Merge branch 'features/arm64-support' into 'master'

Riaan Nolan · Riaan Nolan · commit 0d5bcae3d428 · 2022-10-01T23:41:31.000Z
fix packer and default provision, uplift localstack/variables.tf

See merge request all-staff/hashiqube!113
diff --git a/hashicorp/packer.sh b/hashicorp/packer.sh
@@ -1,6 +1,23 @@
 #!/bin/bash
 
 function packer-install() {
+
+  arch=$(lscpu | grep "Architecture" | awk '{print $NF}')
+  if [[ $arch == x86_64* ]]; then
+    ARCH="amd64"
+  elif  [[ $arch == aarch64 ]]; then
+    ARCH="arm64"
+  fi
+  echo -e '\e[38;5;198m'"CPU is $ARCH"
+
+  if pgrep -x "vault" >/dev/null
+  then
+    echo "Vault is running"
+  else
+    echo -e '\e[38;5;198m'"++++ Ensure Vault is running.."
+    sudo bash /vagrant/hashicorp/vault.sh
+  fi
+
   grep -q "PACKER_LOG=1" /etc/environment
   if [ $? -eq 1 ]; then
     echo "PACKER_LOG=1" >> /etc/environment
@@ -11,15 +28,15 @@ function packer-install() {
   if [ $? -eq 1 ]; then
     echo "PACKER_LOG_PATH=/var/log/packer.log" >> /etc/environment
   else
-    sudo sed 's/PACKER_LOG_PATH=.*/PACKER_LOG_PATH=/var/log/packer.log/g' /etc/environment
+    sudo sed 's/PACKER_LOG_PATH=.*/PACKER_LOG_PATH=\/var\/log\/packer.log/g' /etc/environment
   fi
   sudo touch /var/log/packer.log
   sudo chmod 777 /var/log/packer.log
   sudo DEBIAN_FRONTEND=noninteractive apt-get --assume-yes install curl unzip jq python3-hvac
   if [ -f /usr/local/bin/packer ]; then
     echo -e '\e[38;5;198m'"++++ `/usr/local/bin/packer version` already installed at /usr/local/bin/packer"
   else
-    LATEST_URL=$(curl --silent https://releases.hashicorp.com/index.json | jq '{packer}' | egrep "linux_amd.*64" | sort -rh | head -1 | awk -F[\"] '{print $4}')
+    LATEST_URL=$(curl --silent https://releases.hashicorp.com/index.json | jq '{packer}' | egrep "linux.*$ARCH" | sort -rh | head -1 | awk -F[\"] '{print $4}')
     wget -q $LATEST_URL -O /tmp/packer.zip
     sudo mkdir -p /usr/local/bin
     (cd /usr/local/bin && unzip /tmp/packer.zip)
@@ -95,16 +112,10 @@ EOF
   if [ -f /usr/bin/docker ]; then
     echo -e '\e[38;5;198m'"++++ `/usr/bin/docker -v` already installed at /usr/bin/docker"
   else
-    sudo DEBIAN_FRONTEND=noninteractive apt-get install --assume-yes apt-transport-https ca-certificates curl gnupg-agent software-properties-common
-    sudo -i
-    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
-    sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
-    sudo apt-get update
-    sudo DEBIAN_FRONTEND=noninteractive apt-get install --assume-yes docker-ce docker-ce-cli containerd.io
-    sudo usermod -aG docker vagrant
+    sudo bash /vagrant/docker/docker.sh
   fi
   echo -e '\e[38;5;198m'"++++ Packer build Linux Docker container configured with Ansible"
-  packer build /vagrant/hashicorp/packer/linux/ubuntu/ubuntu16.04.json
+  packer build /vagrant/hashicorp/packer/linux/ubuntu/ubuntu20.04.json
 }
 
 packer-install
diff --git a/hashicorp/packer/linux/ubuntu/playbook.yml b/hashicorp/packer/linux/ubuntu/playbook.yml
@@ -9,4 +9,4 @@
         owner: root
     - name: Return all kv v2 secrets from a path
       debug:
-        msg: "{{ lookup('hashi_vault', 'secret=kv/ansible token=s.4iQgdlmLwXQUFFxTsM9gLQtg url=http://localhost:8200') }}"
+        msg: "{{ lookup('hashi_vault', 'secret=kv/ansible token=hvs.CAESIK2fsE_LCBTs3Ikw0d0O4QD9acJSMHZBA873CMnkMOGVGh4KHGh2cy5uOTFGQUFESkhsOWI4RUY5UHFoYlY3U1c url=http://localhost:8200') }}"
diff --git a/hashicorp/packer/linux/ubuntu/ubuntu20.04.json b/hashicorp/packer/linux/ubuntu/ubuntu20.04.json
@@ -0,0 +1,41 @@
+{
+  "variables": {
+    "ansible_host": "default",
+    "ansible_connection": "docker"
+  },
+  "builders": [
+    {
+      "type": "docker",
+      "image": "ubuntu:20.04",
+      "commit": "false",
+      "discard": "true",
+      "run_command": [
+        "-d",
+        "-i",
+        "-t",
+        "--name",
+        "{{user `ansible_host`}}",
+        "{{.Image}}",
+        "/bin/bash"
+      ]
+    }
+  ],
+  "provisioners": [
+    {
+      "type": "shell",
+      "inline": [
+        "apt-get update",
+        "apt-get install apt-utils python -yq"
+      ]
+    },
+    {
+      "type": "ansible",
+      "user": "root",
+      "playbook_file": "/vagrant/hashicorp/packer/linux/ubuntu/playbook.yml",
+      "extra_arguments": [
+        "--extra-vars",
+        "ansible_host={{user `ansible_host`}} ansible_connection={{user `ansible_connection`}}"
+      ]
+    }
+  ]
+}
diff --git a/hashicorp/sentinel.sh b/hashicorp/sentinel.sh
@@ -1,11 +1,19 @@
 #!/bin/bash
 
