Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Boot mode and TPM support for AMI creation #944

Closed
1 task done
avery-blanchard opened this issue Jul 27, 2022 · 5 comments · Fixed by #1037
Closed
1 task done

Boot mode and TPM support for AMI creation #944

avery-blanchard opened this issue Jul 27, 2022 · 5 comments · Fixed by #1037
Assignees
Labels
feature This issue/PR relates to a feature request has_pr jira module module plugins plugin (any type) waiting_on_contributor Needs help. Feel free to engage to get things unblocked

Comments

@avery-blanchard
Copy link

Summary

I would like to use ansible to create an AMI with UEFI secure boot and TPM support. In the ec2_ami module, there are currently no parameters to do so. As UEFI and TPM support for Linux AMIs is new for AWS, I think it would be a useful new feature to add parameters for boot mode and tpm support. Amazon EC2 Now Supports NitroTPM and UEFI Secure Boot

Issue Type

Feature Idea

Component Name

ec2_ami

Additional Information

 - name: Create AMI
    amazon.aws.ec2_ami:
         name: test
         state: present
         architecture: x86_64
         virtualization_type: hvm
         root_device_name: /dev/sda1
         device_mapping:
                 - device_name: /dev/sda1
                    snapshot_id: "{{ snapshot_id }}"
          wait: yes
          region: us-east-1
          boot_mode: uefi
          uefi_data: data_file.bin
          tpm_support: v2.0  
                                       

Code of Conduct

  • I agree to follow the Ansible Code of Conduct
@ansibullbot
Copy link

Files identified in the description:

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

@ansibullbot
Copy link

@ansibullbot ansibullbot added feature This issue/PR relates to a feature request module module needs_triage plugins plugin (any type) labels Jul 27, 2022
@lkatalin
Copy link

lkatalin commented Aug 1, 2022

cc-ing myself as this is a joint issue submission with @avery-blanchard
cc @lkatalin

@lkatalin
Copy link

Just curious, which is the PR for this issue? I see the "has PR" label was added.

@mandar242
Copy link
Contributor

@lkatalin #1037 should likely solve the issue.

softwarefactory-project-zuul bot pushed a commit that referenced this issue Oct 12, 2022
ec2_ami: Add support for params BootMode, TpmSupport, UefiData

SUMMARY
Depends-On: #1066

Added support for params BootMode, TpmSupport, UefiData in ec2_ami.

Fixes #944
ISSUE TYPE


Feature Pull Request

COMPONENT NAME

ec2_ami
ADDITIONAL INFORMATION



Example playbook
- name: abc
  hosts: localhost
  gather_facts: false
  tasks:
    - name: AMI Creation with boot_mode and tpm_support
      amazon.aws.ec2_ami:
        name: ami-create-test_legacy-bios
        state: present
        architecture: x86_64
        virtualization_type: hvm
        root_device_name: /dev/sda1
        device_mapping:
          - device_name: /dev/sda1
            snapshot_id: snap-xxxxxxxxx
        wait: yes
        region: us-east-2
        boot_mode: legacy-bios
        tpm_support: v2.0
        tags:
          name: ami-create-test

Reviewed-by: Gonéri Le Bouder <[email protected]>
Reviewed-by: Mandar Kulkarni <[email protected]>
Reviewed-by: Mike Graves <[email protected]>
alinabuzachis pushed a commit to alinabuzachis/amazon.aws that referenced this issue Apr 27, 2023
…le-collections#1037)

ec2_ami: Add support for params BootMode, TpmSupport, UefiData

SUMMARY
Depends-On: ansible-collections#1066

Added support for params BootMode, TpmSupport, UefiData in ec2_ami.

Fixes ansible-collections#944
ISSUE TYPE


Feature Pull Request

COMPONENT NAME

ec2_ami
ADDITIONAL INFORMATION



Example playbook
- name: abc
  hosts: localhost
  gather_facts: false
  tasks:
    - name: AMI Creation with boot_mode and tpm_support
      amazon.aws.ec2_ami:
        name: ami-create-test_legacy-bios
        state: present
        architecture: x86_64
        virtualization_type: hvm
        root_device_name: /dev/sda1
        device_mapping:
          - device_name: /dev/sda1
            snapshot_id: snap-xxxxxxxxx
        wait: yes
        region: us-east-2
        boot_mode: legacy-bios
        tpm_support: v2.0
        tags:
          name: ami-create-test

Reviewed-by: Gonéri Le Bouder <[email protected]>
Reviewed-by: Mandar Kulkarni <[email protected]>
Reviewed-by: Mike Graves <[email protected]>
softwarefactory-project-zuul bot pushed a commit that referenced this issue Apr 28, 2023
#1487)

