From e60150b5572186a423aab7b54895463fb8982f53 Mon Sep 17 00:00:00 2001 From: "assaf.cohen" Date: Thu, 12 Oct 2023 17:06:21 +0300 Subject: [PATCH 1/6] Allow user to set a custom Sonar base directory. The user can also set it to null. https://onejira.imperva.com/browse/EDSF-424 --- examples/poc/sonar_hadr_deployment/main.tf | 4 ++++ .../poc/sonar_hadr_deployment/variables.tf | 6 ++++++ modules/aws/agentless-gw/main.tf | 1 + modules/aws/agentless-gw/variables.tf | 8 ++++++- modules/aws/hub/main.tf | 3 ++- modules/aws/hub/variables.tf | 8 ++++++- modules/aws/sonar-base-instance/setup.tftpl | 21 ++++++++++++------- modules/aws/sonar-base-instance/userdata.tf | 1 + modules/aws/sonar-base-instance/variables.tf | 8 ++++++- 9 files changed, 49 insertions(+), 11 deletions(-) diff --git a/examples/poc/sonar_hadr_deployment/main.tf b/examples/poc/sonar_hadr_deployment/main.tf index 8337afe0c..822261724 100644 --- a/examples/poc/sonar_hadr_deployment/main.tf +++ b/examples/poc/sonar_hadr_deployment/main.tf @@ -106,6 +106,7 @@ module "hub_main" { allowed_hub_cidrs = [data.aws_subnet.dr_hub.cidr_block] allowed_agentless_gw_cidrs = [data.aws_subnet.main_gw.cidr_block, data.aws_subnet.dr_gw.cidr_block] allowed_all_cidrs = local.workstation_cidr + base_directory = var.sonar_machine_base_directory tags = local.tags depends_on = [ module.vpc @@ -135,6 +136,7 @@ module "hub_dr" { allowed_hub_cidrs = [data.aws_subnet.main_hub.cidr_block] allowed_agentless_gw_cidrs = [data.aws_subnet.main_gw.cidr_block, data.aws_subnet.dr_gw.cidr_block] allowed_all_cidrs = local.workstation_cidr + base_directory = var.sonar_machine_base_directory tags = local.tags depends_on = [ module.vpc @@ -165,6 +167,7 @@ module "agentless_gw_main" { proxy_private_ssh_key_path = module.key_pair.private_key_file_path proxy_ssh_user = module.hub_main.ssh_user } + base_directory = var.sonar_machine_base_directory tags = local.tags depends_on = [ module.vpc @@ -198,6 +201,7 @@ module "agentless_gw_dr" { proxy_private_ssh_key_path = module.key_pair.private_key_file_path proxy_ssh_user = module.hub_main.ssh_user } + base_directory = var.sonar_machine_base_directory tags = local.tags depends_on = [ module.vpc diff --git a/examples/poc/sonar_hadr_deployment/variables.tf b/examples/poc/sonar_hadr_deployment/variables.tf index 498259c2b..e83c92fee 100644 --- a/examples/poc/sonar_hadr_deployment/variables.tf +++ b/examples/poc/sonar_hadr_deployment/variables.tf @@ -153,3 +153,9 @@ variable "db_types_to_onboard" { error_message = "Valid values should contain at least one of the following: 'RDS MySQL', 'RDS MsSQL'." } } + +variable "sonar_machine_base_directory" { + type = string + default = "/imperva" + description = "The base directory where all Sonar related directories will be installed" +} diff --git a/modules/aws/agentless-gw/main.tf b/modules/aws/agentless-gw/main.tf index 9a4445627..017491bd3 100644 --- a/modules/aws/agentless-gw/main.tf +++ b/modules/aws/agentless-gw/main.tf @@ -59,4 +59,5 @@ module "gw_instance" { sonarw_public_key_content = var.sonarw_public_key_content volume_attachment_device_name = var.volume_attachment_device_name tags = var.tags + base_directory = var.base_directory } diff --git a/modules/aws/agentless-gw/variables.tf b/modules/aws/agentless-gw/variables.tf index d1f2632b7..79ef2d78a 100644 --- a/modules/aws/agentless-gw/variables.tf +++ b/modules/aws/agentless-gw/variables.tf @@ -236,4 +236,10 @@ variable "volume_attachment_device_name" { type = string default = null description = "The device name to expose to the instance for the ebs volume. Keep null if you have no preference" -} \ No newline at end of file +} + +variable "base_directory" { + type = string + default = "/imperva" + description = "The base directory where all Sonar related directories will be installed" +} diff --git a/modules/aws/hub/main.tf b/modules/aws/hub/main.tf index e61f85e19..0e223a6f0 100644 --- a/modules/aws/hub/main.tf +++ b/modules/aws/hub/main.tf @@ -68,4 +68,5 @@ module "hub_instance" { sonarw_public_key_content = var.sonarw_public_key_content volume_attachment_device_name = var.volume_attachment_device_name tags = var.tags -} \ No newline at end of file + base_directory = var.base_directory +} diff --git a/modules/aws/hub/variables.tf b/modules/aws/hub/variables.tf index dedcce719..c873d1f3d 100644 --- a/modules/aws/hub/variables.tf +++ b/modules/aws/hub/variables.tf @@ -285,4 +285,10 @@ variable "volume_attachment_device_name" { type = string default = null description = "The device name to expose to the instance for the ebs volume. Keep null if you have no preference" -} \ No newline at end of file +} + +variable "base_directory" { + type = string + default = "/imperva" + description = "The base directory where all Sonar related directories will be installed" +} diff --git a/modules/aws/sonar-base-instance/setup.tftpl b/modules/aws/sonar-base-instance/setup.tftpl index aa5040618..b5ade92f4 100644 --- a/modules/aws/sonar-base-instance/setup.tftpl +++ b/modules/aws/sonar-base-instance/setup.tftpl @@ -134,7 +134,7 @@ function attach_disk() { echo "/dev/$DEVICE is not lvm memeber (\"$FS\"). Formatting it..." create_lvm /dev/$DEVICE fi - + mount -a } @@ -258,11 +258,18 @@ __EOF__ fi } -STATE_DIR=/imperva -DATA_DIR=$STATE_DIR/data -LOGS_DIR=$STATE_DIR/logs -LOCAL_DIR=$STATE_DIR/local -APPS_DIR=$STATE_DIR/apps +base_directory="${base_directory:-}" +if [ -z "$base_directory" ]; then + DATA_DIR=/data + LOGS_DIR=/logs + LOCAL_DIR=/local + APPS_DIR=/apps +else + DATA_DIR="$base_directory/data" + LOGS_DIR="$base_directory/logs" + LOCAL_DIR="$base_directory/local" + APPS_DIR="$base_directory/apps" +fi install_deps create_users_and_groups @@ -278,4 +285,4 @@ fi set_environment_vars install_ssh_keys -install_access_tokens \ No newline at end of file +install_access_tokens diff --git a/modules/aws/sonar-base-instance/userdata.tf b/modules/aws/sonar-base-instance/userdata.tf index 91ddba1a7..488c7fe64 100644 --- a/modules/aws/sonar-base-instance/userdata.tf +++ b/modules/aws/sonar-base-instance/userdata.tf @@ -20,6 +20,7 @@ locals { jsonar_uuid = random_uuid.jsonar_uuid.result additional_install_parameters = var.additional_install_parameters access_tokens_array = local.access_tokens_array + base_directory = var.base_directory }) } diff --git a/modules/aws/sonar-base-instance/variables.tf b/modules/aws/sonar-base-instance/variables.tf index 1e876bb3e..658ee9c6c 100644 --- a/modules/aws/sonar-base-instance/variables.tf +++ b/modules/aws/sonar-base-instance/variables.tf @@ -213,4 +213,10 @@ variable "volume_attachment_device_name" { type = string default = null description = "The device name to expose to the instance for the ebs volume. Keep null if you have no preference" -} \ No newline at end of file +} + +variable "base_directory" { + type = string + default = "/imperva" + description = "The base directory