Fixes Issues in Cloud Init

* Renamed cloud_init.tpl to cloud-init.tpl for consistency
* Normalized the files written during cloud-init
* Fixed issue with minion proxy having incorrect http:// prefix
* Created static grain `aws_region` so pillars can be set correctly on
  first boot.

base/bastion/cloud-init/cloud-init.tpl

@@ -10,6 +10,22 @@ write_files:
     proxy=http://${proxy}:80
   path: /etc/yum.conf
   append: true
+- content: |
+    proxy_host: ${proxy}
+    proxy_port: 80
+  path: /etc/salt/minion.d/proxy.conf
+- content: |
+    [global]
+    proxy=${proxy}
+  path: /etc/pip.conf
+- content: |
+    export HTTPS_PROXY=http://${proxy}:80
+    export HTTP_PROXY=http://${proxy}:80
+    export NO_PROXY=localhost,127.0.0.1,169.254.169.254,pvt.xdrtest.accenturefederalcyber.com,pvt.xdr.accenturefederalcyber.com,reposerver.msoc.defpoint.local,jenkins.msoc.defpoint.local,pod1search-splunk-sh.msoc.defpoint.local,s3.amazonaws.com,ssm.${ aws_region }.amazonaws.com,ec2messages.${ aws_region }.amazonaws.com,ec2.${ aws_region }.amazonaws.com,ssmmessages.${ aws_region }.amazonaws.com,iratemoses.mdr.defpoint.com,jira.mdr.defpoint.com,reposerver.pvt.xdr.accenturefederalcyber.com,jenkins.pvt.xdr.accenturefederalcyber.com,pod1search-splunk-sh.pvt.xdr.accenturefederalcyber.com,reposerver.pvt.xdrtest.accenturefederalcyber.com,jenkins.pvt.xdrtest.accenturefederalcyber.com,pod1search-splunk-sh.pvt.xdrtest.accenturefederalcyber.com,iratemoses.xdr.accenturefederalcyber.com,jira.xdr.accenturefederalcyber.com,iratemoses.xdrtest.accenturefederalcyber.com,jira.xdrtest.accenturefederalcyber.com
+    export https_proxy=$HTTPS_PROXY
+    export http_proxy=$HTTP_PROXY
+    export no_proxy=$NO_PROXY
+  path: /etc/profile.d/proxy.sh
 - content: |
     ${fqdn}
   path: /etc/salt/minion_id
@@ -19,6 +35,7 @@ write_files:
 - content: |
     grains:
       environment: ${ environment }
+      aws_region: ${ aws_region }
       aws_partition: ${ aws_partition }
       aws_partition_alias: ${ aws_partition_alias }
   path: /etc/salt/minion.d/cloud_init_grains.conf

base/bastion/main.tf

@@ -175,6 +175,7 @@ data "template_file" "cloud-init" {
     proxy = var.proxy
     aws_partition = var.aws_partition
     aws_partition_alias = var.aws_partition_alias
+    aws_region = var.aws_region
   }
 }
 

