-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathpentestportal_cloud_init.tf
106 lines (97 loc) · 4.03 KB
/
pentestportal_cloud_init.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
# cloud-init commands for configuring Pentest Portal instances
data "cloudinit_config" "pentestportal_cloud_init_tasks" {
count = lookup(var.operations_instance_counts, "pentestportal", 0)
base64_encode = true
gzip = true
# Note: The filename parameters in each part below are only used to
# name the mime-parts of the user-data. They do not affect the
# final name for the templates. For any x-shellscript parts, the
# filenames will also be used as a filename in the scripts
# directory.
# Set the local hostname.
#
# We need to go ahead and set the local hostname to the correct
# value that will eventually be obtained from DHCP, since we make
# liberal use of the "{local_hostname}" placeholder in our AWS
# CloudWatch Agent configuration.
part {
content = templatefile(
"${path.module}/cloud-init/set-hostname.tpl.yml", {
# Note that the hostname here is identical to what is set in
# the corresponding DNS A record.
fqdn = "pentestportal${count.index + 1}.${aws_route53_zone.assessment_private.name}"
hostname = "pentestportal${count.index + 1}"
})
content_type = "text/cloud-config"
filename = "set-hostname.yml"
merge_type = "list(append)+dict(recurse_array)+str()"
}
# TODO: Remove the following two parts when and if that becomes
# possible. See #234 for more details.
# Fix the DHCP options in the Canonical Netplan configuration
# created by cloud-init.
#
# The issue is that Netplan uses a default of false for
# dhcp4-overrides.use-domains, and cloud-init does not explicitly
# set this key or provide any way to do so.
#
# See these issues for more details:
# - cisagov/skeleton-packer#300
# - canonical/cloud-init#4764
part {
content = templatefile(
"${path.module}/cloud-init/fix-dhcp.tpl.py", {
netplan_config = "/etc/netplan/50-cloud-init.yaml"
})
content_type = "text/x-shellscript"
filename = "fix-dhcp.py"
merge_type = "list(append)+dict(recurse_array)+str()"
}
# Now that the DHCP options in the Canonical Netplan configuration
# created by cloud-init have been fixed, reapply the Netplan
# configuration.
#
# The issue is that Netplan uses a default of false for
# dhcp4-overrides.use-domains, and cloud-init does not explicitly
# set this key or provide any way to do so.
#
# See these issues for more details:
# - cisagov/skeleton-packer#300
# - canonical/cloud-init#4764
part {
content = file("${path.module}/cloud-init/fix-dhcp.yml")
content_type = "text/cloud-config"
filename = "fix-dhcp.yml"
merge_type = "list(append)+dict(recurse_array)+str()"
}
# Create an fstab entry for the EFS share
part {
content = templatefile(
"${path.module}/cloud-init/efs-mount.tpl.yml", {
# Use the access point that corresponds with the EFS mount target used
efs_ap_id = aws_efs_access_point.access_point[var.private_subnet_cidr_blocks[0]].id
# Just mount the EFS mount target in the first private subnet
efs_id = aws_efs_mount_target.target[var.private_subnet_cidr_blocks[0]].file_system_id
group = var.efs_users_group_name
mount_point = "/share"
owner = data.aws_ssm_parameter.vnc_username.value
})
content_type = "text/cloud-config"
filename = "efs_mount.yml"
merge_type = "list(append)+dict(recurse_array)+str()"
}
# This shell script loops until the EFS share is mounted. We do
# make the instance depend on the EFS share in the Terraform code,
# but it is still possible for an instance to boot up without
# mounting the share. See this issue comment for more details:
# https://github.com/cisagov/cool-assessment-terraform/issues/85#issuecomment-754052796
part {
content = templatefile(
"${path.module}/cloud-init/mount-efs-share.tpl.sh", {
mount_point = "/share"
})
content_type = "text/x-shellscript"
filename = "mount-efs-share.sh"
merge_type = "list(append)+dict(recurse_array)+str()"
}
}