From 334fb24590dfbfe84b7eac1e64e56f1e9f4b3ea5 Mon Sep 17 00:00:00 2001 From: Greg O <84852800+GrzesiekO@users.noreply.github.com> Date: Fri, 12 Jul 2024 14:53:50 +0200 Subject: [PATCH] =?UTF-8?q?feat(packer):=20switch=20AMI=20from=20Rocky=20L?= =?UTF-8?q?inux=20to=20Amazon=20Linux=202023=20and=20up=E2=80=A6=20(#141)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../perforce/helix-core/p4_configure.sh | 26 +++++- assets/packer/perforce/helix-core/p4_setup.sh | 86 ++++++------------- .../perforce/helix-core/perforce.pkr.hcl | 40 +++------ 3 files changed, 67 insertions(+), 85 deletions(-) diff --git a/assets/packer/perforce/helix-core/p4_configure.sh b/assets/packer/perforce/helix-core/p4_configure.sh index b75fb88..e69397f 100644 --- a/assets/packer/perforce/helix-core/p4_configure.sh +++ b/assets/packer/perforce/helix-core/p4_configure.sh @@ -31,6 +31,30 @@ resolve_aws_secret() { echo $result } + +# wait for p4d_1 service + +wait_for_service() { + local service_name=$1 + local max_attempts=10 + local attempt=1 + + while [ $attempt -le $max_attempts ]; do + log_message "Waiting for $service_name to start... Attempt $attempt of $max_attempts." + systemctl is-active --quiet $service_name && break + sleep 1 + ((attempt++)) + done + + if [ $attempt -gt $max_attempts ]; then + log_message "Service $service_name did not start within the expected time." + return 1 + fi + + log_message "Service $service_name started successfully." + return 0 +} + # Setup Helix Authentication Extension setup_helix_auth() { local p4port=$1 @@ -245,7 +269,7 @@ fi FILE_PATH="/p4/ssl/config.txt" # Retrieve the EC2 instance DNS name -if [-z $7]; then +if [ -z $7 ]; then log_message "FQDN was not provided. Retrieving from EC2 metadata." EC2_DNS_NAME=$(curl -s http://169.254.169.254/latest/meta-data/public-hostname --header "X-aws-ec2-metadata-token: $TOKEN") else diff --git a/assets/packer/perforce/helix-core/p4_setup.sh b/assets/packer/perforce/helix-core/p4_setup.sh index ebb2bf0..21f4519 100644 --- a/assets/packer/perforce/helix-core/p4_setup.sh +++ b/assets/packer/perforce/helix-core/p4_setup.sh @@ -8,17 +8,6 @@ log_message() { echo "$(date) - $1" >> $LOG_FILE } -# Known things to be fixed: -# 1. Add function to validate dirs and files isnsted of calling it multiple times. - DONE -# 2. Fix variable names -# 3. Validate values passed to functions -# 4. Error handling (distro check) - this works for rhel based with dnf -# 5. Move hardcoded paths/names to a config file -# 6. Add a log - DONE -# 7. Split the script into two: one for p4 copy of necessary files and second to run mkdirs cfg to setup replica. make te second setup also a one timer that mounts basic dirs /hxlogs /hxmetadata /hxdepots - DONE -# 8. Install s-nail and sendmail from dnf that provides with "mail" command otherwise daily checkpoint script fails. -# 9. Add nfs-utils package - # Constants ROOT_UID=0 @@ -32,32 +21,19 @@ fi # Set local variables SDP_Root=/hxdepots/sdp/helix_binaries SDP=/hxdepots/sdp -PACKAGE="policycoreutils-python-utils sendmail nfs-utils s-nail" # Required in both - - -# Check if SELinux is enabled, we need to relabel the service post installation otherwise it will not start p4d - -SELINUX_STATUS=$(getenforce) - - - - -if [ "$SELINUX_STATUS" = "Enforcing" ] || [ "$SELINUX_STATUS" = "Permissive" ]; then - log_message "SELinux is enabled." - if ! dnf list installed "$PACKAGE" &> /dev/null; then - log_message "Package $PACKAGE is not installed. Installing..." - sudo dnf install -y $PACKAGE - if [ $? -eq 0 ]; then - log_message "$PACKAGE installed successfully." - else - log_message "Failed to install $PACKAGE." - fi +PACKAGE="policycoreutils-python-utils" # Required in both + +# Function to check SELinux status +check_selinux_status() { + SELINUX_STATUS=$(getenforce) + if [ "$SELINUX_STATUS" = "Enforcing" ] || [ "$SELINUX_STATUS" = "Permissive" ]; then + log_message "SELinux is enabled." + return 0 # Return 0 for enabled else - log_message "Package $PACKAGE is already installed." + log_message "SELinux is not enabled." + return 1 # Return 1 for disabled fi -else - log_message "SELinux is not enabled. Skipping package installation." -fi +} # Function to check if a group exists group_exists() { @@ -74,30 +50,24 @@ directory_exists() { [ -d "$1" ] } -# Function to wait for a service to start -wait_for_service() { - local service_name=$1 - local max_attempts=10 - local attempt=1 - - while [ $attempt -le $max_attempts ]; do - log_message "Waiting for $service_name to start... Attempt $attempt of $max_attempts." - systemctl is-active --quiet $service_name && break - sleep 1 - ((attempt++)) - done - - if [ $attempt -gt $max_attempts ]; then - log_message "Service $service_name did not start within the expected time." - return 1 - fi - - log_message "Service $service_name started successfully." - return 0 -} - log_message "Installing Perforce" -# dnf update -y skipping this for now as it prolongs the AMI build and can be called post launch. + +# Check if SELinux is enabled +if check_selinux_status; then + if ! dnf list installed "$PACKAGE" &> /dev/null; then + log_message "Package $PACKAGE is not installed. Installing..." + sudo dnf install -y $PACKAGE + if [ $? -eq 0 ]; then + log_message "$PACKAGE installed successfully." + else + log_message "Failed to install $PACKAGE." + fi + else + log_message "Package $PACKAGE is already installed." + fi +else + log_message "SELinux is not enabled. Skipping package installation." +fi # Check if group 'perforce' exists, if not, add it if ! group_exists perforce; then diff --git a/assets/packer/perforce/helix-core/perforce.pkr.hcl b/assets/packer/perforce/helix-core/perforce.pkr.hcl index 188bdb4..bb12732 100644 --- a/assets/packer/perforce/helix-core/perforce.pkr.hcl +++ b/assets/packer/perforce/helix-core/perforce.pkr.hcl @@ -9,7 +9,7 @@ packer { locals { timestamp = regex_replace(timestamp(), "[- TZ:]", "") - ami_prefix = "p4_rocky_linux" + ami_prefix = "p4_al2023" } variable "region" { @@ -37,7 +37,7 @@ variable "ssh_interface" { default = "public_ip" } -source "amazon-ebs" "rocky" { +source "amazon-ebs" "al2023" { region = var.region ami_name = "${local.ami_prefix}-${local.timestamp}" instance_type = "t3.medium" @@ -50,26 +50,27 @@ source "amazon-ebs" "rocky" { source_ami_filter { filters = { - name = "Rocky-9-EC2-Base-9.2-20230513.0.x86_64*" + name = "al2023-ami-2023.5.*" + architecture = "x86_64" root-device-type = "ebs" virtualization-type = "hvm" } most_recent = true - owners = ["679593333241"] + owners = ["amazon"] } - ssh_username = "rocky" + ssh_username = "ec2-user" } build { name = "P4_SDP_AWS" sources = [ - "source.amazon-ebs.rocky" + "source.amazon-ebs.al2023" ] provisioner "shell" { inline = [ - "sudo dnf install -y git" + "sudo dnf install -y git sendmail nfs-utils s-nail unzip cronie" ] } @@ -80,30 +81,17 @@ build { provisioner "file" { source = "p4_configure.sh" - destination = "/home/rocky/p4_configure.sh" + destination = "/tmp/p4_configure.sh" } provisioner "shell" { - inline = ["chmod +x /home/rocky/p4_configure.sh"] - } - - # Install Amazon SSM Agent - provisioner "shell" { - inline = [ - "sudo dnf install -y https://s3.${var.region}.amazonaws.com/amazon-ssm-${var.region}/latest/linux_amd64/amazon-ssm-agent.rpm", - "sudo systemctl enable amazon-ssm-agent" + inline = ["mkdir -p /home/ec2-user/gpic_scripts", + "sudo mv /tmp/p4_configure.sh /home/ec2-user/gpic_scripts" ] } - # Install AWS CLI - provisioner "shell" { - inline = [ - <<-EOF - sudo dnf install -y unzip - curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" - unzip awscliv2.zip - sudo ./aws/install - EOF - ] + provisioner "shell" { + inline = ["sudo chmod +x /home/ec2-user/gpic_scripts/p4_configure.sh"] } + }