Skip to content
This repository was archived by the owner on Oct 4, 2024. It is now read-only.
This repository was archived by the owner on Oct 4, 2024. It is now read-only.

cloud init script needs to use aws s3 cp and not HTTPS to retrieve scripts #19

Open
Open
cloud init script needs to use aws s3 cp and not HTTPS to retrieve scripts#19
@ju2wheels

Description

@ju2wheels
ju2wheels
opened on Nov 7, 2018

https://github.com/aws-quickstart/quickstart-github-enterprise/blob/develop/templates/quickstart-github-enterprise.template#L564-L604
https://github.com/aws-quickstart/quickstart-github-enterprise/blob/develop/templates/quickstart-github-enterprise-master.template#L321

The first template should use aws s3 cp instead of assuming that HTTPS is enabled for the bucket which contains the scripts/ folder and contents from this repo in addition to the license file. aws s3 cp will be guaranteed to work as long as the user enabled the bucket permissions correctly on the instance profile, but the HTTPS used here will only work if thats explicitly enabled on the bucket. This will silently fail and cause the issue described below.

I changed that section in the first template to this in order to get it work (after using cfn-flip to convert it to YAML):

      UserData: !Base64
        Fn::Join:
          - ''
          - - "#!/bin/bash\n"
            - "easy_install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz\
              \ \n"
            - "wget https://bootstrap.pypa.io/get-pip.py\n"
            - "sudo python get-pip.py\n"
            - "sudo pip install awscli\n"
            - "sleep 5\n"
            - '/usr/local/bin/cfn-init '
            - ' --stack '
            - !Ref 'AWS::StackName'
            - ' --resource EC2Instance '
            - ' --region '
            - !Ref 'AWS::Region'
            - "\n"
            - "mkdir /tmp/scripts/\n"
            - "cd /tmp/scripts/\n"
            - !Join ['', ['aws s3 cp s3://', !Ref QSS3BucketName, '/', !Ref QSS3KeyPrefix, "scripts/scripts_userdata.sh .\n"]]
            - !Join ['', ['aws s3 cp s3://', !Ref QSS3BucketName, '/', !Ref QSS3KeyPrefix, "scripts/adminuser_org_repo.sh .\n"]]
            - "chmod 755 *.sh\n"
            - "ADMININFO='/etc/gheadmin.conf'\n"
            - './scripts_userdata.sh  $(cat $ADMININFO| grep github_console_password
              | awk -F: ''{print $2}'') '
            - '$(cat $ADMININFO| grep github_s3_bucket | awk -F: ''{print $2}'') '
            - "$(cat $ADMININFO| grep github_license_file | awk -F: '{print $2}');\
              \ \n"
            - './adminuser_org_repo.sh $(cat $ADMININFO| grep github_adminuser_name
              | awk -F'':'' ''{print $2}'') '
            - '$(cat $ADMININFO| grep github_adminuser_email | awk -F'':'' ''{print
              $2}'') '
            - '$(cat $ADMININFO| grep github_adminuser_password | awk -F'':'' ''{print
              $2}'') '
            - '$(cat $ADMININFO| grep github_organization | awk -F'':'' ''{print $2}'') '
            - "$(cat $ADMININFO| grep github_repository | awk -F':' '{print $2}');\
              \ \n"
            - "echo \"exit code \"$? \n"
            - '/usr/local/bin/cfn-signal -e $? '
            - ' '''
            - !Ref 'WaitforGitHubEnterpriseInstall'
            - "'\n"
            - " rm -f $ADMINNIFO\n"

I dont know if that aws s3 cp requires additional changes to handle the S3Region conditional for gov regions or if it will handle it transparently but that could easily be re-added.

The second template I think cant be changed since TemplateURL requires an HTTPS url so I think that should be noted in the requirements for this and possibly the above template.

One of the issues that causes #7

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions