diff --git a/.github/workflows/nightly_sonar_poc_basic_cli.yml b/.github/workflows/nightly_sonar_poc_basic_cli.yml index 008c41b8f..57e0cb55d 100644 --- a/.github/workflows/nightly_sonar_poc_basic_cli.yml +++ b/.github/workflows/nightly_sonar_poc_basic_cli.yml @@ -143,7 +143,7 @@ jobs: # Test the ssh connectivity to the Hub and GW, it checks both of them because the connection to the GW is allowed from the Hub only via proxy - name: Check SSH Connectivity - Hub & GW - uses: appleboy/ssh-action@v0.1.6 + uses: appleboy/ssh-action@v1.0.0 with: proxy_host: ${{ env.hub_ip }} proxy_username: ec2-user @@ -156,7 +156,7 @@ jobs: script: ip addr | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v '127.0.0.1' - name: Check Aduit data - uses: appleboy/ssh-action@v0.1.6 + uses: appleboy/ssh-action@v1.0.0 id: test_audit with: host: ${{ env.hub_ip }} diff --git a/.github/workflows/run_test.yml b/.github/workflows/run_test.yml index c393af031..dec6bf07f 100644 --- a/.github/workflows/run_test.yml +++ b/.github/workflows/run_test.yml @@ -13,6 +13,7 @@ env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_STAGE }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }} JUMP_SERVER_KEY: ${{ secrets.JUMP_SERVER_KEY }} + TF_WORKSPACE: single_account permissions: contents: read @@ -40,20 +41,17 @@ jobs: shell: bash steps: - # Checkout the repository to the GitHub Actions runner - - name: Checkout - uses: actions/checkout@v3 - with: - ref: dev - - name: ls - run: ls -l - - - name: Collect Artifacts - uses: actions/upload-artifact@v2 + # Checkout the repository to the GitHub Actions runner + - name: Test connection + uses: appleboy/ssh-action@v1.0.0 with: - name: collected-keys - path: | - README.md - ./permissions_samples + host: 54.179.25.83 + username: ec2-user + key: ${{ env.JUMP_SERVER_KEY }} + port: 22 + command_timeout: "2h" + envs: EXAMPLE_DIR,TF_WORKSPACE + script: | + echo "ws: $TF_WORKSPACE, dir: $EXAMPLE_DIR" diff --git a/.github/workflows/sonar_poc_cli.yml b/.github/workflows/sonar_poc_cli.yml index 528db6742..44ad2a2a6 100644 --- a/.github/workflows/sonar_poc_cli.yml +++ b/.github/workflows/sonar_poc_cli.yml @@ -193,7 +193,7 @@ jobs: # Test the ssh connectivity to the Hub and GW, it checks both of them because the connection to the GW is allowed from the Hub only via proxy - name: Check SSH Connectivity - uses: appleboy/ssh-action@v0.1.6 + uses: appleboy/ssh-action@v1.0.0 with: proxy_host: ${{ env.hub_ip }} proxy_username: ec2-user diff --git a/.github/workflows/sonar_single_account_cli.yml b/.github/workflows/sonar_single_account_cli.yml index e5ddfaca8..1cfb18ba7 100644 --- a/.github/workflows/sonar_single_account_cli.yml +++ b/.github/workflows/sonar_single_account_cli.yml @@ -33,6 +33,7 @@ env: AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }} JUMP_SERVER_KEY: ${{ secrets.JUMP_SERVER_KEY }} AWS_REGION: ap-southeast-1 + TF_WORKSPACE: single_account permissions: contents: read @@ -84,19 +85,20 @@ jobs: find ./examples/ -type f -exec sed -i -f sed.expr {} \; - name: Cleaning environment - uses: appleboy/ssh-action@v0.1.8 + continue-on-error: true + uses: appleboy/ssh-action@v1.0.0 with: host: 54.179.25.83 username: ec2-user key: ${{ env.JUMP_SERVER_KEY }} port: 22 command_timeout: "2h" - envs: REMOTE_EXAMPLE_DIR + envs: REMOTE_EXAMPLE_DIR,TF_WORKSPACE script: | terraform -chdir=$REMOTE_EXAMPLE_DIR destroy -auto-approve - name: Delete Old Environment - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v1.0.0 with: host: 54.179.25.83 username: ec2-user @@ -153,7 +155,7 @@ jobs: overwrite: true - name: Unzip - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v1.0.0 with: host: 54.179.25.83 username: ec2-user @@ -167,67 +169,67 @@ jobs: # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. - name: Terraform Init - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v1.0.0 with: host: 54.179.25.83 username: ec2-user key: ${{ env.JUMP_SERVER_KEY }} port: 22 command_timeout: "2h" - envs: REMOTE_EXAMPLE_DIR + envs: REMOTE_EXAMPLE_DIR,TF_WORKSPACE script: terraform -chdir=$REMOTE_EXAMPLE_DIR init - name: Terraform Validate - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v1.0.0 with: host: 54.179.25.83 username: ec2-user key: ${{ env.JUMP_SERVER_KEY }} port: 22 command_timeout: "2h" - envs: REMOTE_EXAMPLE_DIR + envs: REMOTE_EXAMPLE_DIR,TF_WORKSPACE script: terraform -chdir=$REMOTE_EXAMPLE_DIR validate # Generates an execution plan for Terraform - name: Terraform Plan - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v1.0.0 with: host: 54.179.25.83 username: ec2-user key: ${{ env.JUMP_SERVER_KEY }} port: 22 command_timeout: "2h" - envs: REMOTE_EXAMPLE_DIR + envs: REMOTE_EXAMPLE_DIR,TF_WORKSPACE script: | printenv terraform -chdir=$REMOTE_EXAMPLE_DIR plan - name: Terraform Apply - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v1.0.0 with: host: 54.179.25.83 username: ec2-user key: ${{ env.JUMP_SERVER_KEY }} port: 22 command_timeout: "2h" - envs: REMOTE_EXAMPLE_DIR + envs: REMOTE_EXAMPLE_DIR,TF_WORKSPACE script: terraform -chdir=$REMOTE_EXAMPLE_DIR apply -auto-approve - name: Terraform Output if: always() - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v1.0.0 with: host: 54.179.25.83 username: ec2-user key: ${{ env.JUMP_SERVER_KEY }} port: 22 command_timeout: "2h" - envs: REMOTE_EXAMPLE_DIR + envs: REMOTE_EXAMPLE_DIR,TF_WORKSPACE script: terraform -chdir=$REMOTE_EXAMPLE_DIR output -json - name: Terraform Destroy # if: always() - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v1.0.0 id: test_audit with: host: 54.179.25.83 @@ -235,7 +237,7 @@ jobs: key: ${{ env.JUMP_SERVER_KEY }} port: 22 command_timeout: "2h" - envs: REMOTE_EXAMPLE_DIR + envs: REMOTE_EXAMPLE_DIR,TF_WORKSPACE script: terraform -chdir=$REMOTE_EXAMPLE_DIR destroy -auto-approve - name: Delete Security Group diff --git a/examples/installation/dsf_single_account_deployment/dam.tf b/examples/installation/dsf_single_account_deployment/dam.tf index c44252097..cc9480455 100644 --- a/examples/installation/dsf_single_account_deployment/dam.tf +++ b/examples/installation/dsf_single_account_deployment/dam.tf @@ -55,7 +55,7 @@ module "agent_gw" { instance_profile_name = var.agent_gw_instance_profile_name management_server_host_for_registration = module.mx[0].private_ip - management_server_host_for_api_access = module.mx[0].public_ip + management_server_host_for_api_access = coalesce(module.mx[0].public_ip, module.mx[0].private_ip) large_scale_mode = var.large_scale_mode.agent_gw gateway_group_name = local.gateway_group_name tags = local.tags @@ -72,7 +72,7 @@ module "agent_gw_cluster_setup" { cluster_name = var.cluster_name != null ? var.cluster_name : join("-", [local.deployment_name_salted, "agent", "gw", "cluster"]) gateway_group_name = local.gateway_group_name mx_details = { - address = module.mx[0].public_ip + address = coalesce(module.mx[0].public_ip, module.mx[0].private_ip) port = 8083 user = module.mx[0].web_console_user password = local.password diff --git a/modules/aws/dam-base-instance/main.tf b/modules/aws/dam-base-instance/main.tf index 6f2b49b9a..82df73a92 100644 --- a/modules/aws/dam-base-instance/main.tf +++ b/modules/aws/dam-base-instance/main.tf @@ -1,6 +1,6 @@ locals { - public_ip = var.attach_persistent_public_ip ? aws_eip.dsf_instance_eip[0].public_ip : aws_instance.dsf_base_instance.public_ip - public_dns = var.attach_persistent_public_ip ? aws_eip.dsf_instance_eip[0].public_dns : aws_instance.dsf_base_instance.public_dns + public_ip = var.attach_persistent_public_ip ? aws_eip.dsf_instance_eip[0].public_ip : (aws_instance.dsf_base_instance.public_ip == "" ? null : aws_instance.dsf_base_instance.public_ip) + public_dns = var.attach_persistent_public_ip ? aws_eip.dsf_instance_eip[0].public_dns : (aws_instance.dsf_base_instance.public_dns == "" ? null : aws_instance.dsf_base_instance.public_dns) private_ip = length(aws_network_interface.eni.private_ips) > 0 ? tolist(aws_network_interface.eni.private_ips)[0] : null security_group_ids = concat(