Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move cyhy user creation to AMI build time #640

Merged
merged 3 commits into from
Mar 28, 2023
Merged

Move cyhy user creation to AMI build time #640

merged 3 commits into from
Mar 28, 2023

Conversation

mcdonnnj
Copy link
Member

🗣 Description

This pull request moves creation of the cyhy user to AMI build time from being part of individual instance cloud-init configurations.

💭 Motivation and context

This change moves user creation to AMI build time to provide a better guarantee that the cyhy user exists before any Ansible provisioners are run against an instance during deployment. It will also allow the option for cyhy-specific Ansible roles to expect the existence of the cyhy user as part of their logic. As a bonus this reduces complexity by removing this element of the individual cloud-init configurations for instances that need this user.

🧪 Testing

Automated tests pass. I used this branch in my test environment and verified that the cyhy user existed and that SSH access worked as expected.

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All new and existing tests pass.

@mcdonnnj
Create the cyhy user during AMI build
e014675 
This adds an Ansible playbook and imports it in the main playbook used
to build the AMIs.
@mcdonnnj
Remove cyhy user creation by cloud-init
c040b09 
Remove the cloud-init configuration file and all cloudinit
configuration parts for `cyhy` user creation.
@mcdonnnj mcdonnnj added the improvement This issue or pull request will add or improve functionality, maintainability, or ease of use label Mar 28, 2023
@mcdonnnj mcdonnnj self-assigned this Mar 28, 2023
@mcdonnnj mcdonnnj requested a review from a team March 28, 2023 21:03
dav3r
dav3r approved these changes Mar 28, 2023
View reviewed changes
Copy link
Member

@dav3r dav3r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 with one minor thang that may be ignored if you so choose.

packer/ansible/create_cyhy_user.yml Outdated Show resolved Hide resolved
@mcdonnnj @dav3r
Correct order of keys in the cyhy user creation playbook
d6a83bb 
We prefer to sort task keys alphabetically and the authorized key setup
was not in compliance.

Co-authored-by: dav3r <[email protected]>
@mcdonnnj mcdonnnj merged commit b7c63c1 into develop Mar 28, 2023
@mcdonnnj mcdonnnj deleted the improvement/create_cyhy_user_during_ami_build branch March 28, 2023 22:18
@mcdonnnj mcdonnnj linked an issue Mar 31, 2023 that may be closed by this pull request
Set up the cyhy user and group using an Ansible role at AMI build time #545
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dav3r dav3r dav3r approved these changes

@jsf9k jsf9k jsf9k approved these changes

@felddy felddy Awaiting requested review from felddy felddy is a code owner

Assignees

@mcdonnnj mcdonnnj

Labels
improvement This issue or pull request will add or improve functionality, maintainability, or ease of use
Projects
CyHy System
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Set up the cyhy user and group using an Ansible role at AMI build time
3 participants
@mcdonnnj @jsf9k @dav3r