From 46c805a108748d224ebbeaa9d4389d347072fe01 Mon Sep 17 00:00:00 2001 From: Faiq Date: Thu, 8 Aug 2024 11:08:01 -0700 Subject: [PATCH] fix: adds ssm from docker image (#1139) * fix: adds ssm from docker image directly * fix: suggestion from review * fix: disable gpg for aws ssm * fix: dont run zypper for nonsuse * fix: adds enable and disable repo --- Dockerfile | 2 ++ Dockerfile.devkit | 1 + ansible/roles/providers/tasks/aws.yml | 49 ++++++++++++--------------- bundles/redhat8.6/bundle.sh.gotmpl | 1 - bundles/redhat8.8/bundle.sh.gotmpl | 1 - bundles/rocky9.1/bundle.sh.gotmpl | 1 - 6 files changed, 25 insertions(+), 30 deletions(-) diff --git a/Dockerfile b/Dockerfile index 087447e32..653b57080 100644 --- a/Dockerfile +++ b/Dockerfile @@ -32,6 +32,8 @@ ARG BUILDARCH # Packer copies /usr/local/bin/goss-amd64 from this container to the remote host COPY --from=devkit /usr/local/bin/goss-amd64 /usr/local/bin/goss-amd64 +COPY --from=devkit /opt/amazon-ssm-agent.rpm /opt/amazon-ssm-agent.rpm + # we copy this to remote hosts to execute mindthegap so its always amd64 COPY --from=devkit /usr/local/bin/mindthegap /usr/local/bin/ COPY --from=devkit /usr/local/bin/packer-${BUILDARCH} /usr/local/bin/packer diff --git a/Dockerfile.devkit b/Dockerfile.devkit index f1864eb34..79dbb8e15 100644 --- a/Dockerfile.devkit +++ b/Dockerfile.devkit @@ -78,6 +78,7 @@ RUN curl -L "https://github.com/goss-org/goss/releases/download/${GOSS_VERSION}/ RUN chmod +rx /usr/local/bin/goss-amd64 ARG BUILDARCH RUN ln -s /usr/local/bin/goss-${BUILDARCH} /usr/local/bin/goss +RUN curl -o /opt/amazon-ssm-agent.rpm https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm COPY --from=packer-amd64 /bin/packer /usr/local/bin/packer-amd64 COPY --from=packer-arm64 /bin/packer /usr/local/bin/packer-arm64 diff --git a/ansible/roles/providers/tasks/aws.yml b/ansible/roles/providers/tasks/aws.yml index fb536a227..42d484957 100644 --- a/ansible/roles/providers/tasks/aws.yml +++ b/ansible/roles/providers/tasks/aws.yml @@ -42,38 +42,34 @@ - ansible_distribution != "Amazon" - ansible_os_family != "Suse" -- name: install aws agents RPM - package: - name: "{{ item }}" - state: present - # must be fixed by amazon https://github.com/aws/amazon-ssm-agent/issues/235 - disable_gpg_check: yes - enablerepo: "{{ 'offline' if offline_mode_enabled else '' }}" - disablerepo: "{{ '*' if offline_mode_enabled else '' }}" - with_items: - - "{{ 'amazon-ssm-agent' if offline_mode_enabled else 'https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm' }}" - when: - - ansible_os_family == "RedHat" - - ansible_distribution != "Amazon" -- name: install aws agents RPM - package: - name: "{{ item }}" - state: present - # must be fixed by amazon https://github.com/aws/amazon-ssm-agent/issues/235 - disable_gpg_check: yes - with_items: - - https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm - when: - - ansible_os_family == "Suse" - - ansible_distribution != "Amazon" +- block: + - name: copy ssm rpm + copy: + src: /opt/amazon-ssm-agent.rpm + dest: /opt/amazon-ssm-agent.rpm -- name: install aws agents RPM + - name: install aws agents RPM + ansible.builtin.yum: + name: /opt/amazon-ssm-agent.rpm + state: present + disable_gpg_check: yes + enablerepo: "{{ 'offline' if offline_mode_enabled else '' }}" + disablerepo: "{{ '*' if offline_mode_enabled else '' }}" + when: ansible_os_family == "RedHat" and ansible_distribution != "Amazon" + + - name: install aws agents RPM + ansible.builtin.zypper: + name: /opt/amazon-ssm-agent.rpm + state: present + disable_gpg_check: yes + when: ansible_os_family == "Suse" and ansible_distribution != "Amazon" + +- name: install aws cli for amazon linux package: name: "{{ item }}" state: present with_items: - - amazon-ssm-agent - awscli when: ansible_distribution == "Amazon" @@ -94,4 +90,3 @@ state: started enabled: yes when: ansible_distribution == "Ubuntu" - diff --git a/bundles/redhat8.6/bundle.sh.gotmpl b/bundles/redhat8.6/bundle.sh.gotmpl index f1db621c5..c46c2c649 100755 --- a/bundles/redhat8.6/bundle.sh.gotmpl +++ b/bundles/redhat8.6/bundle.sh.gotmpl @@ -79,7 +79,6 @@ yumdownloader --setopt=skip_missing_names_on_install=False -x \*i686 --archlist= $(< packages.txt) rm packages.txt reqs.txt -curl https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm -o amazon-ssm-agent.rpm createrepo -v . repo2module . --module-name offline createrepo_mod . diff --git a/bundles/redhat8.8/bundle.sh.gotmpl b/bundles/redhat8.8/bundle.sh.gotmpl index ed270cbbc..d8b4135c5 100755 --- a/bundles/redhat8.8/bundle.sh.gotmpl +++ b/bundles/redhat8.8/bundle.sh.gotmpl @@ -79,7 +79,6 @@ yumdownloader --setopt=skip_missing_names_on_install=False -x \*i686 --archlist= $(< packages.txt) rm packages.txt reqs.txt -curl https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm -o amazon-ssm-agent.rpm createrepo -v . repo2module . --module-name offline createrepo_mod . diff --git a/bundles/rocky9.1/bundle.sh.gotmpl b/bundles/rocky9.1/bundle.sh.gotmpl index 7b6321ff0..7bdaeb5dd 100755 --- a/bundles/rocky9.1/bundle.sh.gotmpl +++ b/bundles/rocky9.1/bundle.sh.gotmpl @@ -15,7 +15,6 @@ repoquery --archlist=x86_64,noarch --resolve --requires --recursive $(< packag #shellcheck disable=SC2046 yumdownloader --archlist=x86_64,noarch -x \*i686 $(< packages.txt) rm packages.txt -curl https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm -o amazon-ssm-agent.rpm createrepo -v . && chown -R 1000:1000 repodata/ #shellcheck disable=SC1083,SC2035 tar -czf {{ .OutputDirectory }}/{{ .KubernetesVersion }}_rocky_9.1_x86_64.tar.gz *