base/dns/resolver_instance/cloud-init/cloud-init.tpl

@@ -10,6 +10,22 @@ write_files:
     proxy=http://${proxy}:80
   path: /etc/yum.conf
   append: true
+- content: |
+    proxy_host: ${proxy}
+    proxy_port: 80
+  path: /etc/salt/minion.d/proxy.conf
+- content: |
+    [global]
+    proxy=${proxy}
+  path: /etc/pip.conf
+- content: |
+    export HTTPS_PROXY=http://${proxy}:80
+    export HTTP_PROXY=http://${proxy}:80
+    export NO_PROXY=localhost,127.0.0.1,169.254.169.254,pvt.xdrtest.accenturefederalcyber.com,pvt.xdr.accenturefederalcyber.com,reposerver.msoc.defpoint.local,jenkins.msoc.defpoint.local,pod1search-splunk-sh.msoc.defpoint.local,s3.amazonaws.com,ssm.${ aws_region }.amazonaws.com,ec2messages.${ aws_region }.amazonaws.com,ec2.${ aws_region }.amazonaws.com,ssmmessages.${ aws_region }.amazonaws.com,iratemoses.mdr.defpoint.com,jira.mdr.defpoint.com,reposerver.pvt.xdr.accenturefederalcyber.com,jenkins.pvt.xdr.accenturefederalcyber.com,pod1search-splunk-sh.pvt.xdr.accenturefederalcyber.com,reposerver.pvt.xdrtest.accenturefederalcyber.com,jenkins.pvt.xdrtest.accenturefederalcyber.com,pod1search-splunk-sh.pvt.xdrtest.accenturefederalcyber.com,iratemoses.xdr.accenturefederalcyber.com,jira.xdr.accenturefederalcyber.com,iratemoses.xdrtest.accenturefederalcyber.com,jira.xdrtest.accenturefederalcyber.com
+    export https_proxy=$HTTPS_PROXY
+    export http_proxy=$HTTP_PROXY
+    export no_proxy=$NO_PROXY
+  path: /etc/profile.d/proxy.sh
 - content: |
     ${fqdn}
   path: /etc/salt/minion_id
@@ -19,6 +35,7 @@ write_files:
 - content: |
     grains:
       environment: ${ environment }
+      aws_region: ${ aws_region }
       aws_partition: ${ aws_partition }
       aws_partition_alias: ${ aws_partition_alias }
   path: /etc/salt/minion.d/cloud_init_grains.conf

base/dns/resolver_instance/main.tf

@@ -93,6 +93,7 @@ data "template_file" "cloud-init" {
     proxy = var.proxy_ip
     aws_partition = var.aws_partition
     aws_partition_alias = var.aws_partition_alias
+    aws_region = var.aws_region
   }
 }
 

base/interconnects/cloud-init.tf

@@ -11,6 +11,7 @@ data "template_file" "cloud-init" {
     environment = var.environment
     aws_partition = var.aws_partition
     aws_partition_alias = var.aws_partition_alias
+    aws_region = var.aws_region
     interconnect_id = count.index
     vpc_cidr = var.security_vpc_cidr
   }

base/vault/cloud-init/cloud_init.tpl → base/mailrelay/cloud-init/cloud-init.tpl

@@ -10,6 +10,10 @@ write_files:
     proxy=http://${proxy}:80
   path: /etc/yum.conf
   append: true
+- content: |
+    proxy_host: ${proxy}
+    proxy_port: 80
+  path: /etc/salt/minion.d/proxy.conf
 - content: |
     [global]
     proxy=${proxy}
@@ -31,6 +35,7 @@ write_files:
 - content: |
     grains:
       environment: ${ environment }
+      aws_region: ${ aws_region }
       aws_partition: ${ aws_partition }
       aws_partition_alias: ${ aws_partition_alias }
   path: /etc/salt/minion.d/cloud_init_grains.conf
@@ -55,6 +60,7 @@ growpart:
   ignore_growroot_disabled: false
 
 runcmd:
+# Standard stuff
  - /bin/systemctl restart salt-minion
  - /bin/systemctl enable salt-minion
  - /bin/systemctl start amazon-ssm-agent
@@ -62,6 +68,7 @@ runcmd:
  - /usr/sbin/aide --update --verbose=0
  - /bin/cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
 
+
 # Either final message or power state, but probably not both
 final_message: "The system is up after $UPTIME seconds"
 #power_state:

base/mailrelay/main.tf

@@ -143,7 +143,7 @@ module "private_dns_record" {
 #The Cloud init data is to prepare the instance for use. 
 data "template_file" "cloud_init" {
   # Should these be in a common directory? I suspect they'd be reusable
-  template = file("${path.module}/cloud-init/cloud_init.tpl")
+  template = file("${path.module}/cloud-init/cloud-init.tpl")
 
   vars = {
     hostname = var.instance_name

base/openvpn/cloud-init/cloud-init.tpl

@@ -10,6 +10,22 @@ write_files:
     proxy=http://${proxy}:80
   path: /etc/yum.conf
   append: true
+- content: |
+    proxy_host: ${proxy}
+    proxy_port: 80
+  path: /etc/salt/minion.d/proxy.conf
+- content: |
+    [global]
+    proxy=${proxy}
+  path: /etc/pip.conf
+- content: |
+    export HTTPS_PROXY=http://${proxy}:80
+    export HTTP_PROXY=http://${proxy}:80
+    export NO_PROXY=localhost,127.0.0.1,169.254.169.254,pvt.xdrtest.accenturefederalcyber.com,pvt.xdr.accenturefederalcyber.com,reposerver.msoc.defpoint.local,jenkins.msoc.defpoint.local,pod1search-splunk-sh.msoc.defpoint.local,s3.amazonaws.com,ssm.${ aws_region }.amazonaws.com,ec2messages.${ aws_region }.amazonaws.com,ec2.${ aws_region }.amazonaws.com,ssmmessages.${ aws_region }.amazonaws.com,iratemoses.mdr.defpoint.com,jira.mdr.defpoint.com,reposerver.pvt.xdr.accenturefederalcyber.com,jenkins.pvt.xdr.accenturefederalcyber.com,pod1search-splunk-sh.pvt.xdr.accenturefederalcyber.com,reposerver.pvt.xdrtest.accenturefederalcyber.com,jenkins.pvt.xdrtest.accenturefederalcyber.com,pod1search-splunk-sh.pvt.xdrtest.accenturefederalcyber.com,iratemoses.xdr.accenturefederalcyber.com,jira.xdr.accenturefederalcyber.com,iratemoses.xdrtest.accenturefederalcyber.com,jira.xdrtest.accenturefederalcyber.com
+    export https_proxy=$HTTPS_PROXY
+    export http_proxy=$HTTP_PROXY
+    export no_proxy=$NO_PROXY
+  path: /etc/profile.d/proxy.sh
 - content: |
     ${fqdn}
   path: /etc/salt/minion_id
@@ -19,6 +35,7 @@ write_files:
 - content: |
     grains:
       environment: ${ environment }
+      aws_region: ${ aws_region }
       aws_partition: ${ aws_partition }
       aws_partition_alias: ${ aws_partition_alias }
   path: /etc/salt/minion.d/cloud_init_grains.conf

base/openvpn/main.tf

@@ -153,6 +153,7 @@ data "template_file" "cloud-init" {
     proxy = var.proxy
     aws_partition = var.aws_partition
     aws_partition_alias = var.aws_partition_alias
+    aws_region = var.aws_region
   }
 }
 

base/proxy_server/cloud-init/cloud_init.tpl → base/proxy_server/cloud-init/cloud-init.tpl

@@ -32,6 +32,7 @@ write_files:
 - content: |
     grains:
       environment: ${ environment }
+      aws_region: ${ aws_region }
       aws_partition: ${ aws_partition }
       aws_partition_alias: ${ aws_partition_alias }
   path: /etc/salt/minion.d/cloud_init_grains.conf

base/proxy_server/main.tf

@@ -166,7 +166,7 @@ module "public_dns_record" {
 #The Cloud init data is to prepare the instance for use. 
 data "template_file" "cloud_init" {
   # Should these be in a common directory? I suspect they'd be reusable
-  template = file("${path.module}/cloud-init/cloud_init.tpl")
+  template = file("${path.module}/cloud-init/cloud-init.tpl")
 
   vars = {
     hostname = var.instance_name

base/repo_server/cloud-init/cloud_init.tpl → base/repo_server/cloud-init/cloud-init.tpl

@@ -5,12 +5,15 @@ salt-master: ${salt_master}
 fqdn: ${fqdn}
 
 # Write files happens early
-# but no proxy for the proxy. Commenting these out for other proxies
 write_files:
 - content: |
     proxy=http://${proxy}:80
   path: /etc/yum.conf
   append: true
+- content: |
+    proxy_host: ${proxy}
+    proxy_port: 80
+  path: /etc/salt/minion.d/proxy.conf
 - content: |
     [global]
     proxy=${proxy}
@@ -32,6 +35,7 @@ write_files:
 - content: |
     grains:
       environment: ${ environment }
+      aws_region: ${ aws_region }
       aws_partition: ${ aws_partition }
       aws_partition_alias: ${ aws_partition_alias }
   path: /etc/salt/minion.d/cloud_init_grains.conf

base/repo_server/main.tf

@@ -166,7 +166,7 @@ module "public_dns_record" {
 #The Cloud init data is to prepare the instance for use. 
 data "template_file" "cloud_init" {
   # Should these be in a common directory? I suspect they'd be reusable
-  template = file("${path.module}/cloud-init/cloud_init.tpl")
+  template = file("${path.module}/cloud-init/cloud-init.tpl")
 
   vars = {
     hostname = var.instance_name

base/splunk_servers/cluster_master/cloud-init/cloud-init.tpl

@@ -10,6 +10,22 @@ write_files:
     proxy=http://${proxy}:80
   path: /etc/yum.conf
   append: true
+- content: |
+    proxy_host: ${proxy}
+    proxy_port: 80
+  path: /etc/salt/minion.d/proxy.conf
+- content: |
+    [global]
+    proxy=${proxy}
+  path: /etc/pip.conf
+- content: |
+    export HTTPS_PROXY=http://${proxy}:80
+    export HTTP_PROXY=http://${proxy}:80
+    export NO_PROXY=localhost,127.0.0.1,169.254.169.254,pvt.xdrtest.accenturefederalcyber.com,pvt.xdr.accenturefederalcyber.com,reposerver.msoc.defpoint.local,jenkins.msoc.defpoint.local,pod1search-splunk-sh.msoc.defpoint.local,s3.amazonaws.com,ssm.${ aws_region }.amazonaws.com,ec2messages.${ aws_region }.amazonaws.com,ec2.${ aws_region }.amazonaws.com,ssmmessages.${ aws_region }.amazonaws.com,iratemoses.mdr.defpoint.com,jira.mdr.defpoint.com,reposerver.pvt.xdr.accenturefederalcyber.com,jenkins.pvt.xdr.accenturefederalcyber.com,pod1search-splunk-sh.pvt.xdr.accenturefederalcyber.com,reposerver.pvt.xdrtest.accenturefederalcyber.com,jenkins.pvt.xdrtest.accenturefederalcyber.com,pod1search-splunk-sh.pvt.xdrtest.accenturefederalcyber.com,iratemoses.xdr.accenturefederalcyber.com,jira.xdr.accenturefederalcyber.com,iratemoses.xdrtest.accenturefederalcyber.com,jira.xdrtest.accenturefederalcyber.com
+    export https_proxy=$HTTPS_PROXY
+    export http_proxy=$HTTP_PROXY
+    export no_proxy=$NO_PROXY
+  path: /etc/profile.d/proxy.sh
 - content: |
     ${fqdn}
   path: /etc/salt/minion_id
@@ -19,6 +35,7 @@ write_files:
 - content: |
     grains:
       environment: ${ environment }
+      aws_region: ${ aws_region }
       aws_partition: ${ aws_partition }
       aws_partition_alias: ${ aws_partition_alias }
   path: /etc/salt/minion.d/cloud_init_grains.conf

