From a73f34490de1127eeab90ab3736c449b03073398 Mon Sep 17 00:00:00 2001 From: Sebastian Haderecker Date: Wed, 25 Mar 2020 13:34:22 +0100 Subject: [PATCH] Update AWS Terraform - Add variables to cloud-init.yaml - Allow to set Linux OS password via cloud-init - Pass the tpot.conf file as inline content to allow variables - Remove obsolete tpot.conf file in terraform/ directory --- cloud/terraform/aws/main.tf | 2 +- cloud/terraform/aws/variables.tf | 26 ++++++++++++++++++++++++++ cloud/terraform/cloud-init.yaml | 22 +++++++++++----------- cloud/terraform/tpot.conf | 5 ----- 4 files changed, 38 insertions(+), 17 deletions(-) delete mode 100644 cloud/terraform/tpot.conf diff --git a/cloud/terraform/aws/main.tf b/cloud/terraform/aws/main.tf index 164bf3b1..533ee4bc 100644 --- a/cloud/terraform/aws/main.tf +++ b/cloud/terraform/aws/main.tf @@ -60,7 +60,7 @@ resource "aws_instance" "tpot" { volume_size = 128 delete_on_termination = true } - user_data = "${file("../cloud-init.yaml")} content: ${base64encode(file("../tpot.conf"))}" + user_data = templatefile("../cloud-init.yaml", {timezone = var.timezone, password = var.linux_password, tpot_flavor = var.tpot_flavor, web_user = var.web_user, web_password = var.web_password}) vpc_security_group_ids = [aws_security_group.tpot.id] associate_public_ip_address = true } diff --git a/cloud/terraform/aws/variables.tf b/cloud/terraform/aws/variables.tf index 2921f7ae..11da5c8d 100644 --- a/cloud/terraform/aws/variables.tf +++ b/cloud/terraform/aws/variables.tf @@ -52,3 +52,29 @@ variable "ec2_ami" { "us-west-2" = "ami-030a304a76b181155" } } + +# cloud-init configuration +variable "timezone" { + default = "UTC" +} + +variable "linux_password" { + #default = "LiNuXuSeRPaSs#" + description = "Set a password for the default user" +} + +# These will go in the generated tpot.conf file +variable "tpot_flavor" { + default = "STANDARD" + description = "Specify your tpot flavor [STANDARD, SENSOR, INDUSTRIAL, COLLECTOR, NEXTGEN]" +} + +variable "web_user" { + default = "webuser" + description = "Set a username for the web user" +} + +variable "web_password" { + #default = "w3b$ecret" + description = "Set a password for the web user" +} diff --git a/cloud/terraform/cloud-init.yaml b/cloud/terraform/cloud-init.yaml index 612f15d3..123e1612 100644 --- a/cloud/terraform/cloud-init.yaml +++ b/cloud/terraform/cloud-init.yaml @@ -1,9 +1,5 @@ #cloud-config -timezone: UTC - -package_update: true -package_upgrade: true -package_reboot_if_required: true +timezone: ${timezone} packages: - git @@ -12,14 +8,18 @@ runcmd: - git clone https://github.com/dtag-dev-sec/tpotce /root/tpot - /root/tpot/iso/installer/install.sh --type=auto --conf=/root/tpot.conf - rm /root/tpot.conf - - /sbin/shutdown -r +5 + - /sbin/shutdown -r now + +password: ${password} +chpasswd: + expire: false -# The contents of tpot.conf will be base64 encoded and appended to this file -# via the terraform configuration in main.tf -# -# Make sure there are no trailing new lines after "permissions" below write_files: - - encoding: b64 + - content: | + # tpot configuration file + myCONF_TPOT_FLAVOR='${tpot_flavor}' + myCONF_WEB_USER='${web_user}' + myCONF_WEB_PW='${web_password}' owner: root:root path: /root/tpot.conf permissions: '0600' diff --git a/cloud/terraform/tpot.conf b/cloud/terraform/tpot.conf deleted file mode 100644 index f2f3e6a0..00000000 --- a/cloud/terraform/tpot.conf +++ /dev/null @@ -1,5 +0,0 @@ -# tpot configuration file -# myCONF_TPOT_FLAVOR=[STANDARD, SENSOR, INDUSTRIAL, COLLECTOR, NEXTGEN] -myCONF_TPOT_FLAVOR='STANDARD' -myCONF_WEB_USER='webuser' -myCONF_WEB_PW='w3b$ecret'