blsmith/dc-deployments-automation
1
0
Fork 0
mirror of https://bitbucket.org/atlassian/dc-deployments-automation.git synced 2025-12-14 00:43:06 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merged in ITPLT-637-use-imdsv2 (pull request #156)

Browse Source 
ITPLT-637 use IMDSv2 (Instance MetaData Service v2)

Approved-by: Adam Brokes
This commit is contained in:
Lee Goolsbee
2022-03-08 18:17:36 +00:00
parent 7cc747f62a 92689b523a
commit 3dd63f64c6
6 changed files with 47 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ansible.cfg
View File

@@ -2,3 +2,4 @@
retry_files_enabled = False retry_files_enabled = False
callback_whitelist = profile_tasks callback_whitelist = profile_tasks
conditional_bare_variables = True conditional_bare_variables = True
collections_paths = ./

3
bin/install-ansible
View File

@@ -30,3 +30,6 @@ PIPENV_NOSPIN=1 PIPENV_HIDE_EMOJIS=1 pipenv sync 2>&1 | iconv -c -f utf-8 -t asc
if [[ $1 == "--dev" ]]; then if [[ $1 == "--dev" ]]; then
pipenv sync --dev pipenv sync --dev
fi fi
echo "Installing collections from galaxy..."
pipenv run ansible-galaxy collection install -v -r requirements.yml

36
bitbucket-pipelines.yml
View File

@@ -38,6 +38,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/aws_common - cd roles/aws_common
- pipenv run molecule test -s cw-disabled - pipenv run molecule test -s cw-disabled
@@ -46,6 +47,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/aws_common - cd roles/aws_common
- pipenv run molecule test -s default - pipenv run molecule test -s default
@@ -54,6 +56,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/aws_common - cd roles/aws_common
- pipenv run molecule test -s logs-disabled - pipenv run molecule test -s logs-disabled
@@ -62,6 +65,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/bitbucket_config - cd roles/bitbucket_config
- pipenv run molecule test -s default - pipenv run molecule test -s default
@@ -70,6 +74,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/bitbucket_config - cd roles/bitbucket_config
- pipenv run molecule test -s iam_elasticsearch - pipenv run molecule test -s iam_elasticsearch
@@ -78,6 +83,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/confluence_config - cd roles/confluence_config
- pipenv run molecule test -s aurora - pipenv run molecule test -s aurora
@@ -86,6 +92,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/confluence_config - cd roles/confluence_config
- pipenv run molecule test -s default - pipenv run molecule test -s default
@@ -94,6 +101,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/confluence_config - cd roles/confluence_config
- pipenv run molecule test -s password_char_escaping - pipenv run molecule test -s password_char_escaping
@@ -102,6 +110,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/confluence_config - cd roles/confluence_config
- pipenv run molecule test -s system_jdk - pipenv run molecule test -s system_jdk
@@ -110,6 +119,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/diy_backup - cd roles/diy_backup
- pipenv run molecule test -s default - pipenv run molecule test -s default
@@ -118,6 +128,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/jira_config - cd roles/jira_config
- pipenv run molecule test -s aurora - pipenv run molecule test -s aurora
@@ -126,6 +137,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/jira_config - cd roles/jira_config
- pipenv run molecule test -s default - pipenv run molecule test -s default
@@ -134,6 +146,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/jira_config - cd roles/jira_config
- pipenv run molecule test -s jira_config_props - pipenv run molecule test -s jira_config_props
@@ -142,6 +155,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/jira_config - cd roles/jira_config
- pipenv run molecule test -s password_char_escaping - pipenv run molecule test -s password_char_escaping
@@ -150,6 +164,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/linux_common - cd roles/linux_common
- pipenv run molecule test -s default - pipenv run molecule test -s default
@@ -158,6 +173,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/product_common - cd roles/product_common
- pipenv run molecule test -s default - pipenv run molecule test -s default
@@ -166,6 +182,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/product_common - cd roles/product_common
- pipenv run molecule test -s system_jdk - pipenv run molecule test -s system_jdk
@@ -174,6 +191,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/product_install - cd roles/product_install
- pipenv run molecule test -s bitbucket_latest - pipenv run molecule test -s bitbucket_latest
@@ -182,6 +200,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/product_install - cd roles/product_install
- pipenv run molecule test -s confluence_latest - pipenv run molecule test -s confluence_latest
@@ -190,6 +209,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/product_install - cd roles/product_install
- pipenv run molecule test -s crowd_latest - pipenv run molecule test -s crowd_latest
@@ -198,6 +218,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/product_install - cd roles/product_install
- pipenv run molecule test -s default - pipenv run molecule test -s default
@@ -206,6 +227,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/product_install - cd roles/product_install
- pipenv run molecule test -s jira_all - pipenv run molecule test -s jira_all
@@ -214,6 +236,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/product_install - cd roles/product_install
- pipenv run molecule test -s jira_cached_with_downgrade - pipenv run molecule test -s jira_cached_with_downgrade
@@ -222,6 +245,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/product_install - cd roles/product_install
- pipenv run molecule test -s jira_cached_with_upgrade - pipenv run molecule test -s jira_cached_with_upgrade
@@ -230,6 +254,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/product_install - cd roles/product_install
- pipenv run molecule test -s jira_software_latest - pipenv run molecule test -s jira_software_latest
@@ -238,6 +263,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/product_install - cd roles/product_install
- pipenv run molecule test -s jira_tarball - pipenv run molecule test -s jira_tarball
@@ -246,6 +272,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/product_install - cd roles/product_install
- pipenv run molecule test -s jira_version_from_file - pipenv run molecule test -s jira_version_from_file
@@ -254,6 +281,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/product_install - cd roles/product_install
- pipenv run molecule test -s jira_version_latest - pipenv run molecule test -s jira_version_latest
@@ -262,6 +290,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/product_install - cd roles/product_install
- pipenv run molecule test -s jira_version_override - pipenv run molecule test -s jira_version_override
@@ -270,6 +299,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/product_install - cd roles/product_install
- pipenv run molecule test -s servicedesk3 - pipenv run molecule test -s servicedesk3
@@ -278,6 +308,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/product_install - cd roles/product_install
- pipenv run molecule test -s servicedesk4 - pipenv run molecule test -s servicedesk4
@@ -286,6 +317,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/product_install - cd roles/product_install
- pipenv run molecule test -s servicedesk_latest - pipenv run molecule test -s servicedesk_latest
@@ -294,6 +326,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/product_startup - cd roles/product_startup
- pipenv run molecule test -s bitbucket - pipenv run molecule test -s bitbucket
@@ -302,6 +335,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/product_startup - cd roles/product_startup
- pipenv run molecule test -s default - pipenv run molecule test -s default
@@ -310,6 +344,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/product_startup - cd roles/product_startup
- pipenv run molecule test -s startup_restart_false - pipenv run molecule test -s startup_restart_false
@@ -318,6 +353,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/product_startup - cd roles/product_startup
- pipenv run molecule test -s synchrony - pipenv run molecule test -s synchrony

