }}
+        aws-region: ${{ secrets.AWS_REGION }}

Ensure that the AWS_PACKER_ROLE and AWS_REGION secrets are set in the repository settings.

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Assume Role
uses: ./
env:
ROLE_ARN: ${{ secrets.AWS_PACKER_ROLE }}
ROLE_SESSION_NAME: packersession
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
DURATION_SECONDS: 900
- name: Assume Role
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.AWS_PACKER_ROLE }}
aws-region: ${{ secrets.AWS_REGION }}

- name: Setup `packer`
uses: hashicorp/setup-packer@main
id: setup
with:
version: 1.8.7

- name: Run `packer init`
id: init
run: "packer init template.json.pkr.hcl"

- name: Run `packer validate`
id: validate
run: "packer validate template.json.pkr.hcl"

- name: Build AWS AMIs
run: "packer build template.json.pkr.hcl"
4 changes: 2 additions & 2 deletions deploy/ansible/ballerine_playbook/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ You can run the ansible playbook with the following command

```bash
cd ballerine/deploy/ansible/ballerine_playbook
ansible-playbook -i inventory.txt ballerine-playbook.yml
ansible-playbook -i inventory.txt ballerine-playbook.yml --skip-tags packer
```

The command above will use the host information from the `inventory` file.
Expand All @@ -110,4 +110,4 @@ When it's all done, provided all went well and no parameters were changed, you s

## Make entries to the DNS server

Make sure the appropriate entries for the url in DNS are created
Make sure the appropriate entries for the url in DNS are created
4 changes: 4 additions & 0 deletions deploy/ansible/ballerine_playbook/roles/setup-ballerine/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@
docker_edition: 'ce'
docker_package: 'docker-{{ docker_edition }}'
docker_package_state: present
default_user: ubuntu

cloud_user: ballerine
cloud_group: ballerine

# Service options.
docker_service_state: started
Expand Down
12 changes: 12 additions & 0 deletions deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/cleanup-packer-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
- name: Remove sensitive credential (1)
shell: find / -name "authorized_keys" -exec rm -f {} \;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not fully understand how is it work... does it connect using ssh?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So packer works like this

  • creates a t2.micro vm
  • installs all the required tools like docker , docker-compose copy the ballerine repo contents for ballerine to work
  • takes a snapshot of the VM
  • creates an ami
  • because packer created an ec2 instance and performed the above steps there will be few entries that are necessary and we are cleaning them up.
  • In second step we add all tools required for ballerine to start when a customer uses the AMI and starts an ec2 instance

become: true

- name: Remove sensitive credential (2)
shell: find /root/ /home/*/ -name .cvspass -exec rm -f {} \;
become: true

- name: Restart rsyslog
shell: service rsyslog restart
become: true
9 changes: 9 additions & 0 deletions deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/clone-ballerine.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
- name: Clone Ballerine
git:
repo: https://github.com/ballerine-io/ballerine.git
dest: "{{ install_dir }}"
version: dev
clone: yes
update: yes
ignore_errors: yes
11 changes: 11 additions & 0 deletions deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/deploy-ballerine.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
- name: Deploy Ballerine with localhost
shell: sudo docker-compose -f docker-compose-build.yml up -d
args:
chdir: "{{ install_dir }}/deploy"
when: vite_api_url == ""

- name: Deploy Ballerine with custom Domain
shell: sudo docker-compose -f docker-compose-build-https.yml up -d
args:
chdir: "{{ install_dir }}/deploy"
when: vite_api_url != ""
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a newline character at the end of the file.

YAML files should end with a newline character to avoid issues with certain parsers.

  when: vite_api_url != ""
+
Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
when: vite_api_url != ""
when: vite_api_url != ""
Tools
yamllint

[error] 11-11: no new line character at the end of file

(new-line-at-end-of-file)

Comment on lines +1 to +11
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion:
Why dont we just manage our monorepo to have additional command which run that command ?
by doing so we can keep maintain those scripts on our main package.json file

npm run deploy::docker
npm run deploy::docker::custom-domain

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wish to use devops tools as it will be easy for any devops engineers to understand how we are building packer image

6 changes: 2 additions & 4 deletions deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/install-docker.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,15 +24,13 @@
- libnss3-tools
state: latest
become: true
tags:
- always