where all Sonar related directories will be installed" +} From d56d7910819044da842fbe2e5cdd7c8fe3cd7b7e Mon Sep 17 00:00:00 2001 From: "assaf.cohen" Date: Thu, 12 Oct 2023 17:20:08 +0300 Subject: [PATCH 2/6] Fixed interpolation error --- modules/aws/sonar-base-instance/setup.tftpl | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/aws/sonar-base-instance/setup.tftpl b/modules/aws/sonar-base-instance/setup.tftpl index b5ade92f4..745ba18bc 100644 --- a/modules/aws/sonar-base-instance/setup.tftpl +++ b/modules/aws/sonar-base-instance/setup.tftpl @@ -258,7 +258,6 @@ __EOF__ fi } -base_directory="${base_directory:-}" if [ -z "$base_directory" ]; then DATA_DIR=/data LOGS_DIR=/logs From 191ff4d0049957bac607e6e367523e9afdb7a87f Mon Sep 17 00:00:00 2001 From: "assaf.cohen" Date: Sun, 15 Oct 2023 13:40:51 +0300 Subject: [PATCH 3/6] Fixed base directory reference --- modules/aws/sonar-base-instance/setup.tftpl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/aws/sonar-base-instance/setup.tftpl b/modules/aws/sonar-base-instance/setup.tftpl index 745ba18bc..b487f0416 100644 --- a/modules/aws/sonar-base-instance/setup.tftpl +++ b/modules/aws/sonar-base-instance/setup.tftpl @@ -258,16 +258,16 @@ __EOF__ fi } -if [ -z "$base_directory" ]; then +if [ -z "${base_directory}" ]; then DATA_DIR=/data LOGS_DIR=/logs LOCAL_DIR=/local APPS_DIR=/apps else - DATA_DIR="$base_directory/data" - LOGS_DIR="$base_directory/logs" - LOCAL_DIR="$base_directory/local" - APPS_DIR="$base_directory/apps" + DATA_DIR="${base_directory}/data" + LOGS_DIR="${base_directory}/logs" + LOCAL_DIR="${base_directory}/local" + APPS_DIR="${base_directory}/apps" fi install_deps From c91c59de4531b984b8aa094ccdb7608c7dee7faa Mon Sep 17 00:00:00 2001 From: "assaf.cohen" Date: Sun, 15 Oct 2023 17:55:58 +0300 Subject: [PATCH 4/6] Handle a case that the base directory variable is null --- modules/aws/sonar-base-instance/userdata.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/aws/sonar-base-instance/userdata.tf b/modules/aws/sonar-base-instance/userdata.tf index 488c7fe64..95dd625cc 100644 --- a/modules/aws/sonar-base-instance/userdata.tf +++ b/modules/aws/sonar-base-instance/userdata.tf @@ -5,6 +5,7 @@ locals { instance_address = var.use_public_ip ? local.public_ip : local.private_ip display_name = var.name + sonar_base_directory = var.base_directory != null ? var.base_directory : "" script_path = var.terraform_script_path_folder == null ? null : (join("/", [var.terraform_script_path_folder, "terraform_%RAND%.sh"])) install_script = templatefile("${path.module}/setup.tftpl", { @@ -20,7 +21,7 @@ locals { jsonar_uuid = random_uuid.jsonar_uuid.result additional_install_parameters = var.additional_install_parameters access_tokens_array = local.access_tokens_array - base_directory = var.base_directory + base_directory = local.sonar_base_directory }) } From 9d58c03f47a4c6701f74d43cf55b9a0c91ac6223 Mon Sep 17 00:00:00 2001 From: "assaf.cohen" Date: Sun, 15 Oct 2023 18:16:28 +0300 Subject: [PATCH 5/6] Set sonar_machine_base_directory variable to all installation examples --- .../installation/dsf_single_account_deployment/sonar.tf | 4 ++++ .../installation/dsf_single_account_deployment/variables.tf | 6 ++++++ .../installation/sonar_multi_account_deployment/main.tf | 4 ++++ .../sonar_multi_account_deployment/variables.tf | 6 ++++++ .../installation/sonar_single_account_deployment/main.tf | 3 +++ .../sonar_single_account_deployment/variables.tf | 6 ++++++ examples/poc/sonar_hadr_deployment/main.tf | 4 ---- examples/poc/sonar_hadr_deployment/variables.tf | 6 ------ 8 files changed, 29 insertions(+), 10 deletions(-) diff --git a/examples/installation/dsf_single_account_deployment/sonar.tf b/examples/installation/dsf_single_account_deployment/sonar.tf index ce58e72f7..68434811f 100644 --- a/examples/installation/dsf_single_account_deployment/sonar.tf +++ b/examples/installation/dsf_single_account_deployment/sonar.tf @@ -43,6 +43,7 @@ module "hub_main" { sonarw_private_key_secret_name = var.sonarw_hub_private_key_secret_name sonarw_public_key_content = try(trimspace(file(var.sonarw_hub_public_key_file_path)), null) instance_profile_name = var.hub_instance_profile_name + base_directory = var.sonar_machine_base_directory mx_details = var.enable_dam ? [for mx in module.mx : { name = mx.display_name address = coalesce(mx.public_dns, mx.private_dns) @@ -92,6 +93,7 @@ module "hub_dr" { sonarw_private_key_secret_name = var.sonarw_hub_private_key_secret_name sonarw_public_key_content = try(trimspace(file(var.sonarw_hub_public_key_file_path)), null) instance_profile_name = var.hub_instance_profile_name + base_directory = var.sonar_machine_base_directory generate_access_tokens = true tags = local.tags providers = { @@ -156,6 +158,7 @@ module "agentless_gw_main" { sonarw_private_key_secret_name = var.sonarw_gw_private_key_secret_name sonarw_public_key_content = try(trimspace(file(var.sonarw_gw_public_key_file_path)), null) instance_profile_name = var.agentless_gw_instance_profile_name + base_directory = var.sonar_machine_base_directory tags = local.tags providers = { aws = aws.provider-2 @@ -197,6 +200,7 @@ module "agentless_gw_dr" { sonarw_private_key_secret_name = var.sonarw_gw_private_key_secret_name sonarw_public_key_content = try(trimspace(file(var.sonarw_gw_public_key_file_path)), null) instance_profile_name = var.agentless_gw_instance_profile_name + base_directory = var.sonar_machine_base_directory tags = local.tags providers = { aws = aws.provider-2 diff --git a/examples/installation/dsf_single_account_deployment/variables.tf b/examples/installation/dsf_single_account_deployment/variables.tf index fb6225b96..262bbdd0a 100644 --- a/examples/installation/dsf_single_account_deployment/variables.tf +++ b/examples/installation/dsf_single_account_deployment/variables.tf @@ -448,6 +448,12 @@ variable "sonarw_gw_public_key_file_path" { description = "The Agentless Gateway sonarw user public key file path - used for remote Agentless Gateway federation, HADR, etc." } +variable "sonar_machine_base_directory" { + type = string + default = "/imperva" + description = "The base directory where all Sonar related directories will be installed" +} + ############################## #### DAM variables #### ############################## diff --git a/examples/installation/sonar_multi_account_deployment/main.tf b/examples/installation/sonar_multi_account_deployment/main.tf index b41cb4123..c2688557b 100644 --- a/examples/installation/sonar_multi_account_deployment/main.tf +++ b/examples/installation/sonar_multi_account_deployment/main.tf @@ -134,6 +134,7 @@ module "hub_main" { sonarw_private_key_secret_name = var.sonarw_hub_private_key_secret_name sonarw_public_key_content = try(trimspace(file(var.sonarw_hub_public_key_file_path)), null) instance_profile_name = var.hub_instance_profile_name + base_directory = var.sonar_machine_base_directory