1
pipeline_generator/templates/bitbucket-pipelines.yml.j2
View File

@@ -39,6 +39,7 @@ pipelines:
services: services:
- docker - docker
script: script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/{{ spath.parts[2] }} - cd roles/{{ spath.parts[2] }}
- pipenv run molecule test -s {{ spath.parts[4] }} - pipenv run molecule test -s {{ spath.parts[4] }}

4
requirements.yml Normal file
View File

@@ -0,0 +1,4 @@
---
collections:
- name: amazon.aws
version: 3.0.0

3
roles/diy_backup/templates/bitbucket.diy-backup.vars.sh.j2
View File

@@ -2,7 +2,8 @@
INSTANCE_NAME={{ atl_aws_stack_name }} INSTANCE_NAME={{ atl_aws_stack_name }}
AWS_INFO=$(curl -Lsf http://169.254.169.254/latest/dynamic/instance-identity/document) IMDSv2_TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 60")
AWS_INFO=$(curl -H "X-aws-ec2-metadata-token: $IMDSv2_TOKEN" -Lsf http://169.254.169.254/latest/dynamic/instance-identity/document)
AWS_ACCOUNT_ID=$(echo "${AWS_INFO}" | jq -r .accountId) AWS_ACCOUNT_ID=$(echo "${AWS_INFO}" | jq -r .accountId)
AWS_AVAILABILITY_ZONE=$(echo "${AWS_INFO}" | jq -r .availabilityZone) AWS_AVAILABILITY_ZONE=$(echo "${AWS_INFO}" | jq -r .availabilityZone)
AWS_REGION=$(echo "${AWS_INFO}" | jq -r .region) AWS_REGION=$(echo "${AWS_INFO}" | jq -r .region)