base/splunk_servers/cluster_master/main.tf

@@ -165,6 +165,7 @@ data "template_file" "cloud-init" {
     proxy = var.proxy
     aws_partition = var.aws_partition
     aws_partition_alias = var.aws_partition_alias
+    aws_region = var.aws_region
   }
 }
 

base/splunk_servers/heavy_forwarder/cloud-init/cloud-init.tpl

@@ -10,6 +10,22 @@ write_files:
     proxy=http://${proxy}:80
   path: /etc/yum.conf
   append: true
+- content: |
+    proxy_host: ${proxy}
+    proxy_port: 80
+  path: /etc/salt/minion.d/proxy.conf
+- content: |
+    [global]
+    proxy=${proxy}
+  path: /etc/pip.conf
+- content: |
+    export HTTPS_PROXY=http://${proxy}:80
+    export HTTP_PROXY=http://${proxy}:80
+    export NO_PROXY=localhost,127.0.0.1,169.254.169.254,pvt.xdrtest.accenturefederalcyber.com,pvt.xdr.accenturefederalcyber.com,reposerver.msoc.defpoint.local,jenkins.msoc.defpoint.local,pod1search-splunk-sh.msoc.defpoint.local,s3.amazonaws.com,ssm.${ aws_region }.amazonaws.com,ec2messages.${ aws_region }.amazonaws.com,ec2.${ aws_region }.amazonaws.com,ssmmessages.${ aws_region }.amazonaws.com,iratemoses.mdr.defpoint.com,jira.mdr.defpoint.com,reposerver.pvt.xdr.accenturefederalcyber.com,jenkins.pvt.xdr.accenturefederalcyber.com,pod1search-splunk-sh.pvt.xdr.accenturefederalcyber.com,reposerver.pvt.xdrtest.accenturefederalcyber.com,jenkins.pvt.xdrtest.accenturefederalcyber.com,pod1search-splunk-sh.pvt.xdrtest.accenturefederalcyber.com,iratemoses.xdr.accenturefederalcyber.com,jira.xdr.accenturefederalcyber.com,iratemoses.xdrtest.accenturefederalcyber.com,jira.xdrtest.accenturefederalcyber.com
+    export https_proxy=$HTTPS_PROXY
+    export http_proxy=$HTTP_PROXY
+    export no_proxy=$NO_PROXY
+  path: /etc/profile.d/proxy.sh
 - content: |
     ${fqdn}
   path: /etc/salt/minion_id
@@ -19,6 +35,7 @@ write_files:
 - content: |
     grains:
       environment: ${ environment }
+      aws_region: ${ aws_region }
       aws_partition: ${ aws_partition }
       aws_partition_alias: ${ aws_partition_alias }
   path: /etc/salt/minion.d/cloud_init_grains.conf

base/splunk_servers/heavy_forwarder/main.tf

@@ -165,6 +165,7 @@ data "template_file" "cloud-init" {
     proxy = var.proxy
     aws_partition = var.aws_partition
     aws_partition_alias = var.aws_partition_alias
+    aws_region = var.aws_region
   }
 }
 

base/splunk_servers/indexer_cluster/cloudinit.tf → base/splunk_servers/indexer_cluster/cloud-init.tf

@@ -10,6 +10,7 @@ data "template_file" "cloud-init" {
     proxy = var.proxy
     aws_partition = var.aws_partition
     aws_partition_alias = var.aws_partition_alias
+    aws_region = var.aws_region
   }
 }
 

