Merge pull request #7 from companieshouse/shared-services-migration

Update configuration for migration to shared services
companieshouse · Feb 7, 2024 · b584cdb · b584cdb
2 parents 7bab67b + 5873bf1
commit b584cdb
Show file tree

Hide file tree

Showing 3 changed files with 95 additions and 20 deletions.
diff --git a/ansible/roles/tuxedo/tasks/main.yml b/ansible/roles/tuxedo/tasks/main.yml
@@ -287,7 +287,7 @@
 - name: Install OpenJDK to provide JRE for Informix license installer
   yum:
     name:
-      - java-11-openjdk.x86_64
+      - java-11-openjdk-11.0.13.0.8-1.el7_9
     state: latest
 
 - name: Download Informix license installer
@@ -321,3 +321,19 @@
     path: /tmp
     opts: noexec
     state: remounted
+
+- name: Find authorized_keys and shell history files
+  find:
+    paths:
+      - /root
+      - /home
+    patterns:
+      - authorized_keys
+      - .*history
+  register: files_for_deletion
+
+- name: Delete authorized_keys and shell history files
+  file:
+    path: "{{ item.path }}"
+    state: absent
+  with_items: "{{ files_for_deletion.files }}"
diff --git a/packer/sources.pkr.hcl b/packer/sources.pkr.hcl
@@ -1,29 +1,40 @@
 source "amazon-ebs" "builder" {
-  ami_name             = "${var.ami_name_prefix}-${var.version}"
-  ami_users            = var.ami_account_ids
-  communicator         = "ssh"
-  instance_type        = var.aws_instance_type
-  region               = var.aws_region
-  ssh_private_key_file = var.ssh_private_key_file
-  ssh_username         = var.ssh_username
-  ssh_keypair_name     = "packer-builders-${var.aws_region}"
-  iam_instance_profile = "packer-builders-${var.aws_region}"
+  ami_name                  = "${var.ami_name_prefix}-${var.version}"
+  ami_users                 = var.ami_account_ids
+  communicator              = "ssh"
+  force_delete_snapshot     = var.force_delete_snapshot
+  force_deregister          = var.force_deregister
+  instance_type             = var.aws_instance_type
+  region                    = var.aws_region
+  ssh_clear_authorized_keys = var.ssh_clear_authorized_keys
+  ssh_private_key_file      = var.ssh_private_key_file
+  ssh_username              = var.ssh_username
+  ssh_keypair_name          = "packer-builders-${var.aws_region}"
+  iam_instance_profile      = "packer-builders-${var.aws_region}"
 
   launch_block_device_mappings {
-    device_name = "/dev/sda1"
-    volume_size = var.root_volume_size_gb
-    volume_type = "gp2"
     delete_on_termination = true
+    device_name           = "/dev/sda1"
+    encrypted             = true
+    iops                  = var.root_volume_iops
+    kms_key_id            = var.kms_key_id
+    throughput            = var.root_volume_throughput
+    volume_size           = var.root_volume_size_gb
+    volume_type           = "gp3"
   }
 
   dynamic "launch_block_device_mappings" {
     for_each = var.swap_volume_size_gb > 0 ? [1] : []
 
     content {
-      device_name = var.swap_volume_device_node
-      volume_size = var.swap_volume_size_gb
-      volume_type = "gp2"
       delete_on_termination = true
+      device_name           = var.swap_volume_device_node
+      encrypted             = true
+      iops                  = var.swap_volume_iops
+      kms_key_id            = var.kms_key_id
+      throughput            = var.swap_volume_throughput
+      volume_size           = var.swap_volume_size_gb
+      volume_type           = "gp3"
     }
   }
 

diff --git a/packer/variables.pkr.hcl b/packer/variables.pkr.hcl
@@ -44,6 +44,24 @@ variable "aws_subnet_filter_name" {
   description = "The subnet filter string. Any filter described by the DescribeSubnets API documentation is valid. If multiple subnets match then the one with the most IPv4 addresses free will be used"
 }
 
+variable "force_delete_snapshot" {
+  type        = bool
+  default     = false
+  description = "Delete snapshots associated with AMIs, which have been deregistered by force_deregister"
+}
+
+variable "force_deregister" {
+  type        = bool
+  default     = false
+  description = "Deregister an existing AMI if one with the same name already exists"
+}
+
+variable "kms_key_id" {
+  type        = string
+  default     = "alias/packer-builders-eu-west-2-kms"
+  description = "The KMS key ID or alias to use when encrypting the AMI EBS volumes; defaults to the AWS managed key if empty"
+}
+
 variable "playbook_file_path" {
   type        = string
   default     = "../ansible/playbook.yml"
@@ -58,13 +76,13 @@ variable "resource_bucket_c_libraries_prefix" {
 
 variable "resource_bucket_informix_prefix" {
   type        = string
-  default     = "packages/informix"
+  default     = "informix"
   description = "The object prefix for Informix packages within the S3 resources bucket"
 }
 
 variable "resource_bucket_informix_sdk_prefix" {
   type        = string
-  default     = "packages/informix"
+  default     = "informix"
   description = "The object prefix for Informix Client SDK packages within the S3 resources bucket"
 }
 
@@ -75,7 +93,7 @@ variable "resource_bucket_name" {
 
 variable "resource_bucket_oracle_instant_client_prefix" {
   type        = string
-  default     = "packages/oracle"
+  default     = "oracle/instant-client"
   description = "The object prefix for Oracle Instant Client packages within the S3 resources bucket"
 }
 
@@ -87,16 +105,34 @@ variable "resource_bucket_tuxedo_license_prefix" {
 
 variable "resource_bucket_tuxedo_prefix" {
   type        = string
-  default     = "packages/tuxedo"
+  default     = "tuxedo"
   description = "The object prefix for Tuxedo packages within the S3 resources bucket"
 }
 
+variable "root_volume_iops" {
+  type        = number
+  default     = 3000
+  description = "The baseline IOPS for the root EBS volume; 3000 is the gp3 default"
+}
+
 variable "root_volume_size_gb" {
   type        = number
   default     = 20
   description = "The EC2 instance root volume size in Gibibytes (GiB)"
 }
 
+variable "root_volume_throughput" {
+  type        = number
+  default     = 125
+  description = "The throughput, in MiB/s, for the root EBS volume; 125 is the gp3 default"
+}
+
+variable "ssh_clear_authorized_keys" {
+  type        = bool
+  default     = true
+  description = "Defines whether the authorized_keys file should be cleared, post-build"
+}
+
 variable "ssh_private_key_file" {
   type        = string
   default     = "/home/packer/.ssh/packer-builder"
@@ -109,6 +145,12 @@ variable "ssh_username" {
   description = "The username Packer will use when connecting with SSH"
 }
 
+variable "swap_volume_iops" {
+  type        = number
+  default     = 3000
+  description = "The baseline IOPS for the swap EBS volume; 3000 is the gp3 default"
+}
+
 variable "swap_volume_device_node" {
   type        = string
   default     = "/dev/xvdb"
@@ -121,6 +163,12 @@ variable "swap_volume_size_gb" {
   description = "The EC2 instance swap volume size in Gibibytes (GiB); set to 0 to disable swap volume"
 }
 
+variable "swap_volume_throughput" {
+  type        = number
+  default     = 125
+  description = "The throughput, in MiB/s, for the swap EBS volume; 125 is the gp3 default"
+}
+
 variable "version" {
   type        = string
   description = "The semantic version number for the AMI; the version string will be appended automatically to the name tags added to the resulting AMI and snapshot(s)"