- name: Upgrade dist to apply security fixes
ansible.builtin.apt:
upgrade: dist
become: true
tags:
- always


- name: Ensure old versions of Docker are not installed
package:
Expand Down
19 changes: 18 additions & 1 deletion deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,25 @@
package_facts:
manager: auto

- include_tasks: install-docker.yml
- import_tasks: install-docker.yml

- import_tasks: start-docker.yml

- import_tasks: clone-ballerine.yml

- import_tasks: setup-init-config.yml
tags: packer

- import_tasks: setup-ballerine.yml

- import_tasks: setup-ballerine-runtime.yml
tags: packer

- import_tasks: deploy-ballerine.yml
tags: deploy

- import_tasks: setup-user-data.yml
tags: packer

- import_tasks: cleanup-packer-build.yml
tags: packer
Comment on lines +6 to +27
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a new line at the end of the file.

A new line at the end of the file is missing. This is a best practice for readability and to avoid potential issues with some tools.

-  tags: packer
+  tags: packer

+
Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- import_tasks: install-docker.yml
- import_tasks: start-docker.yml
- import_tasks: clone-ballerine.yml
- import_tasks: setup-init-config.yml
tags: packer
- import_tasks: setup-ballerine.yml
- import_tasks: setup-ballerine-runtime.yml
tags: packer
- import_tasks: deploy-ballerine.yml
tags: deploy
- import_tasks: setup-user-data.yml
tags: packer
- import_tasks: cleanup-packer-build.yml
tags: packer
- import_tasks: install-docker.yml
- import_tasks: start-docker.yml
- import_tasks: clone-ballerine.yml
- import_tasks: setup-init-config.yml
tags: packer
- import_tasks: setup-ballerine.yml
- import_tasks: setup-ballerine-runtime.yml
tags: packer
- import_tasks: deploy-ballerine.yml
tags: deploy
- import_tasks: setup-user-data.yml
tags: packer
- import_tasks: cleanup-packer-build.yml
tags: packer
Tools
yamllint

[error] 27-27: no new line character at the end of file

(new-line-at-end-of-file)

39 changes: 39 additions & 0 deletions deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/setup-ballerine-runtime.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
- name: create runtime path folder
file:
dest: "{{ install_dir }}/scripts"
mode: 0755
recurse: yes
owner: "{{ cloud_user }}"
group: "{{ cloud_group }}"
state: directory

- name: create boot script
template:
src: templates/boot.sh
dest: "{{ install_dir }}/scripts/boot.sh"
mode: 0755

- name: create reboot entry job
cron:
name: "ballerine job"
special_time: reboot
user: "{{ cloud_user }}"
job: "{{ install_dir }}/scripts/boot.sh"

- name: setup ssh key for ballerine user
copy:
src: templates/init-ssh.sh
dest: /var/lib/cloud/scripts/per-instance
mode: 0755
owner: "{{ cloud_user }}"
group: "{{ cloud_group }}"
become: true

- name: setup ssh key for {{ default_user }} user
copy:
src: templates/init-ssh.sh
dest: /var/lib/cloud/scripts/per-instance
mode: 0755
owner: "{{ default_user }}"
group: "{{ cloud_group }}"
become: true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a newline at the end of the file.

The file is missing a newline at the end, which is a best practice for UNIX files.

-  become: true
+  become: true

+
Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
become: true
become: true
Tools
yamllint

[error] 39-39: no new line character at the end of file

(new-line-at-end-of-file)

15 changes: 2 additions & 13 deletions deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/setup-ballerine.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
---

- name: Replace VITE URL for backoffice
lineinfile:
path: '~/ballerine/apps/backoffice-v2/.env.example'
Expand Down Expand Up @@ -33,16 +34,4 @@
ansible.builtin.template:
src: templates/Caddyfile.j2
dest: "{{ install_dir }}/deploy/caddy/Caddyfile"
when: vite_api_url != ""

- name: Deploy Ballerine up locally
shell: docker-compose -f docker-compose-build.yml up -d
args:
chdir: "{{ install_dir }}/deploy"
when: vite_api_url == ""

- name: Deploy Ballerine up remote
shell: docker-compose -f docker-compose-build-https.yml up -d
args:
chdir: "{{ install_dir }}/deploy"
when: vite_api_url != ""
when: vite_api_url != ""
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a newline at the end of the file.

The file is missing a newline at the end, which is a best practice for UNIX files.

-  when: vite_api_url != ""
+  when: vite_api_url != ""

+
Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
when: vite_api_url != ""
when: vite_api_url != ""
Tools
yamllint

[error] 37-37: no new line character at the end of file

(new-line-at-end-of-file)

25 changes: 25 additions & 0 deletions deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/setup-init-config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
---
- name: deploy cloud init config file
template: src=templates/cloud-config.cfg dest=/etc/cloud/cloud.cfg.d/defaults.cfg
become: true

- name: create group ballerine
group: name={{ cloud_user }} state=present
become: true

- name: create user ballerine
user: name={{ cloud_user }} groups={{ cloud_group }}
become: true

- name: create user {{ default_user }}
user: name={{ default_user }} groups={{ cloud_group }}
become: true

- name: add sudoers group for user {{ cloud_user }}
copy:
content: 'ballerine ALL=(ALL) NOPASSWD: ALL'
dest: /etc/sudoers.d/ballerine
mode: 0440
owner: root
group: root
become: true
Comment on lines +1 to +25
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add error handling to tasks.

Consider adding error handling to ensure that tasks succeed and handle failures gracefully.

-  user: name={{ default_user }} groups={{ cloud_group }}
+  user: name={{ default_user }} groups={{ cloud_group }} state=present

Committable suggestion was skipped due to low confidence.

9 changes: 9 additions & 0 deletions deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/setup-user-data.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
- name: setup runtime user data
copy:
src: ../templates/user-data.sh
dest: /var/lib/cloud/scripts/per-instance
mode: 0755
owner: "{{ cloud_user }}"
group: "{{ cloud_group }}"
become: true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a newline character at the end of the file.

YAML files should end with a newline character to avoid issues with certain parsers.

  become: true
+
Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
become: true
become: true
Tools
yamllint

[error] 9-9: no new line character at the end of file

(new-line-at-end-of-file)

11 changes: 11 additions & 0 deletions deploy/ansible/ballerine_playbook/roles/setup-ballerine/templates/boot.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
#!/bin/bash

cd /home/ballerine/ballerine
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add error handling to the cd command to ensure the script exits if the directory change fails.

- cd /home/ballerine/ballerine
+ cd /home/ballerine/ballerine || exit
Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
cd /home/ballerine/ballerine
cd /home/ballerine/ballerine || exit
Tools
Shellcheck

[warning] 3-3: Use 'cd ... || exit' or 'cd ... || return' in case cd fails. (SC2164)


git checkout dev ; git pull

cd /home/ballerine/ballerine/deploy
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ensure the script exits if the directory change fails.

- cd /home/ballerine/ballerine/deploy
+ cd /home/ballerine/ballerine/deploy || exit
Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
cd /home/ballerine/ballerine/deploy
cd /home/ballerine/ballerine/deploy || exit
Tools
Shellcheck

[warning] 7-7: Use 'cd ... || exit' or 'cd ... || return' in case cd fails. (SC2164)


sudo docker-compose -f docker-compose-build.yml pull

sudo docker-compose -f docker-compose-build.yml up -d
5 changes: 5 additions & 0 deletions deploy/ansible/ballerine_playbook/roles/setup-ballerine/templates/cloud-config.cfg
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
#cloud-config
system_info:
default_user:
name: ballerine
lock_passwd: false
17 changes: 17 additions & 0 deletions deploy/ansible/ballerine_playbook/roles/setup-ballerine/templates/init-ssh.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
#!/bin/bash

authorized_keys_path=/home/ballerine/.ssh/authorized_keys
if [[ ! -e "$authorized_keys_path" ]]; then
echo "Setting SSH key"
sudo cp ~/.ssh/authorized_keys "$authorized_keys_path"
sudo chown ballerine:ballerine "$authorized_keys_path"
fi

authorized_keys_ubuntu_path=/home/ubuntu/.ssh/authorized_keys
if [[ ! -e "$authorized_keys_ubuntu_path" ]]; then
echo "Setting SSH key for ubuntu user"
sudo mkdir -p /home/ubuntu/.ssh/
sudo chmod -R 700 /home/ubuntu/.ssh/
sudo cp ~/.ssh/authorized_keys "$authorized_keys_ubuntu_path"
sudo chown -R ubuntu:ballerine /home/ubuntu/.ssh/
fi
Comment on lines +1 to +17
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security Concern: Use caution with sudo and SSH keys.

