add security setting

2022-10-18 13:40:35 +09:00
parent a6317d96ad
commit 13cb67be19
33 changed files with 690 additions and 0 deletions
--- a/build_ami_security/datasaker-bastion-packer-ubuntu.pkr.hcl
+++ b/build_ami_security/datasaker-bastion-packer-ubuntu.pkr.hcl
@@ -0,0 +1,48 @@
+packer {
+  required_plugins {
+    amazon = {
+      version = ">= 0.0.2"
+      source  = "github.com/hashicorp/amazon"
+    }
+  }
+}
+
+variable "ami_prefix" {
+  type    = string
+  default = "datasaker-bastion-ubuntu2004"
+}
+
+locals {
+  timestamp = regex_replace(timestamp(), "[- TZ:]", "")
+}
+
+source "amazon-ebs" "datasaker-bastion-ubuntu2004" {
+  ami_name      = "${var.ami_prefix}-${local.timestamp}"
+  instance_type = "t3.small"
+  region        = "ap-northeast-2"
+  source_ami_filter {
+    filters = {
+      image-id            = "ami-0ea5eb4b05645aa8a"
+      root-device-type    = "ebs"
+      virtualization-type = "hvm"
+    }
+    most_recent = true
+    owners      = ["099720109477"]
+  }
+  tags = {
+    source_ami_name = "{{ .SourceAMIName }}"
+  }
+  ssh_username = "ubuntu"
+}
+
+build {
+  name    = "datasaker-bastion-packer"
+  sources = ["source.amazon-ebs.datasaker-bastion-ubuntu2004"]
+
+  provisioner "ansible" {
+    playbook_file    = "../ansible/bastion_roles.yaml"
+    user             = "ubuntu"
+    extra_arguments  = ["--become"]
+    ansible_env_vars = ["ANSIBLE_HOST_KEY_CHECKING=False"]
+  }
+}
--- a/build_ami_security/datasaker-node-packer-ubuntu.pkr.hcl
+++ b/build_ami_security/datasaker-node-packer-ubuntu.pkr.hcl
@@ -0,0 +1,51 @@
+packer {
+  required_plugins {
+    amazon = {
+      version = ">= 0.0.2"
+      source  = "github.com/hashicorp/amazon"
+    }
+  }
+}
+
+variable "ami_prefix" {
+  type    = string
+  default = "datasaker-node-ubuntu2004"
+}
+
+locals {
+  timestamp = regex_replace(timestamp(), "[- TZ:]", "")
+}
+
+
+
+# source 블록에는 실제 빌드할 이미지에 대한 스펙을 정의
+source "amazon-ebs" "datasaker-node-ubuntu2004" {
+  ami_name      = "${var.ami_prefix}-${local.timestamp}"
+  instance_type = "t3.small"
+  region        = "ap-northeast-2"
+  source_ami_filter {
+    filters = {
+      image-id            = "ami-0ea5eb4b05645aa8a"
+      root-device-type    = "ebs"
+      virtualization-type = "hvm"
+    }
+    most_recent = true
+    owners      = ["099720109477"]
+  }
+  tags = {
+    source_ami_name = "{{ .SourceAMIName }}"
+  }
+  ssh_username = "ubuntu"
+}
+
+build {
+  name      = "datasaker-packer"
+  sources   = ["source.amazon-ebs.datasaker-node-ubuntu2004"]
+
+  provisioner "ansible" {
+    playbook_file   = "../ansible/node_roles.yaml"
+    user            = "ubuntu"
+    extra_arguments = ["--become"]
+    ansible_env_vars = ["ANSIBLE_HOST_KEY_CHECKING=False"]
+  }
+}