Inicio Explorar Axuda
Rexistro Iniciar sesión
AFS
/
xdr-terraform-modules
2
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Árbore: 50c459706b
Ramas Etiquetas
xdr-terraform-m...
/
thirdparty
/
terraform-aws-github-runner
/
modules
/
runners
/
templates
/
start-runner.ps1

start-runner.ps1 4.4 KB
Histórico Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697 
  1. 

  2. ## Retrieve instance metadata
    3. 

  3. 

  4. Write-Host  "Retrieving TOKEN from AWS API"
    5. 

  5. $token=Invoke-RestMethod -Method PUT -Uri "http://169.254.169.254/latest/api/token" -Headers @{"X-aws-ec2-metadata-token-ttl-seconds" = "180"}
    6. 

  6. 

  7. $metadata=Invoke-RestMethod -Uri "http://169.254.169.254/latest/dynamic/instance-identity/document" -Headers @{"X-aws-ec2-metadata-token" = $token}
    8. 

  8. 

  9. $Region = $metadata.region
    10. 

  10. Write-Host  "Reteieved REGION from AWS API ($Region)"
    11. 

  11. 

  12. $InstanceId = $metadata.instanceId
    13. 

  13. Write-Host  "Reteieved InstanceId from AWS API ($InstanceId)"
    14. 

  14. 

  15. $tags=aws ec2 describe-tags --region "$Region" --filters "Name=resource-id,Values=$InstanceId" | ConvertFrom-Json
    16. 

  16. Write-Host  "Retrieved tags from AWS API"
    17. 

  17. 

  18. $environment=$tags.Tags.where( {$_.Key -eq 'ghr:environment'}).value
    19. 

  19. Write-Host  "Reteieved ghr:environment tag - ($environment)"
    20. 

  20. 

  21. $parameters=$(aws ssm get-parameters-by-path --path "/$environment/runner" --region "$Region" --query "Parameters[*].{Name:Name,Value:Value}") | ConvertFrom-Json
    22. 

  22. Write-Host  "Retrieved parameters from AWS SSM"
    23. 

  23. 

  24. $run_as=$parameters.where( {$_.Name -eq "/$environment/runner/run-as"}).value
    25. 

  25. Write-Host  "Retrieved /$environment/runner/run-as parameter - ($run_as)"
    26. 

  26. 

  27. $enable_cloudwatch_agent=$parameters.where( {$_.Name -eq "/$environment/runner/enable-cloudwatch"}).value
    28. 

  28. Write-Host  "Retrieved /$environment/runner/enable-cloudwatch parameter - ($enable_cloudwatch_agent)"
    29. 

  29. 

  30. $agent_mode=$parameters.where( {$_.Name -eq "/$environment/runner/agent-mode"}).value
    31. 

  31. Write-Host  "Retrieved /$environment/runner/agent-mode parameter - ($agent_mode)"
    32. 

  32. 

  33. if ($enable_cloudwatch_agent -eq "true")
    34. 

  34. {
    35. 

  35.     Write-Host  "Enabling CloudWatch Agent"    
    36. 

  36.     & 'C:\Program Files\Amazon\AmazonCloudWatchAgent\amazon-cloudwatch-agent-ctl.ps1' -a fetch-config -m ec2 -s -c "ssm:$environment-cloudwatch_agent_config_runner"
    37. 

  37. }
    38. 

  38. 

  39. ## Configure the runner
    40. 

  40. 

  41. Write-Host "Get GH Runner config from AWS SSM"
    42. 

  42. $config = $null
    43. 

  43. $i = 0
    44. 

  44. do {
    45. 

  45.     $config = (aws ssm get-parameters --names "$environment-$InstanceId" --with-decryption --region $Region  --query "Parameters[*].{Name:Name,Value:Value}" | ConvertFrom-Json)[0].value    
    46. 

  46.     Write-Host "Waiting for GH Runner config to become available in AWS SSM ($i/30)"
    47. 

  47.     Start-Sleep 1
    48. 

  48.     $i++
    49. 

  49. } while (($null -eq $config) -and ($i -lt 30))
    50. 

  50. 

  51. Write-Host "Delete GH Runner token from AWS SSM"
    52. 

  52. aws ssm delete-parameter --name "$environment-$InstanceId" --region $Region
    53. 

  53. 

  54. # Create or update user
    55. 

  55. if (-not($run_as)) {
    56. 

  56.   Write-Host "No user specified, using default ec2-user account"
    57. 

  57.   $run_as="ec2-user"
    58. 

  58. }
    59. 

  59. Add-Type -AssemblyName "System.Web"
    60. 

  60. $password = [System.Web.Security.Membership]::GeneratePassword(24, 4)
    61. 

  61. $securePassword = ConvertTo-SecureString $password -AsPlainText -Force
    62. 

  62. $username = $run_as
    63. 

  63. if (!(Get-LocalUser -Name $username -ErrorAction Ignore)) {
    64. 

  64.     New-LocalUser -Name $username -Password $securePassword
    65. 

  65.     Write-Host "Created new user ($username)"
    66. 

  66. }
    67. 

  67. else {
    68. 

  68.     Set-LocalUser -Name $username -Password $securePassword
    69. 

  69.     Write-Host "Changed password for user ($username)"
    70. 

  70. }
    71. 

  71. # Add user to groups
    72. 

  72. foreach ($group in @("Administrators", "docker-users")) {
    73. 

  73.     if ((Get-LocalGroup -Name "$group" -ErrorAction Ignore) -and
    74. 

  74.         !(Get-LocalGroupMember -Group "$group" -Member $username -ErrorAction Ignore)) {
    75. 

  75.         Add-LocalGroupMember -Group "$group" -Member $username
    76. 

  76.         Write-Host "Added $username to $group group"
    77. 

  77.     }
    78. 

  78. }
    79. 

  79. 

  80. # Disable User Access Control (UAC)
    81. 

  81. # TODO investigate if this is needed or if its overkill - https://github.com/philips-labs/terraform-aws-github-runner/issues/1505
    82. 

  82. Set-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name ConsentPromptBehaviorAdmin -Value 0 -Force
    83. 

  83. Write-Host "Disabled User Access Control (UAC)"
    84. 

  84. 

  85. $configCmd = ".\config.cmd --unattended --name $InstanceId --work `"_work`" $config"
    86. 

  86. Write-Host "Configure GH Runner as user $run_as"
    87. 

  87. Invoke-Expression $configCmd
    88. 

  88. 

  89. Write-Host "Starting the runner as user $run_as"
    90. 

  90. 

  91. Write-Host  "Installing the runner as a service"
    92. 

  92. 

  93. $action = New-ScheduledTaskAction -WorkingDirectory "$pwd" -Execute "run.cmd"
    94. 

  94. $trigger = Get-CimClass "MSFT_TaskRegistrationTrigger" -Namespace "Root/Microsoft/Windows/TaskScheduler"
    95. 

  95. Register-ScheduledTask -TaskName "runnertask" -Action $action -Trigger $trigger -User $username -Password $password -RunLevel Highest -Force
    96. 

  96. Write-Host "Starting the runner in persistent mode"
    97. 

  97. Write-Host "Starting runner after $(((get-date) - (gcim Win32_OperatingSystem).LastBootUpTime).tostring("hh':'mm':'ss''"))"
    98.