Using sudo to handle SSH keys can be a security risk. Ensure that this is necessary and consider alternatives if possible.

Best Practice: Check for errors.

Add error checking to ensure that commands succeed.

- sudo cp ~/.ssh/authorized_keys "$authorized_keys_path"
+ if ! sudo cp ~/.ssh/authorized_keys "$authorized_keys_path"; then
+   echo "Failed to copy authorized_keys" >&2
+   exit 1
+ fi

Committable suggestion was skipped due to low confidence.

8 changes: 8 additions & 0 deletions deploy/ansible/ballerine_playbook/roles/setup-ballerine/templates/user-data.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
#!/bin/bash

default_user_name="[email protected]"
default_user_password=admin
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security Concern: Quote the password assignment.

Use quotes to assign the password to avoid potential issues.

- default_user_password=admin
+ default_user_password="admin"
Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
default_user_password=admin
default_user_password="admin"
Tools
Shellcheck

[warning] 4-4: Use var=$(command) to assign output (or quote to assign string).

(SC2209)


echo "${default_user_name}:${default_user_password}" > /home/ballerine/ballerine/credential

echo -e "\n***************************************************\n* Default username : $default_user_name *\n* Default password : $default_user_password *\n***************************************************\n" >/dev/console
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security Concern: Avoid displaying credentials on the console.

Displaying credentials on the console is a security risk. Consider removing this or using secure methods to handle credentials.

- echo -e "\n***************************************************\n*     Default username : $default_user_name     *\n*     Default password : $default_user_password            *\n***************************************************\n" >/dev/console
+ # echo -e "\n***************************************************\n*     Default username : $default_user_name     *\n*     Default password : $default_user_password            *\n***************************************************\n" >/dev/console
Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
echo -e "\n***************************************************\n* Default username : $default_user_name *\n* Default password : $default_user_password *\n***************************************************\n" >/dev/console
# echo -e "\n***************************************************\n* Default username : $default_user_name *\n* Default password : $default_user_password *\n***************************************************\n" >/dev/console

5 changes: 5 additions & 0 deletions deploy/aws_ami/defaults.cfg
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
#cloud-config
system_info:
default_user:
name: ballerine
lock_passwd: false
62 changes: 62 additions & 0 deletions deploy/aws_ami/template.json.pkr.hcl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
# Configuration - AWS base image
variable "base_ami" {
type = string
default = "ami-01e444924a2233b07" # Ubuntu 22.04.2 LTS
}

# Configuration - AWS provisioning instance type
variable "instance_type" {
type = string
default = "t2.micro"
}

# Configuration - AWS subnet
variable "subnet_id" {
type = string
default = "subnet-01d1b883a41235506"
}

# Configuration - AWS VPC
variable "vpc_id" {
type = string
default = "vpc-0ed0113663b1fbf40"
}


# "timestamp" template function replacement
locals { timestamp = regex_replace(timestamp(), "[- TZ:]", "") }

# Variable - AMI naming
locals {
image_name = "ballerine-marketplace-snapshot-${local.timestamp}"
}

# Builder - Provision AWS instance
source "amazon-ebs" "ballerine-aws-ami" {
ami_name = "ballerine-ami-${local.timestamp}"
instance_type = "${var.instance_type}"
launch_block_device_mappings {
delete_on_termination = true
device_name = "/dev/sda1"
volume_size = 25
volume_type = "gp2"
}
region = "eu-central-1"
source_ami = "${var.base_ami}"
ssh_username = "ballerine"
subnet_id = "${var.subnet_id}"
vpc_id = "${var.vpc_id}"
skip_create_ami = false
user_data_file = "./defaults.cfg"
}

# Provisioning - Setup Ballerine
build {
sources = ["source.amazon-ebs.ballerine-aws-ami"]

provisioner "ansible" {
user = "ballerine"
playbook_file = "../ansible/ballerine_playbook/ballerine-playbook.yml"
extra_arguments = ["--skip-tags", "deploy"]
}
}
Loading