tags = local.tags providers = { aws = aws.hub-main @@ -173,6 +174,7 @@ module "hub_dr" { sonarw_private_key_secret_name = var.sonarw_hub_private_key_secret_name sonarw_public_key_content = try(trimspace(file(var.sonarw_hub_public_key_file_path)), null) instance_profile_name = var.hub_instance_profile_name + base_directory = var.sonar_machine_base_directory tags = local.tags providers = { aws = aws.hub-dr @@ -210,6 +212,7 @@ module "agentless_gw_main" { sonarw_private_key_secret_name = var.sonarw_gw_private_key_secret_name sonarw_public_key_content = try(trimspace(file(var.sonarw_gw_public_key_file_path)), null) instance_profile_name = var.gw_instance_profile_name + base_directory = var.sonar_machine_base_directory tags = local.tags providers = { aws = aws.gw-main @@ -250,6 +253,7 @@ module "agentless_gw_dr" { sonarw_private_key_secret_name = var.sonarw_gw_private_key_secret_name sonarw_public_key_content = try(trimspace(file(var.sonarw_gw_public_key_file_path)), null) instance_profile_name = var.gw_instance_profile_name + base_directory = var.sonar_machine_base_directory tags = local.tags providers = { aws = aws.gw-dr diff --git a/examples/installation/sonar_multi_account_deployment/variables.tf b/examples/installation/sonar_multi_account_deployment/variables.tf index 37694fd52..bbe92209e 100644 --- a/examples/installation/sonar_multi_account_deployment/variables.tf +++ b/examples/installation/sonar_multi_account_deployment/variables.tf @@ -340,3 +340,9 @@ variable "sonarw_gw_public_key_file_path" { default = null description = "The Agentless Gateway sonarw user public key file path - used for remote Agentless Gateway federation, HADR, etc." } + +variable "sonar_machine_base_directory" { + type = string + default = "/imperva" + description = "The base directory where all Sonar related directories will be installed" +} diff --git a/examples/installation/sonar_single_account_deployment/main.tf b/examples/installation/sonar_single_account_deployment/main.tf index da719ba98..e093b2237 100644 --- a/examples/installation/sonar_single_account_deployment/main.tf +++ b/examples/installation/sonar_single_account_deployment/main.tf @@ -98,6 +98,7 @@ module "hub_main" { sonarw_private_key_secret_name = var.sonarw_hub_private_key_secret_name sonarw_public_key_content = try(trimspace(file(var.sonarw_hub_public_key_file_path)), null) instance_profile_name = var.hub_instance_profile_name + base_directory = var.sonar_machine_base_directory tags = local.tags } @@ -130,6 +131,7 @@ module "hub_dr" { sonarw_private_key_secret_name = var.sonarw_hub_private_key_secret_name sonarw_public_key_content = try(trimspace(file(var.sonarw_hub_public_key_file_path)), null) instance_profile_name = var.hub_instance_profile_name + base_directory = var.sonar_machine_base_directory tags = local.tags } @@ -163,6 +165,7 @@ module "agentless_gw" { sonarw_private_key_secret_name = var.sonarw_gw_private_key_secret_name sonarw_public_key_content = try(trimspace(file(var.sonarw_gw_public_key_file_path)), null) instance_profile_name = var.gw_instance_profile_name + base_directory = var.sonar_machine_base_directory tags = local.tags } diff --git a/examples/installation/sonar_single_account_deployment/variables.tf b/examples/installation/sonar_single_account_deployment/variables.tf index 174ffaa22..b5b449563 100644 --- a/examples/installation/sonar_single_account_deployment/variables.tf +++ b/examples/installation/sonar_single_account_deployment/variables.tf @@ -259,3 +259,9 @@ variable "use_hub_as_proxy" { default = true description = "Whether to use the DSF Hub as a proxy for ssh into the Agentless Gateways" } + +variable "sonar_machine_base_directory" { + type = string + default = "/imperva" + description = "The base directory where all Sonar related directories will be installed" +} diff --git a/examples/poc/sonar_hadr_deployment/main.tf b/examples/poc/sonar_hadr_deployment/main.tf index 822261724..8337afe0c 100644 --- a/examples/poc/sonar_hadr_deployment/main.tf +++ b/examples/poc/sonar_hadr_deployment/main.tf @@ -106,7 +106,6 @@ module "hub_main" { allowed_hub_cidrs = [data.aws_subnet.dr_hub.cidr_block] allowed_agentless_gw_cidrs = [data.aws_subnet.main_gw.cidr_block, data.aws_subnet.dr_gw.cidr_block] allowed_all_cidrs = local.workstation_cidr - base_directory = var.sonar_machine_base_directory tags = local.tags depends_on = [ module.vpc @@ -136,7 +135,6 @@ module "hub_dr" { allowed_hub_cidrs = [data.aws_subnet.main_hub.cidr_block] allowed_agentless_gw_cidrs = [data.aws_subnet.main_gw.cidr_block, data.aws_subnet.dr_gw.cidr_block] allowed_all_cidrs = local.workstation_cidr - base_directory = var.sonar_machine_base_directory tags = local.tags depends_on = [ module.vpc @@ -167,7 +165,6 @@ module "agentless_gw_main" { proxy_private_ssh_key_path = module.key_pair.private_key_file_path proxy_ssh_user = module.hub_main.ssh_user } - base_directory = var.sonar_machine_base_directory tags = local.tags depends_on = [ module.vpc @@ -201,7 +198,6 @@ module "agentless_gw_dr" { proxy_private_ssh_key_path = module.key_pair.private_key_file_path proxy_ssh_user = module.hub_main.ssh_user } - base_directory = var.sonar_machine_base_directory tags = local.tags depends_on = [ module.vpc diff --git a/examples/poc/sonar_hadr_deployment/variables.tf b/examples/poc/sonar_hadr_deployment/variables.tf index e83c92fee..498259c2b 100644 --- a/examples/poc/sonar_hadr_deployment/variables.tf +++ b/examples/poc/sonar_hadr_deployment/variables.tf @@ -153,9 +153,3 @@ variable "db_types_to_onboard" { error_message = "Valid values should contain at least one of the following: 'RDS MySQL', 'RDS MsSQL'." } } - -variable "sonar_machine_base_directory" { - type = string - default = "/imperva" - description = "The base directory where all Sonar related directories will be installed" -} From 120906125b660d95e5e45d51159e7188fa2a8b94 Mon Sep 17 00:00:00 2001 From: "assaf.cohen" Date: Mon, 16 Oct 2023 14:30:55 +0300 Subject: [PATCH 6/6] Removed redundant else statement when base directory is empty. Remove redundant last new line --- modules/aws/sonar-base-instance/setup.tftpl | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/modules/aws/sonar-base-instance/setup.tftpl b/modules/aws/sonar-base-instance/setup.tftpl index b487f0416..717100a3d 100644 --- a/modules/aws/sonar-base-instance/setup.tftpl +++ b/modules/aws/sonar-base-instance/setup.tftpl @@ -258,17 +258,10 @@ __EOF__ fi } -if [ -z "${base_directory}" ]; then - DATA_DIR=/data - LOGS_DIR=/logs - LOCAL_DIR=/local - APPS_DIR=/apps -else - DATA_DIR="${base_directory}/data" - LOGS_DIR="${base_directory}/logs" - LOCAL_DIR="${base_directory}/local" - APPS_DIR="${base_directory}/apps" -fi +DATA_DIR="${base_directory}/data" +LOGS_DIR="${base_directory}/logs" +LOCAL_DIR="${base_directory}/local" +APPS_DIR="${base_directory}/apps" install_deps create_users_and_groups