[manual backport stable-5] ec2_ami: Add support for params BootMode, TpmSupport, UefiData (#1037)

ec2_ami: Add support for params BootMode, TpmSupport, UefiData
SUMMARY
Depends-On: #1066
Added support for params BootMode, TpmSupport, UefiData in ec2_ami.
Fixes #944
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
ec2_ami
ADDITIONAL INFORMATION
Example playbook

name: abc hosts: localhost gather_facts: false tasks: - name: AMI Creation with boot_mode and tpm_support amazon.aws.ec2_ami: name: ami-create-test_legacy-bios state: present architecture: x86_64 virtualization_type: hvm root_device_name: /dev/sda1 device_mapping: - device_name: /dev/sda1 snapshot_id: snap-xxxxxxxxx wait: yes region: us-east-2 boot_mode: legacy-bios tpm_support: v2.0 tags: name: ami-create-test

Reviewed-by: Gonéri Le Bouder [email protected]
Reviewed-by: Mandar Kulkarni [email protected]
Reviewed-by: Mike Graves [email protected]
SUMMARY


ISSUE TYPE


Bugfix Pull Request
Docs Pull Request
Feature Pull Request
New Module Pull Request

COMPONENT NAME

ADDITIONAL INFORMATION
abikouo pushed a commit to abikouo/amazon.aws that referenced this issue Sep 18, 2023
)

New Modules: AWS Network Firewall - rule groups

Sorta-Depends-On: ansible-collections#974
SUMMARY
Two new modules for AWS Network Firewall rule groups.  This first iteration will only support stateful rule groups.
networkfirewall_rule_group.py
networkfirewall_rule_group_info.py
ToDo:

 Initial modules
 Return Value documentation
 Integration Tests
 CI Permissions

ISSUE TYPE

New Module Pull Request

COMPONENT NAME
plugins/module_utils/networkfirewall.py
plugins/modules/networkfirewall_rule_group.py
plugins/modules/networkfirewall_rule_group_info.py
ADDITIONAL INFORMATION
Note: It's a deliberate choice not to support creation of stateless rules initially.  I want to get some of the initial framework in place so that the Policy and Firewall pieces can be built out while waiting on reviews.

Reviewed-by: Alina Buzachis <None>
Reviewed-by: Mark Chappell <None>
abikouo pushed a commit to abikouo/amazon.aws that referenced this issue Sep 18, 2023
)

New Modules: AWS Network Firewall - rule groups

Sorta-Depends-On: ansible-collections#974
SUMMARY
Two new modules for AWS Network Firewall rule groups.  This first iteration will only support stateful rule groups.
networkfirewall_rule_group.py
networkfirewall_rule_group_info.py
ToDo:

 Initial modules
 Return Value documentation
 Integration Tests
 CI Permissions

ISSUE TYPE

New Module Pull Request

COMPONENT NAME
plugins/module_utils/networkfirewall.py
plugins/modules/networkfirewall_rule_group.py
plugins/modules/networkfirewall_rule_group_info.py
ADDITIONAL INFORMATION
Note: It's a deliberate choice not to support creation of stateless rules initially.  I want to get some of the initial framework in place so that the Policy and Firewall pieces can be built out while waiting on reviews.

Reviewed-by: Alina Buzachis <None>
Reviewed-by: Mark Chappell <None>
abikouo pushed a commit to abikouo/amazon.aws that referenced this issue Oct 24, 2023
)

New Modules: AWS Network Firewall - rule groups

Sorta-Depends-On: ansible-collections#974
SUMMARY
Two new modules for AWS Network Firewall rule groups.  This first iteration will only support stateful rule groups.
networkfirewall_rule_group.py
networkfirewall_rule_group_info.py
ToDo:

 Initial modules
 Return Value documentation
 Integration Tests
 CI Permissions

ISSUE TYPE

New Module Pull Request

COMPONENT NAME
plugins/module_utils/networkfirewall.py
plugins/modules/networkfirewall_rule_group.py
plugins/modules/networkfirewall_rule_group_info.py
ADDITIONAL INFORMATION
Note: It's a deliberate choice not to support creation of stateless rules initially.  I want to get some of the initial framework in place so that the Policy and Firewall pieces can be built out while waiting on reviews.

Reviewed-by: Alina Buzachis <None>
Reviewed-by: Mark Chappell <None>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature This issue/PR relates to a feature request has_pr jira module module plugins plugin (any type) waiting_on_contributor Needs help. Feel free to engage to get things unblocked
Projects
None yet
Development

Successfully merging a pull request may close this issue.

5 participants