 function sentinel-install() {
-sudo DEBIAN_FRONTEND=noninteractive apt-get --assume-yes install curl unzip jq
+  arch=$(lscpu | grep "Architecture" | awk '{print $NF}')
+  if [[ $arch == x86_64* ]]; then
+    ARCH="amd64"
+  elif  [[ $arch == aarch64 ]]; then
+    ARCH="arm64"
+  fi
+  echo -e '\e[38;5;198m'"CPU is $ARCH"
+
+  sudo DEBIAN_FRONTEND=noninteractive apt-get --assume-yes install curl unzip jq
   if [ -f /usr/local/bin/sentinel ]; then
     echo -e '\e[38;5;198m'"++++ `/usr/local/bin/sentinel version` already installed at /usr/local/bin/sentinel"
   else
-    LATEST_URL=$(curl --silent https://releases.hashicorp.com/index.json | jq '{sentinel}' | egrep "linux_amd.*64" | sort -rh | head -1 | awk -F[\"] '{print $4}')
+    LATEST_URL=$(curl --silent https://releases.hashicorp.com/index.json | jq '{sentinel}' | egrep "linux.*$ARCH" | sort -rh | head -1 | awk -F[\"] '{print $4}')
     wget -q $LATEST_URL -O /tmp/sentinel.zip
     mkdir -p /usr/local/bin
     (cd /usr/local/bin && unzip /tmp/sentinel.zip)
diff --git a/localstack/variables.tf b/localstack/variables.tf
@@ -19,86 +19,86 @@ variable "ec2_instance" {
   )
   default = [
     {
-      ami_id        = 123
+      ami_id        = "ami-02e8cbf7681c3ae51"
       instance_type = "t1.micro"
-      az            = 123
+      az            = "ap-southeast-2"
       set_public_ip = false
-      subnet_id     = "oneal3j42rawefz"
+      subnet_id     = "subnet-07e73ebcae662e4a3"
       security_group = [
-        "onealwijer"
+        "dev-node"
       ]
       tags = {
-        apple = "onebanana"
-        pear  = "onepear"
+        Name        = "dev-node"
+        Environment = "dev"
       }
       ebs_disks = [
         {
-          disksize   = 123
+          disksize   = 128
           encryption = true
-          disktype   = "oneone342ewrgs4"
-          devicename = "oneonealij32krwe"
+          disktype   = "gp3"
+          devicename = "/dev/sdg"
         },
         {
-          disksize   = 12
+          disksize   = 64
           encryption = false
-          disktype   = "onetwo342ewrgs4"
-          devicename = "onetwoalij32krwe"
+          disktype   = "gp2"
+          devicename = "/dev/sdf"
         }
       ]
     },
     {
-      ami_id        = 123333
-      instance_type = "t1.micro"
-      az            = 123333
+      ami_id        = "ami-02e8cbf7681c3ae51"
+      instance_type = "t2.micro"
+      az            = "ap-southeast-2"
       set_public_ip = false
-      subnet_id     = "twoal3j42rawefz"
+      subnet_id     = "subnet-07e73ebcae662e4a3"
       security_group = [
-        "twoalwijer"
+        "dev-node"
       ]
       tags = {
-        apple = "twobanana"
-        pear  = "twopear"
+        Name        = "dev-node"
+        Environment = "dev"
       }
       ebs_disks = [
         {
-          disksize   = 123
+          disksize   = 128
           encryption = true
-          disktype   = "twoone342ewrgs4"
-          devicename = "twoonealij32krwe"
+          disktype   = "gp3"
+          devicename = "/dev/sdf"
         },
         {
-          disksize   = 12
+          disksize   = 64
           encryption = false
-          disktype   = "twotwo342ewrgs4"
-          devicename = "twotwoalij32krwe"
+          disktype   = "gp2"
+          devicename = "/dev/sdg"
         }
       ]
     },
     {
-      ami_id        = 126666
-      instance_type = "t1.micro"
-      az            = 126666
+      ami_id        = "ami-02e8cbf7681c3ae51"
+      instance_type = "t3.micro"
+      az            = "ap-southeast-2"
       set_public_ip = false
-      subnet_id     = "threeal3j42rawefz"
+      subnet_id     = "subnet-07e73ebcae662e4a3"
       security_group = [
-        "threealwijer"
+        "dev-node"
       ]
       tags = {
-        apple = "threebanana"
-        pear  = "threepear"
+        Name        = "dev-node"
+        Environment = "dev"
       }
       ebs_disks = [
         {
-          disksize   = 123
+          disksize   = 128
           encryption = true
-          disktype   = "threene342ewrgs4"
-          devicename = "threeonealij32krwe"
+          disktype   = "gp3"
+          devicename = "/dev/sdf"
         },
         {
-          disksize   = 12
+          disksize   = 64
           encryption = false
-          disktype   = "threetwo342ewrgs4"
-          devicename = "threetwoalij32krwe"
+          disktype   = "gp2"
+          devicename = "/dev/sdg"
         }
       ]
     }
