Merge pull request #278 from mdr-engineering/feature/ftd_na_UbuntuStuffs

Fixes for Ubuntu Pro

base/splunk_servers/customer_searchhead/elb.tf

@@ -4,8 +4,7 @@ locals {
     var.environment == "test" ? 
       toset(concat(
         [ "10.0.0.0/8" ],
-        var.portal_test_whitelist,
-        [ "0.0.0.0/0" ] # 2021-09-16 temporary until zscalar is fixed
+        var.portal_test_whitelist
       ))
     :
       [ "0.0.0.0/0" ] 

base/vmray_instances/cloud-init/cloud-init.tpl

@@ -1,12 +1,17 @@
 #cloud-config
 preserve_hostname: false
+prefer_fqdn_over_hostname: true
+manage_etc_hosts: true
 hostname: ${hostname}
 salt-master: ${salt_master}
 fqdn: ${fqdn}
 
+apt:
+  http_proxy: "http://${proxy}:80/"
+  https_proxy: "http://${proxy}:80/"
+
 # Ubuntu Advantage - broken? Using cmd.run
 #ubuntu_advantage:
-#  token: ${ua_key}
 #  enable:
 #  - fips
 #  - cis
@@ -16,6 +21,12 @@ fqdn: ${fqdn}
 
 # Write files happens early
 write_files:
+- content: |
+    http_proxy="http://${proxy}:80/"
+    https_proxy="http://${proxy}:80/"
+    no_proxy=localhost,127.0.0.1,169.254.169.254
+  path: /etc/environment
+  append: true
 - content: |
     Acquire::http::Proxy "http://${proxy}:80/";
     Acquire::https::Proxy "http://${proxy}:80/";
@@ -34,6 +45,11 @@ write_files:
     export http_proxy=$HTTP_PROXY
     export no_proxy=$NO_PROXY
   path: /etc/profile.d/proxy.sh
+- content: |
+    net.ipv6.conf.eth0.disable_ipv6 = 1
+  permissions: 0644
+  owner: root
+  path: /etc/sysctl.d/10-disable-ipv6.conf
 - content: |
     ${fqdn}
   path: /etc/salt/minion_id
@@ -69,17 +85,20 @@ growpart:
 
 runcmd:
  - find /usr/local/lib -type f -exec chmod o+r {} \;
- - ua attach ${ua_key}
+ - export http_proxy=http://${proxy}:80
+ - export https_proxy=http://${proxy}:80
+ - export no_proxy=localhost,127.0.0.1,169.254.169.254
+ - ua auto-attach
  - ua enable --assume-yes cis fips fips-updates
  - /usr/share/ubuntu-scap-security-guides/cis-hardening/Canonical_Ubuntu_20.04_CIS-harden.sh lvl2_server
  - apt update 
  - apt upgrade -y
  - /bin/systemctl restart salt-minion
  - /bin/systemctl enable salt-minion
- - /bin/systemctl start amazon-ssm-agent
- - /bin/systemctl enable amazon-ssm-agent
+ - /bin/systemctl start snap.amazon-ssm-agent.amazon-ssm-agent.service
+ - /bin/systemctl enable snap.amazon-ssm-agent.amazon-ssm-agent.service
  - /usr/sbin/aide --update --verbose=0
- - /bin/cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
+ - /bin/cp /var/lib/aide/aide.db.new /var/lib/aide/aide.db
 
 # Either final message or power state, but probably not both
 #final_message: "The system is up after $UPTIME seconds"

base/vmray_instances/server.tf

@@ -118,7 +118,6 @@ data "template_cloudinit_config" "cloud-init-vmray-server" {
         aws_partition = var.aws_partition
         aws_partition_alias = var.aws_partition_alias
         aws_region = var.aws_region
-        ua_key = local.secret_ubuntu["ua_key"]
       }
     )
   }

base/vmray_instances/worker.tf

@@ -62,7 +62,7 @@ data "template_cloudinit_config" "cloud-init-vmray-worker" {
         aws_partition = var.aws_partition
         aws_partition_alias = var.aws_partition_alias
         aws_region = var.aws_region
-        ua_key = local.secret_ubuntu["ua_key"] # This is gathered in server.tf
+        #ua_key = local.secret_ubuntu["ua_key"] # This is gathered in server.tf
       }
     )
   }