base/splunk_servers/indexer_cluster/cloud-init/cloud-init.tpl

@@ -8,12 +8,34 @@ write_files:
     proxy=http://${proxy}:80
   path: /etc/yum.conf
   append: true
+- content: |
+    proxy_host: ${proxy}
+    proxy_port: 80
+  path: /etc/salt/minion.d/proxy.conf
+- content: |
+    [global]
+    proxy=${proxy}
+  path: /etc/pip.conf
+- content: |
+    export HTTPS_PROXY=http://${proxy}:80
+    export HTTP_PROXY=http://${proxy}:80
+    export NO_PROXY=localhost,127.0.0.1,169.254.169.254,pvt.xdrtest.accenturefederalcyber.com,pvt.xdr.accenturefederalcyber.com,reposerver.msoc.defpoint.local,jenkins.msoc.defpoint.local,pod1search-splunk-sh.msoc.defpoint.local,s3.amazonaws.com,ssm.${ aws_region }.amazonaws.com,ec2messages.${ aws_region }.amazonaws.com,ec2.${ aws_region }.amazonaws.com,ssmmessages.${ aws_region }.amazonaws.com,iratemoses.mdr.defpoint.com,jira.mdr.defpoint.com,reposerver.pvt.xdr.accenturefederalcyber.com,jenkins.pvt.xdr.accenturefederalcyber.com,pod1search-splunk-sh.pvt.xdr.accenturefederalcyber.com,reposerver.pvt.xdrtest.accenturefederalcyber.com,jenkins.pvt.xdrtest.accenturefederalcyber.com,pod1search-splunk-sh.pvt.xdrtest.accenturefederalcyber.com,iratemoses.xdr.accenturefederalcyber.com,jira.xdr.accenturefederalcyber.com,iratemoses.xdrtest.accenturefederalcyber.com,jira.xdrtest.accenturefederalcyber.com
+    export https_proxy=$HTTPS_PROXY
+    export http_proxy=$HTTP_PROXY
+    export no_proxy=$NO_PROXY
+  path: /etc/profile.d/proxy.sh
+# indexers don't know their fqdn until boot, so this is created below in bootcmd
+#- content: |
+#    $ {fqdn}
+#  path: /etc/salt/minion_id
 - content: |
     master: ${salt_master}
+    #log_level: debug
   path: /etc/salt/minion
 - content: |
     grains:
       environment: ${ environment }
+      aws_region: ${ aws_region }
       aws_partition: ${ aws_partition }
       aws_partition_alias: ${ aws_partition_alias }
   path: /etc/salt/minion.d/cloud_init_grains.conf
@@ -52,8 +74,18 @@ runcmd:
  # For indexers only
  # legacy slept for 20 seconds, but I think aide update will take care of that delay
  - /bin/salt-call saltutil.sync_all
- - /bin/salt-call saltutil.refresh_pillar
- - /bin/salt-call saltutil.refresh_grains
+ # Chicken/egg problem. We need pillars to get correct grains, and grains to get correct pillars.
+ - /bin/salt-call --refresh-grains-cache saltutil.refresh_pillar
+ - /bin/sleep 1
+ - /bin/salt-call --refresh-grains-cache saltutil.refresh_grains
+ - /bin/sleep 1
+ - /bin/salt-call --refresh-grains-cache saltutil.refresh_pillar
+ - /bin/sleep 1
+ - /bin/salt-call --refresh-grains-cache saltutil.refresh_grains
+ - /bin/sleep 1
+ # Recording our initial values is useful for troubleshooting
+ - /bin/salt-call pillar.items > /root/pillars.initial_highstate.yml
+ - /bin/salt-call grains.items > /root/grains.initial_highstate.yml
  - /bin/salt-call state.highstate
 
