diff --git a/ops/infrastructure/bastion_playbook.yml b/ops/infrastructure/bastion_playbook.yml index 3e7afddc44..4dc97b0776 100644 --- a/ops/infrastructure/bastion_playbook.yml +++ b/ops/infrastructure/bastion_playbook.yml @@ -77,7 +77,7 @@ ansible.builtin.copy: src: '{{ backup_file }}' dest: "/home/ec2-user/database_bootstrap.backup" - owner: centos + owner: ec2-user group: when: backup_file @@ -94,8 +94,8 @@ path: "{{ item }}" state: directory mode: '0755' - owner: centos - group: centos + owner: ec2-user + group: ec2-user loop: - "/home/ec2-user/downloads" - "/home/ec2-user/converted" @@ -105,8 +105,8 @@ ansible.builtin.copy: src: "../../../../gigadb/app/tools/files-url-updater/databaseReset.sh" dest: /usr/local/bin/databaseReset - owner: centos - group: centos + owner: ec2-user + group: ec2-user mode: a+x - name: Create a bin and log directory (for composer and cronjob logging) if it does not exist @@ -114,8 +114,8 @@ path: "/home/ec2-user/{{ item }}" state: directory mode: '0755' - owner: centos - group: centos + owner: ec2-user + group: ec2-user loop: - "logs" @@ -150,32 +150,32 @@ ansible.builtin.copy: src: "../../../../gigadb/app/tools/excel-spreadsheet-uploader/execute.sh" dest: /usr/local/bin/datasetUpload - owner: centos - group: centos + owner: ec2-user + group: ec2-user mode: a+x - name: Copy dataset upload tool shell post upload script ansible.builtin.copy: src: "../../../../gigadb/app/tools/excel-spreadsheet-uploader/postUpload.sh" dest: /usr/local/bin/postUpload - owner: centos - group: centos + owner: ec2-user + group: ec2-user mode: a+x - name: Copy script for updating the md5 values and file size to db ansible.builtin.copy: src: "../../../../gigadb/app/tools/excel-spreadsheet-uploader/filesMetaToDb.sh" dest: /usr/local/bin/filesMetaToDb - owner: centos - group: centos + owner: ec2-user + group: ec2-user mode: a+x - name: Create env file for database (for pg_client docker service) ansible.builtin.template: src: ../../../../gigadb/app/tools/excel-spreadsheet-uploader/env.j2 dest: /home/ec2-user/db-env - owner: centos - group: centos + owner: ec2-user + group: ec2-user mode: 0644 - name: Create directories for dataset upload operations @@ -183,19 +183,19 @@ path: "{{ item }}" state: directory mode: '0755' - owner: centos - group: centos + owner: ec2-user + group: ec2-user loop: - "/home/ec2-user/uploadLogs" - "/home/ec2-user/uploadDir" - - name: Ensure centos user has GIGADB_ENV set + - name: Ensure ec2-user user has GIGADB_ENV set ansible.builtin.lineinfile: path: /home/ec2-user/.bash_profile insertafter: '# User specific environment and startup programs\n' line: "GIGADB_ENV={{ gigadb_environment }}" - - name: Ensure centos user has GITLAB_PROJECT set + - name: Ensure ec2-user user has GITLAB_PROJECT set ansible.builtin.lineinfile: path: /home/ec2-user/.bash_profile insertafter: '# User specific environment and startup programs\n' @@ -212,15 +212,15 @@ path: "/etc/aws" state: directory mode: '0755' - owner: centos - group: centos + owner: ec2-user + group: ec2-user - name: Create AWS credential file for access to AWS S3 metadata bucket template: src: ../../../../ops/configuration/aws-conf/credentials.j2 dest: "/etc/aws/credentials" - owner: centos - group: centos + owner: ec2-user + group: ec2-user mode: 0644 - name: Create setup for generating and uploading database dump files to S3 @@ -234,8 +234,8 @@ path: /home/ec2-user/.config/rclone state: directory mode: '0755' - owner: centos - group: centos + owner: ec2-user + group: ec2-user - name: Create AWS S3 configuration for rclone template: @@ -250,8 +250,8 @@ path: "{{ item }}" state: directory mode: '0755' - owner: centos - group: centos + owner: ec2-user + group: ec2-user loop: - "/home/ec2-user/backups" @@ -284,24 +284,24 @@ ansible.builtin.copy: content: 'df -h | grep /dev/ | cut -d " " -f10 | cut -d% -f1' dest: /home/ec2-user/diskUsage - owner: centos - group: centos + owner: ec2-user + group: ec2-user mode: a+x - name: Create the Gitter notify script ansible.builtin.copy: content: "source /home/ec2-user/.env;curl -X POST -i -H \"Content-Type: application/json\" -H \"Accept: application/json\" -H \"Authorization: Bearer $GITTER_API_TOKEN\" \"https://api.gitter.im/v1/rooms/$GITTER_IT_NOTIFICATION_ROOM_ID/chatMessages\" -d '{\"text\":\"Disk space usage requires attention on '\"$DEPLOYMENT_TIER-$GIGADB_ENVIRONMENT\"': '\"$1\"'%\"}'" dest: /home/ec2-user/notify - owner: centos - group: centos + owner: ec2-user + group: ec2-user mode: a+x - name: Copy swatch config file ansible.builtin.copy: src: "{{ item }}" dest: /home/ec2-user/ - owner: centos - group: centos + owner: ec2-user + group: ec2-user loop: - "../../../../gigadb/app/tools/disk-usage-monitor/swatch.conf" - "../../../../gigadb/app/tools/disk-usage-monitor/check-swatch.conf" @@ -330,8 +330,8 @@ ansible.builtin.copy: src: "../../../../gigadb/app/tools/readme-generator/createReadme.sh" dest: /usr/local/bin/createReadme - owner: centos - group: centos + owner: ec2-user + group: ec2-user mode: a+x # Files created by readme tool container can be accessed in this directory @@ -340,8 +340,8 @@ path: /home/ec2-user/readmeFiles state: directory mode: '0755' - owner: centos - group: centos + owner: ec2-user + group: ec2-user - name: Setup files metadata console tool hosts: name_bastion_server_{{gigadb_env}}* @@ -354,16 +354,16 @@ ansible.builtin.copy: src: "../../../../gigadb/app/tools/files-metadata-console/scripts/updateUrls.sh" dest: /usr/local/bin/updateUrls - owner: centos - group: centos + owner: ec2-user + group: ec2-user mode: a+x - name: Copy shell script for calculating the file sizes and md5 ansible.builtin.copy: src: "../../../../gigadb/app/tools/files-metadata-console/scripts/md5.sh" dest: /usr/local/bin/calculateChecksumSizes - owner: centos - group: centos + owner: ec2-user + group: ec2-user mode: a+x - name: Install gum @@ -377,8 +377,8 @@ ansible.builtin.copy: src: "../../../../gigadb/app/tools/files-metadata-console/scripts/compare_files.sh" dest: /usr/local/bin/compare - owner: centos - group: centos + owner: ec2-user + group: ec2-user mode: a+x diff --git a/ops/infrastructure/roles/bastion-users/tasks/main.yml b/ops/infrastructure/roles/bastion-users/tasks/main.yml index f30e29f5e3..4b53d40c62 100644 --- a/ops/infrastructure/roles/bastion-users/tasks/main.yml +++ b/ops/infrastructure/roles/bastion-users/tasks/main.yml @@ -4,7 +4,7 @@ ansible.builtin.user: name: "{{ newuser }}" shell: /bin/bash - groups: centos + groups: ec2-user append: yes - name: Create a .ssh and uploadDir directories @@ -22,8 +22,8 @@ ansible.builtin.file: path: "/home/ec2-user/{{ newuser }}.keys" state: directory - owner: centos - group: centos + owner: ec2-user + group: ec2-user - name: Add curator to sudoers ansible.builtin.lineinfile: @@ -61,7 +61,7 @@ - name: generate key pair community.crypto.openssh_keypair: path: "/home/ec2-user/{{ newuser }}.keys/id_ssh_rsa" - owner: centos + owner: ec2-user register: pk - debug: diff --git a/ops/scripts/ansible_init.sh b/ops/scripts/ansible_init.sh index a17563c5cd..ed6608e680 100755 --- a/ops/scripts/ansible_init.sh +++ b/ops/scripts/ansible_init.sh @@ -101,7 +101,7 @@ webapp_ip=$(terraform output ec2_public_ip | sed 's/"//g') files_private_ip=$(terraform output ec2_files_private_ip | sed 's/"//g') files_ip=$(terraform output ec2_files_public_ip | sed 's/"//g') -echo "ec2_bastion_login_account = centos@$bastion_ip" >> ansible.properties +echo "ec2_bastion_login_account = ec2-user@$bastion_ip" >> ansible.properties # variables needed by disk-usage-monitor gitter_room_id=$(curl -s --header "PRIVATE-TOKEN: $GITLAB_PRIVATE_TOKEN" "$FORK_VARIABLES_URL/GITTER_IT_NOTIFICATION_ROOM_ID" | jq -r .value) @@ -132,9 +132,10 @@ ssh-keygen -R $bastion_ip ssh-keygen -R $webapp_private_ip ssh-keygen -R $files_private_ip # Add the new key +# Add the new key ssh-keyscan -t ecdsa $bastion_ip >> ~/.ssh/known_hosts -web_host=$(ssh -i $aws_ssh_key centos"@$bastion_ip" ssh-keyscan -t ecdsa "$webapp_private_ip") -files_host=$(ssh -i $aws_ssh_key centos@"$bastion_ip" ssh-keyscan -t ecdsa "$files_private_ip") +web_host=$(ssh -i $aws_ssh_key ec2-user"@$bastion_ip" ssh-keyscan -t ecdsa "$webapp_private_ip") +files_host=$(ssh -i $aws_ssh_key ec2-user"@$bastion_ip" ssh-keyscan -t ecdsa "$files_private_ip") echo "$web_host" >> ~/.ssh/known_hosts echo "$files_host" >> ~/.ssh/known_hosts