| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899 | #cloud-configpreserve_hostname: falsesalt-master: ${salt_master}# Write files happens earlywrite_files:- content: |    proxy=http://${proxy}:80  path: /etc/yum.conf  append: true- content: |    [global]    proxy=${proxy}  path: /etc/pip.conf- content: |    export HTTPS_PROXY=http://${proxy}:80    export HTTP_PROXY=http://${proxy}:80    export NO_PROXY=localhost,127.0.0.1,169.254.169.254,pvt.xdrtest.accenturefederalcyber.com,pvt.xdr.accenturefederalcyber.com,reposerver.msoc.defpoint.local,jenkins.msoc.defpoint.local,pod1search-splunk-sh.msoc.defpoint.local,s3.amazonaws.com,ssm.${ aws_region }.amazonaws.com,ec2messages.${ aws_region }.amazonaws.com,ec2.${ aws_region }.amazonaws.com,ssmmessages.${ aws_region }.amazonaws.com,iratemoses.mdr.defpoint.com,jira.mdr.defpoint.com,reposerver.pvt.xdr.accenturefederalcyber.com,jenkins.pvt.xdr.accenturefederalcyber.com,pod1search-splunk-sh.pvt.xdr.accenturefederalcyber.com,reposerver.pvt.xdrtest.accenturefederalcyber.com,jenkins.pvt.xdrtest.accenturefederalcyber.com,pod1search-splunk-sh.pvt.xdrtest.accenturefederalcyber.com,iratemoses.xdr.accenturefederalcyber.com,jira.xdr.accenturefederalcyber.com,iratemoses.xdrtest.accenturefederalcyber.com,jira.xdrtest.accenturefederalcyber.com    export https_proxy=$HTTPS_PROXY    export http_proxy=$HTTP_PROXY    export no_proxy=$NO_PROXY  path: /etc/profile.d/proxy.sh- content: |    master: ${salt_master}  path: /etc/salt/minion- content: |    grains:      environment: ${ environment }      aws_region: ${ aws_region }      aws_partition: ${ aws_partition }      aws_partition_alias: ${ aws_partition_alias }  path: /etc/salt/minion.d/cloud_init_grains.conf#yum_repos:#  epel-release:#    baseurl: http://download.fedoraproject.org/pub/epel/7/$basearch#    enabled: false#    failovermethod: priority#    gpgcheck: true#    gpgkey: http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7#    name: Extra Packages for Enterprise Linux 7 - Releasepackages: - vimpackage_update: true # Always patchgrowpart:  mode: auto  devices: [ '/', '/var', '/var/log', '/var/log/audit', '/var/tmp', '/tmp', '/home' ]  ignore_growroot_disabled: falsebootcmd: - "IMDS2_TOKEN=`curl --silent --fail -X PUT --connect-timeout 1 --max-time 2 'http://169.254.169.254/latest/api/token' -H 'X-aws-ec2-metadata-token-ttl-seconds: 90'`" - "INSTANCE_ID=`/usr/bin/curl -f --connect-timeout 1 -H X-aws-ec2-metadata-token:\\ $IMDS2_TOKEN --silent http://169.254.169.254/latest/meta-data/instance-id | tail -c 3`" - "/bin/hostnamectl set-hostname customer-portal-$INSTANCE_ID'.${zone}'" - "echo customer-portal-$INSTANCE_ID'.${zone}' > /etc/salt/minion_id"runcmd: - /bin/systemctl restart salt-minion - /bin/systemctl enable salt-minion - /bin/systemctl start amazon-ssm-agent - /bin/systemctl enable amazon-ssm-agent - /usr/sbin/aide --update --verbose=0 - /bin/cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz # Allow Salt to setup Portal for autoscaling group - "/bin/echo MARKER: START SALT SYNC" - /bin/salt-call saltutil.sync_all refresh=True # Chicken/egg problem. We need pillars to get correct grains, and grains to get correct pillars. # Sleep needs to be this long due to the magical forces inside of the salt master that govern pillars.  # It takes 30 minutes to fully start portal docker container.  - /bin/sleep 420 - /bin/salt-call --refresh-grains-cache saltutil.refresh_modules - /bin/sleep 60 - /bin/salt-call --refresh-grains-cache saltutil.refresh_grains - /bin/sleep 60 - /bin/salt-call --refresh-grains-cache saltutil.refresh_pillar - /bin/sleep 60  # Recording our initial values is useful for troubleshooting - /bin/salt-call pillar.get aws_registry_account --out=text > /root/pillar.aws_registry_account.yml - /bin/salt-call pillar.items > /root/pillars.initial_highstate.yml - /bin/salt-call grains.items > /root/grains.initial_highstate.yml - "/bin/echo MARKER: START FIRST HIGHSTATE" - /bin/salt-call state.highstate - "/bin/echo MARKER: END FIRST HIGHSTATE" - "/bin/echo MARKER: START SECOND HIGHSTATE" - /bin/salt-call state.highstate - "/bin/echo MARKER: END SECOND HIGHSTATE"# Either final message or power state, but probably not bothfinal_message: "The system is up after $UPTIME seconds"#power_state:#  delay: "+30"#  mode: reboot#  message: "System configured after $UPTIME seconds"#  timeout: 300#  condition: true
 |