Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support ebs encryption pr 1.x #609

Merged
merged 57 commits into from
Feb 25, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
57 commits
Select commit Hold shift + click to select a range
f3cdd8d
Adding volume encryption and type options plus a bit more flexibility…
gregharvey Feb 25, 2022
92be722
Setting more sane default instance sizes.
gregharvey Feb 25, 2022
af410f5
Adding more EBS options for ASGs.
gregharvey Feb 25, 2022
bd3bd89
Merge branch '1.x' into support_ebs_encryption
gregharvey Feb 25, 2022
8f3f379
Setting encryption to match AMI settings.
gregharvey Feb 25, 2022
796b4f0
Merge branch '1.x' into support_ebs_encryption-PR-1.x
gregharvey Feb 25, 2022
66413fb
Merge branch 'support_ebs_encryption' into support_ebs_encryption-PR-1.x
gregharvey Feb 25, 2022
c48beec
Setting encryption to match AMI settings.
gregharvey Feb 25, 2022
558551e
Merge branch 'support_ebs_encryption' into support_ebs_encryption-PR-1.x
gregharvey Feb 25, 2022
f83d15c
We also need to dynamically set the ASGs own encrypt_boot var.
gregharvey Feb 25, 2022
05ead4d
Merge branch 'support_ebs_encryption' into support_ebs_encryption-PR-1.x
gregharvey Feb 25, 2022
75dbc20
Merging 1.x.
gregharvey Feb 25, 2022
242e249
We need to merge the new branch changes before we can rebuild the docs.
gregharvey Feb 25, 2022
d293076
Merging 1.x.
gregharvey Feb 25, 2022
181d01a
Merge branch 'support_ebs_encryption' into support_ebs_encryption-PR-1.x
gregharvey Feb 25, 2022
a2bf200
Merge branch '1.x' into support_ebs_encryption
gregharvey Feb 25, 2022
a79695a
Fixing merge command in CI.
gregharvey Feb 25, 2022
129d43f
Merge branch '1.x' into support_ebs_encryption-PR-1.x
gregharvey Feb 25, 2022
f63ffae
Merge branch 'support_ebs_encryption' into support_ebs_encryption-PR-1.x
gregharvey Feb 25, 2022
e8f040f
Not sure toc.sh is actually executing.
gregharvey Feb 25, 2022
8e3181b
Merge branch 'support_ebs_encryption' into support_ebs_encryption-PR-1.x
gregharvey Feb 25, 2022
8357835
Refactoring encrypt EBS flags to avoid detected loop condition in vars.
gregharvey Feb 25, 2022
54ff1e8
Merge branch 'support_ebs_encryption' into support_ebs_encryption-PR-1.x
gregharvey Feb 25, 2022
72d976b
Safer CI, only adds .md files.
gregharvey Feb 25, 2022
0fd9698
Merge branch 'support_ebs_encryption' into support_ebs_encryption-PR-1.x
gregharvey Feb 25, 2022
a9b0c1f
Trying to figure out CI logic for building docs.
gregharvey Feb 25, 2022
cd4054b
Merge branch 'support_ebs_encryption' into support_ebs_encryption-PR-1.x
gregharvey Feb 25, 2022
0ae38e2
Trying to figure out CI logic for building docs.
gregharvey Feb 25, 2022
e777388
Merge branch 'support_ebs_encryption' into support_ebs_encryption-PR-1.x
gregharvey Feb 25, 2022
