From fc858d2f93ea01dc366a01ad63cae79f7e5dacbf Mon Sep 17 00:00:00 2001 From: "tom@codemonauts.com" Date: Fri, 23 Feb 2024 08:25:44 +0100 Subject: [PATCH] migrate to ansible --- .ansible-lint | 2 +- .gitignore | 1 + base.yaml | 8 ++++++- packer.pkr.hcl | 4 ++++ roles/aws_codedeploy/tasks/main.yaml | 33 ++++++++++++++++++++++++++++ roles/aws_ssm/tasks/main.yaml | 21 ++++++++++++++++++ roles/common/tasks/main.yaml | 5 +++-- roles/security/tasks/main.yaml | 9 ++++++++ roles/useraccounts/tasks/main.yaml | 8 ------- 9 files changed, 79 insertions(+), 12 deletions(-) create mode 100644 roles/aws_codedeploy/tasks/main.yaml create mode 100644 roles/aws_ssm/tasks/main.yaml create mode 100644 roles/security/tasks/main.yaml diff --git a/.ansible-lint b/.ansible-lint index 5df75e6..bebfc3f 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,4 +1,4 @@ exclude_paths: - .github/ skip_list: - - risky-file-permissions \ No newline at end of file + - risky-file-permissions diff --git a/.gitignore b/.gitignore index 9b42106..5d3ac87 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ .direnv/ +.vscode/ diff --git a/base.yaml b/base.yaml index 458c934..6383526 100644 --- a/base.yaml +++ b/base.yaml @@ -1,5 +1,8 @@ --- -- name: Base server AMI + +# Create a server base AMI + +- name: Server base AMI hosts: 127.0.0.1 connection: local become: true @@ -7,3 +10,6 @@ - common - unattended_upgrades - useraccounts + - aws_ssm + - aws_codedeploy + - security diff --git a/packer.pkr.hcl b/packer.pkr.hcl index fef2aa8..88b7d8f 100644 --- a/packer.pkr.hcl +++ b/packer.pkr.hcl @@ -12,6 +12,10 @@ packer { version = ">= 1.2.0" source = "github.com/wata727/amazon-ami-management" } + ansible = { + source = "github.com/hashicorp/ansible" + version = "~> 1" + } } } diff --git a/roles/aws_codedeploy/tasks/main.yaml b/roles/aws_codedeploy/tasks/main.yaml new file mode 100644 index 0000000..d39be30 --- /dev/null +++ b/roles/aws_codedeploy/tasks/main.yaml @@ -0,0 +1,33 @@ +--- + +# Install current AWS Codedeploy agent + +- name: Install Codedeploy agent dependencys + ansible.builtin.apt: + name: + - ruby + - gdebi-core + +- name: Copy install package + ansible.builtin.get_url: + url: https://aws-codedeploy-eu-central-1.s3.amazonaws.com/latest/install + dest: /tmp/codedeploy-installer + owner: root + group: root + mode: '0755' + +- name: Install Codedeploy agent + ansible.builtin.command: /tmp/codedeploy-installer auto + changed_when: true + +- name: Keep less Codedeploy revisions + ansible.builtin.lineinfile: + path: /etc/codedeploy-agent/conf/codedeployagent.yml + regexp: '^:max_revisions' + line: ':max_revisions: 1' + +- name: Enable Codedeploy agent service + ansible.builtin.systemd: + name: codedeploy-agent + enabled: true + masked: false diff --git a/roles/aws_ssm/tasks/main.yaml b/roles/aws_ssm/tasks/main.yaml new file mode 100644 index 0000000..c64500a --- /dev/null +++ b/roles/aws_ssm/tasks/main.yaml @@ -0,0 +1,21 @@ +--- + +# Install AWS SSM agent + +- name: SSM agent install package for arm64 architecture + ansible.builtin.apt: + deb: https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_arm64/amazon-ssm-agent.deb + when: + - ansible_facts['architecture'] == "aarch64" + +- name: SSM agent install package for x86_64 architecture + ansible.builtin.apt: + deb: https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_amd64/amazon-ssm-agent.deb + when: + - ansible_facts['architecture'] == "x86_64" + +- name: Enable SSM agent service + ansible.builtin.systemd: + name: amazon-ssm-agent + enabled: true + masked: false diff --git a/roles/common/tasks/main.yaml b/roles/common/tasks/main.yaml index a4b9b76..d4bcdbd 100644 --- a/roles/common/tasks/main.yaml +++ b/roles/common/tasks/main.yaml @@ -44,8 +44,9 @@ group: root mode: '0644' -- name: Generate locales for en_US and de_DE - ansible.builtin.shell: locale-gen +- name: Generate locales for en_US and de_DE + ansible.builtin.command: locale-gen + changed_when: true # Install AWS CLI diff --git a/roles/security/tasks/main.yaml b/roles/security/tasks/main.yaml new file mode 100644 index 0000000..cdcada1 --- /dev/null +++ b/roles/security/tasks/main.yaml @@ -0,0 +1,9 @@ +--- + +# Disable standard ubuntu user + +- name: Disable Ubuntu default user + ansible.builtin.user: + name: ubuntu + password: "!" + expires: 1 diff --git a/roles/useraccounts/tasks/main.yaml b/roles/useraccounts/tasks/main.yaml index bc8fe79..a9afbeb 100644 --- a/roles/useraccounts/tasks/main.yaml +++ b/roles/useraccounts/tasks/main.yaml @@ -45,11 +45,3 @@ owner: root group: root mode: '0440' - -# Disable standard ubuntu user - -- name: Create user and homedir - ansible.builtin.user: - name: ubuntu - password: "!" - expires: 1