fix: adds ssm from docker image (#1139)

* fix: adds ssm from docker image directly * fix: suggestion from review * fix: disable gpg for aws ssm * fix: dont run zypper for nonsuse * fix: adds enable and disable repo
mesosphere · Aug 8, 2024 · 46c805a · 46c805a
1 parent a236e58
commit 46c805a
Show file tree

Hide file tree

Showing 6 changed files with 25 additions and 30 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -32,6 +32,8 @@ ARG BUILDARCH
 # Packer copies /usr/local/bin/goss-amd64 from this container to the remote host
 COPY --from=devkit /usr/local/bin/goss-amd64 /usr/local/bin/goss-amd64
 
+COPY --from=devkit /opt/amazon-ssm-agent.rpm /opt/amazon-ssm-agent.rpm
+
 # we copy this to remote hosts to execute mindthegap so its always amd64
 COPY --from=devkit /usr/local/bin/mindthegap /usr/local/bin/
 COPY --from=devkit /usr/local/bin/packer-${BUILDARCH} /usr/local/bin/packer

diff --git a/Dockerfile.devkit b/Dockerfile.devkit
@@ -78,6 +78,7 @@ RUN curl -L "https://github.com/goss-org/goss/releases/download/${GOSS_VERSION}/
 RUN chmod +rx /usr/local/bin/goss-amd64
 ARG BUILDARCH
 RUN ln -s /usr/local/bin/goss-${BUILDARCH} /usr/local/bin/goss
+RUN curl -o /opt/amazon-ssm-agent.rpm https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
 
 COPY --from=packer-amd64 /bin/packer /usr/local/bin/packer-amd64
 COPY --from=packer-arm64 /bin/packer /usr/local/bin/packer-arm64

diff --git a/ansible/roles/providers/tasks/aws.yml b/ansible/roles/providers/tasks/aws.yml
@@ -42,38 +42,34 @@
     - ansible_distribution != "Amazon"
     - ansible_os_family != "Suse"
 
-- name: install aws agents RPM
-  package:
-    name: "{{ item }}"
-    state: present
-    # must be fixed by amazon https://github.com/aws/amazon-ssm-agent/issues/235
-    disable_gpg_check: yes
-    enablerepo: "{{ 'offline' if offline_mode_enabled else '' }}"
-    disablerepo: "{{ '*' if offline_mode_enabled else '' }}"
-  with_items:
-    - "{{ 'amazon-ssm-agent' if offline_mode_enabled else 'https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm' }}"
-  when:
-    - ansible_os_family == "RedHat"
-    - ansible_distribution != "Amazon"
 
-- name: install aws agents RPM
-  package:
-    name: "{{ item }}"
-    state: present
-    # must be fixed by amazon https://github.com/aws/amazon-ssm-agent/issues/235
-    disable_gpg_check: yes
-  with_items:
-    - https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
-  when:
-    - ansible_os_family == "Suse"
-    - ansible_distribution != "Amazon"
+- block:
+  - name: copy ssm rpm
+    copy:
+      src: /opt/amazon-ssm-agent.rpm
+      dest: /opt/amazon-ssm-agent.rpm
 
-- name: install aws agents RPM
+  - name: install aws agents RPM
+    ansible.builtin.yum:
+      name: /opt/amazon-ssm-agent.rpm
+      state: present
+      disable_gpg_check: yes
+      enablerepo: "{{ 'offline' if offline_mode_enabled else '' }}"
+      disablerepo: "{{ '*' if offline_mode_enabled else '' }}"
+    when: ansible_os_family == "RedHat" and ansible_distribution != "Amazon"
+
+  - name: install aws agents RPM
+    ansible.builtin.zypper:
+      name: /opt/amazon-ssm-agent.rpm
+      state: present
+      disable_gpg_check: yes
+    when: ansible_os_family == "Suse" and ansible_distribution != "Amazon"
+
+- name: install aws cli for amazon linux
   package:
     name: "{{ item }}"
     state: present
   with_items:
-    - amazon-ssm-agent
     - awscli
   when: ansible_distribution == "Amazon"
 
@@ -94,4 +90,3 @@
     state: started
     enabled: yes
   when: ansible_distribution == "Ubuntu"
-
diff --git a/bundles/redhat8.6/bundle.sh.gotmpl b/bundles/redhat8.6/bundle.sh.gotmpl
@@ -79,7 +79,6 @@ yumdownloader --setopt=skip_missing_names_on_install=False -x \*i686 --archlist=
   $(< packages.txt)
 
 rm packages.txt reqs.txt
-curl https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm -o amazon-ssm-agent.rpm
 createrepo -v .
 repo2module . --module-name offline
 createrepo_mod .

diff --git a/bundles/redhat8.8/bundle.sh.gotmpl b/bundles/redhat8.8/bundle.sh.gotmpl
@@ -79,7 +79,6 @@ yumdownloader --setopt=skip_missing_names_on_install=False -x \*i686 --archlist=
   $(< packages.txt)
 
 rm packages.txt reqs.txt
-curl https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm -o amazon-ssm-agent.rpm
 createrepo -v .
 repo2module . --module-name offline
 createrepo_mod .

diff --git a/bundles/rocky9.1/bundle.sh.gotmpl b/bundles/rocky9.1/bundle.sh.gotmpl
@@ -15,7 +15,6 @@ repoquery --archlist=x86_64,noarch  --resolve --requires --recursive  $(< packag
 #shellcheck disable=SC2046
 yumdownloader  --archlist=x86_64,noarch -x \*i686 $(< packages.txt)
 rm packages.txt
-curl https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm -o amazon-ssm-agent.rpm
 createrepo -v . && chown -R 1000:1000 repodata/
 #shellcheck disable=SC1083,SC2035
 tar -czf {{ .OutputDirectory }}/{{ .KubernetesVersion }}_rocky_9.1_x86_64.tar.gz *