451021a
Trying to figure out CI logic for building docs.
gregharvey Feb 25, 2022
799df2f
Merge branch 'support_ebs_encryption' into support_ebs_encryption-PR-1.x
gregharvey Feb 25, 2022
94878f5
Trying adding a git pull.
gregharvey Feb 25, 2022
fa38b7f
Merge branch 'support_ebs_encryption' into support_ebs_encryption-PR-1.x
gregharvey Feb 25, 2022
44b7440
Setting git pull config options.
gregharvey Feb 25, 2022
35f3b82
Merge branch 'support_ebs_encryption' into support_ebs_encryption-PR-1.x
gregharvey Feb 25, 2022
42273fe
Reordering things.
gregharvey Feb 25, 2022
089b507
Merge branch 'support_ebs_encryption' into support_ebs_encryption-PR-1.x
gregharvey Feb 25, 2022
2356bc9
Adding --allow-unrelated-histories to the git pull.
gregharvey Feb 25, 2022
abd25ce
Merge branch 'support_ebs_encryption' into support_ebs_encryption-PR-1.x
gregharvey Feb 25, 2022
914bb86
Trying a feature branch approach.
gregharvey Feb 25, 2022
89885c4
Merge branch 'support_ebs_encryption' into support_ebs_encryption-PR-1.x
gregharvey Feb 25, 2022
7cfdd01
Forcing the GitHub action to fetch all git history.
gregharvey Feb 25, 2022
deadbe8
Merge branch 'support_ebs_encryption' into support_ebs_encryption-PR-1.x
gregharvey Feb 25, 2022
9ba69aa
Bad whitespace, naughty whitespace.
gregharvey Feb 25, 2022
6699c51
Merge branch 'support_ebs_encryption' into support_ebs_encryption-PR-1.x
gregharvey Feb 25, 2022
acb27b9
Trying a different PR action.
gregharvey Feb 25, 2022
8a764e9
Merge branch 'support_ebs_encryption' into support_ebs_encryption-PR-1.x
gregharvey Feb 25, 2022
f8b597e
Do not merge the branch in, we only want the markdown changes.
gregharvey Feb 25, 2022
6dee994
Merge branch 'support_ebs_encryption' into support_ebs_encryption-PR-1.x
gregharvey Feb 25, 2022
2248c8a
Keeping the documentation branch clean.
gregharvey Feb 25, 2022
39c4be1
Merge branch 'support_ebs_encryption' into support_ebs_encryption-PR-1.x
gregharvey Feb 25, 2022
3e951ea
We need to push a detached HEAD.
gregharvey Feb 25, 2022
1812ada
Merge branch 'support_ebs_encryption' into support_ebs_encryption-PR-1.x
gregharvey Feb 25, 2022
c37f05f
Do we need the checkout at all?
gregharvey Feb 25, 2022
d1d2432
Merge branch 'support_ebs_encryption' into support_ebs_encryption-PR-1.x
gregharvey Feb 25, 2022
fd5c657
Adding a docs pull.
gregharvey Feb 25, 2022
3dc4abe
Merge branch 'support_ebs_encryption' into support_ebs_encryption-PR-1.x
gregharvey Feb 25, 2022
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 13 additions & 10 deletions .github/workflows/ce-provision-build-docs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,33 +17,36 @@ jobs:
- name: Checkout code
if: ${{ github.event.pull_request.head.ref != 'documentation' }}
uses: actions/checkout@v2
with:
fetch-depth: 0

# Configures global Git variables for committing
- name: Configure Git
run: |
git config --global user.email "sysadm@codeenigma.com"
git config --global user.name "Code Enigma CI"
git config --global pull.rebase false

# Builds the docs
- name: Build documentation
if: ${{ github.event.pull_request.head.ref != 'documentation' }}
if: ${{ github.event.pull_request.head.ref != 'documentation' && github.event.pull_request.base.ref == '1.x' }}
run: |
git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}
git fetch
git checkout documentation
contribute/toc.sh
git add docs
git add roles
git diff --quiet && git diff --staged --quiet || git commit -am 'GitHub Actions - Rebuilt documentation.' && git push origin documentation
/bin/sh ./contribute/toc.sh
find . -name "*.md" | xargs git add
git diff --quiet && git diff --staged --quiet || git commit -am 'GitHub Actions - Rebuilt documentation.'
git pull origin documentation
git push origin HEAD:documentation
shell: bash

# Create docs pull request
- name: Create a documentation pull request
if: ${{ github.event.pull_request.head.ref != 'documentation' && github.event.pull_request.base.ref == '1.x' }}
uses: devops-infra/action-pull-request@v0.4.2
uses: repo-sync/pull-request@v2
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
source_branch: documentation
target_branch: ${{ github.event.pull_request.base.ref }}
title: Documentation update.
body: "**Automated pull request** created by GitHub Actions because of a documentation update."
destination_branch: ${{ github.event.pull_request.base.ref }}
pr_title: Documentation update.
pr_body: "**Automated pull request** created by GitHub Actions because of a documentation update."
2 changes: 1 addition & 1 deletion roles/aws/aws_ami/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
aws_ami:
aws_profile: "{{ _aws_profile }}"
region: "{{ _aws_region }}"
instance_type: t2.micro
instance_type: t3.micro
virtualization_type: hvm
root_device_type: ebs
name_filter: "debian-10-amd64-*"
Expand Down
10 changes: 6 additions & 4 deletions roles/aws/aws_ec2_autoscale_cluster/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,14 @@ aws_ec2_autoscale_cluster:
- az: c
cidr_block: "10.0.3.128/26"
public_subnet: public-c
instance_type: t2.micro
instance_type: t3.micro
key_name: "{{ ce_provision.username }}@{{ ansible_hostname }}" # This needs to match your "provision" user SSH key.
ami_owner: self # Default to self-created image.
root_volume_size: 40
root_volume_size: 30
root_volume_type: gp2 # available options - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html
root_volume_delete_on_termination: true
ebs_optimized: true
encrypt_boot: false # Whether to encrypt the EBS volumes or not.
encrypt_boot: false # Whether to encrypt the EBS volumes or not, passed to the aws_ami role and to EBS volumes when instances are built
ami_playbook_file: "{{ playbook_dir }}/ami.yml"
ami_refresh: true # Whether to build a new AMI or not.
asg_refresh: true # Whether to build a new ASG or not.
Expand Down Expand Up @@ -91,7 +93,7 @@ aws_ec2_autoscale_cluster:
# Associated RDS instance.
rds:
rds: false # wether to create an instance.
db_instance_class: db.m5.large
db_instance_class: db.t3.medium
#db_cluster_identifier: example-aurora-cluster
engine: mariadb
aurora_reader: false
Expand Down
3 changes: 3 additions & 0 deletions roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,9 @@
volumes:
- device_name: /dev/xvda
volume_size: "{{ aws_ec2_autoscale_cluster.root_volume_size }}"
volume_type: "{{ aws_ec2_autoscale_cluster.root_volume_type }}"
encrypted: "{{ aws_ec2_autoscale_cluster.encrypt_boot }}"
delete_on_termination: "{{ aws_ec2_autoscale_cluster.root_volume_delete_on_termination }}"
register: _aws_ec2_lc_created
when:
- aws_ec2_autoscale_cluster.asg_refresh
Expand Down
7 changes: 5 additions & 2 deletions roles/aws/aws_ec2_with_eip/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
aws_ec2_with_eip:
aws_profile: "{{ _aws_profile }}"
region: "{{ _aws_region }}"
instance_type: t2.micro
instance_type: t3.micro
key_name: "{{ ce_provision.username }}@{{ ansible_hostname }}" # This needs to match your "provision" user SSH key.
ami_name: "{{ _domain_name }}" # The name of an AMI image to use. Image must exists in the same region.
ami_owner: self # Default to self-created image.
Expand All @@ -11,10 +11,13 @@ aws_ec2_with_eip:
vpc_subnet_profile: core # if you are looking up subnets we need a Profile tag to search against
# An IAM Role name to associate with the instance.
iam_role_name: "example"
state: started
state: running
termination_protection: false # set to true to disable termination and avoid accidents
instance_name: "{{ _domain_name }}"
root_volume_size: 80
root_volume_type: gp2 # available options - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html
root_volume_encrypted: "{{ aws_ami.encrypt_boot }}" # in most cases this should match encrypt_boot in the aws_ami role
root_volume_delete_on_termination: true
ebs_optimized: true
security_groups: []
tags:
Expand Down
4 changes: 3 additions & 1 deletion roles/aws/aws_ec2_with_eip/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,9 @@
- device_name: /dev/xvda
ebs:
volume_size: "{{ aws_ec2_with_eip.root_volume_size }}"
delete_on_termination: true
delete_on_termination: "{{ aws_ec2_with_eip.root_volume_delete_on_termination }}"
volume_type: "{{ aws_ec2_with_eip.root_volume_type }}"
encrypted: "{{ aws_ec2_with_eip.root_volume_encrypted }}"
register: aws_ec2_with_eip_instances

- name: Check if we have an existing EIP.
Expand Down
2 changes: 1 addition & 1 deletion roles/aws/aws_rds/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ aws_rds:
- subnet-bbbbbbbb
name: example
tags: {}
db_instance_class: db.m5.large
db_instance_class: db.t3.medium
state: present
description: example
engine: mariadb
Expand Down