 # Either final message or power state, but probably not both

base/splunk_servers/searchhead/cloud-init/cloud-init.tpl

@@ -10,6 +10,22 @@ write_files:
     proxy=http://${proxy}:80
   path: /etc/yum.conf
   append: true
+- content: |
+    proxy_host: ${proxy}
+    proxy_port: 80
+  path: /etc/salt/minion.d/proxy.conf
+- content: |
+    [global]
+    proxy=${proxy}
+  path: /etc/pip.conf
+- content: |
+    export HTTPS_PROXY=http://${proxy}:80
+    export HTTP_PROXY=http://${proxy}:80
+    export NO_PROXY=localhost,127.0.0.1,169.254.169.254,pvt.xdrtest.accenturefederalcyber.com,pvt.xdr.accenturefederalcyber.com,reposerver.msoc.defpoint.local,jenkins.msoc.defpoint.local,pod1search-splunk-sh.msoc.defpoint.local,s3.amazonaws.com,ssm.${ aws_region }.amazonaws.com,ec2messages.${ aws_region }.amazonaws.com,ec2.${ aws_region }.amazonaws.com,ssmmessages.${ aws_region }.amazonaws.com,iratemoses.mdr.defpoint.com,jira.mdr.defpoint.com,reposerver.pvt.xdr.accenturefederalcyber.com,jenkins.pvt.xdr.accenturefederalcyber.com,pod1search-splunk-sh.pvt.xdr.accenturefederalcyber.com,reposerver.pvt.xdrtest.accenturefederalcyber.com,jenkins.pvt.xdrtest.accenturefederalcyber.com,pod1search-splunk-sh.pvt.xdrtest.accenturefederalcyber.com,iratemoses.xdr.accenturefederalcyber.com,jira.xdr.accenturefederalcyber.com,iratemoses.xdrtest.accenturefederalcyber.com,jira.xdrtest.accenturefederalcyber.com
+    export https_proxy=$HTTPS_PROXY
+    export http_proxy=$HTTP_PROXY
+    export no_proxy=$NO_PROXY
+  path: /etc/profile.d/proxy.sh
 - content: |
     ${fqdn}
   path: /etc/salt/minion_id
@@ -19,6 +35,7 @@ write_files:
 - content: |
     grains:
       environment: ${ environment }
+      aws_region: ${ aws_region }
       aws_partition: ${ aws_partition }
       aws_partition_alias: ${ aws_partition_alias }
   path: /etc/salt/minion.d/cloud_init_grains.conf

base/splunk_servers/searchhead/main.tf

@@ -165,6 +165,7 @@ data "template_file" "cloud-init" {
     proxy = var.proxy
     aws_partition = var.aws_partition
     aws_partition_alias = var.aws_partition_alias
+    aws_region = var.aws_region
   }
 }
 

base/test_instance/main.tf

@@ -31,6 +31,7 @@ data "template_file" "cloud-init" {
     saltmaster  = "salt-master.${var.dns_info["private"]["zone"]}"
     aws_partition = var.aws_partition
     aws_partition_alias = var.aws_partition_alias
+    aws_region = var.aws_region
   }
 }
 

base/mailrelay/cloud-init/cloud_init.tpl → base/vault/cloud-init/cloud-init.tpl

@@ -31,6 +31,7 @@ write_files:
 - content: |
     grains:
       environment: ${ environment }
+      aws_region: ${ aws_region }
       aws_partition: ${ aws_partition }
       aws_partition_alias: ${ aws_partition_alias }
   path: /etc/salt/minion.d/cloud_init_grains.conf
@@ -55,7 +56,6 @@ growpart:
   ignore_growroot_disabled: false
 
 runcmd:
-# Standard stuff
  - /bin/systemctl restart salt-minion
  - /bin/systemctl enable salt-minion
  - /bin/systemctl start amazon-ssm-agent
@@ -63,7 +63,6 @@ runcmd:
  - /usr/sbin/aide --update --verbose=0
  - /bin/cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
 
-
 # Either final message or power state, but probably not both
 final_message: "The system is up after $UPTIME seconds"
 #power_state:

base/vault/main.tf

@@ -161,7 +161,7 @@ module "private_dns_record" {
 data "template_file" "cloud_init" {
   for_each = toset(var.instance_count)
   # Should these be in a common directory? I suspect they'd be reusable
-  template = file("${path.module}/cloud-init/cloud_init.tpl")
+  template = file("${path.module}/cloud-init/cloud-init.tpl")
 
   vars = {
     hostname = "${var.instance_name}-${each.value}"