AFS
/
xdr-terraform-modules


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192
							#cloud-config
preserve_hostname: false
hostname: ${hostname}
salt-master: ${salt_master}
fqdn: ${fqdn}

# Ubuntu Advantage - broken? Using cmd.run
#ubuntu_advantage:
#  token: ${ua_key}
#  enable:
#  - fips
#  - cis
#  - esm-infra
#  - fips-updates
#  - livepatch # no livepatch with fips!

# Write files happens early
write_files:
- content: |
    Acquire::http::Proxy "http://${proxy}:80/";
    Acquire::https::Proxy "http://${proxy}:80/";
    APT::ExtractTemplates::TempDir "/opt/tmp/";
  path: /etc/apt/apt.conf.d/75xdrexecpath
  append: true
- content: |
    [global]
    proxy=${proxy}:80
  path: /etc/pip.conf
- content: |
    export HTTPS_PROXY=http://${proxy}:80
    export HTTP_PROXY=http://${proxy}:80
    export NO_PROXY=localhost,127.0.0.1,169.254.169.254,pvt.xdrtest.accenturefederalcyber.com,pvt.xdr.accenturefederalcyber.com,reposerver.msoc.defpoint.local,jenkins.msoc.defpoint.local,pod1search-splunk-sh.msoc.defpoint.local,s3.amazonaws.com,ssm.${ aws_region }.amazonaws.com,ec2messages.${ aws_region }.amazonaws.com,ec2.${ aws_region }.amazonaws.com,ssmmessages.${ aws_region }.amazonaws.com,iratemoses.mdr.defpoint.com,jira.mdr.defpoint.com,reposerver.pvt.xdr.accenturefederalcyber.com,jenkins.pvt.xdr.accenturefederalcyber.com,pod1search-splunk-sh.pvt.xdr.accenturefederalcyber.com,reposerver.pvt.xdrtest.accenturefederalcyber.com,jenkins.pvt.xdrtest.accenturefederalcyber.com,pod1search-splunk-sh.pvt.xdrtest.accenturefederalcyber.com,iratemoses.xdr.accenturefederalcyber.com,jira.xdr.accenturefederalcyber.com,iratemoses.xdrtest.accenturefederalcyber.com,jira.xdrtest.accenturefederalcyber.com
    export https_proxy=$HTTPS_PROXY
    export http_proxy=$HTTP_PROXY
    export no_proxy=$NO_PROXY
  path: /etc/profile.d/proxy.sh
- content: |
    ${fqdn}
  path: /etc/salt/minion_id
- content: |
    master: ${salt_master}
  path: /etc/salt/minion
- content: |
    grains:
      environment: ${ environment }
      aws_partition: ${ aws_partition }
      aws_partition_alias: ${ aws_partition_alias }
      aws_region: ${ aws_region }
  path: /etc/salt/minion.d/cloud_init_grains.conf

#yum_repos:
#  epel-release:
#    baseurl: http://download.fedoraproject.org/pub/epel/7/$basearch
#    enabled: false
#    failovermethod: priority
#    gpgcheck: true
#    gpgkey: http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
#    name: Extra Packages for Enterprise Linux 7 - Release

packages:
 - vim

package_update: true # Always patch

growpart:
  mode: auto
  devices: [ '/', '/var', '/var/log', '/var/log/audit', '/var/tmp', '/tmp', '/home' ]
  ignore_growroot_disabled: false

runcmd:
 - find /usr/local/lib -type f -exec chmod o+r {} \;
 - ua attach ${ua_key}
 - ua enable --assume-yes cis fips fips-updates
 - /usr/share/ubuntu-scap-security-guides/cis-hardening/Canonical_Ubuntu_20.04_CIS-harden.sh lvl2_server
 - apt update 
 - apt upgrade -y
 - /bin/systemctl restart salt-minion
 - /bin/systemctl enable salt-minion
 - /bin/systemctl start amazon-ssm-agent
 - /bin/systemctl enable amazon-ssm-agent
 - /usr/sbin/aide --update --verbose=0
 - /bin/cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

# Either final message or power state, but probably not both
#final_message: "The system is up after $UPTIME seconds"
power_state:
  # delay is in minutes
  delay: "+1"
  mode: reboot
  message: "System configured after $UPTIME seconds"
#  timeout: 300
#  condition: true