Skip to content

Commit

Permalink
Add RDS components and user data
Browse files Browse the repository at this point in the history
  • Loading branch information
pav committed Nov 27, 2023
1 parent d947558 commit a855636
Show file tree
Hide file tree
Showing 2 changed files with 221 additions and 5 deletions.
127 changes: 122 additions & 5 deletions terraform/environments/hmpps-domain-services/locals_test.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,29 +48,146 @@ locals {
}
},

rds-connection-broker-and-licensing-server = {
rds-connection-broker = {
# ami has unwanted ephemeral device, don't copy all the ebs_volumess
config = merge(module.baseline_presets.ec2_instance.config.default, {
ami_name = "hmpps_windows_server_2022_release_2023-*"
availability_zone = null
ebs_volumes_copy_all_from_ami = false
user_data_raw = base64encode(file("./templates/windows_server_2022-user-data.yaml"))
user_data_raw = base64encode(templatefile("./templates/rds.yaml.tftpl",{
rds_hostname = "RDSConnectionBroker"
}))
})
instance = merge(module.baseline_presets.ec2_instance.instance.default, {
vpc_security_group_ids = ["private-dc"]
})
ebs_volumes = {
"/dev/sda1" = { type = "gp3", size = 100 }
}
autoscaling_group = module.baseline_presets.ec2_autoscaling_group.default
autoscaling_group = merge(module.baseline_presets.ec2_autoscaling_group.default, {
desired_capacity = 0 # set to 0 while testing
})
autoscaling_schedules = module.baseline_presets.ec2_autoscaling_schedules.working_hours
tags = {
description = "Windows Server 2022 to hold RDS connection broker and licensing server"
description = "Windows Server 2022 host for RDS connection broker role"
os-type = "Windows"
component = "test"
component = "RDS Connection Broker"
server-type = "hmpps-windows_2022"
}
},

rds-licensing = {
# ami has unwanted ephemeral device, don't copy all the ebs_volumess
config = merge(module.baseline_presets.ec2_instance.config.default, {
ami_name = "hmpps_windows_server_2022_release_2023-*"
availability_zone = null
ebs_volumes_copy_all_from_ami = false
user_data_raw = base64encode(templatefile("./templates/rds.yaml.tftpl",{
rds_hostname = "RDSLicensing"
}))
})
instance = merge(module.baseline_presets.ec2_instance.instance.default, {
vpc_security_group_ids = ["private-dc"]
})
ebs_volumes = {
"/dev/sda1" = { type = "gp3", size = 100 }
}
autoscaling_group = merge(module.baseline_presets.ec2_autoscaling_group.default, {
desired_capacity = 0 # set to 0 while testing
})
autoscaling_schedules = module.baseline_presets.ec2_autoscaling_schedules.working_hours
tags = {
description = "Windows Server 2022 host for RDS licensing role"
os-type = "Windows"
component = "RDS Licensing"
server-type = "hmpps-windows_2022"
}
},

rds-web-access = {
# ami has unwanted ephemeral device, don't copy all the ebs_volumess
config = merge(module.baseline_presets.ec2_instance.config.default, {
ami_name = "hmpps_windows_server_2022_release_2023-*"
availability_zone = null
ebs_volumes_copy_all_from_ami = false
user_data_raw = base64encode(templatefile("./templates/rds.yaml.tftpl",{
rds_hostname = "RDSWebAccess"
}))
})
instance = merge(module.baseline_presets.ec2_instance.instance.default, {
vpc_security_group_ids = ["private-dc"]
})
ebs_volumes = {
"/dev/sda1" = { type = "gp3", size = 100 }
}
autoscaling_group = merge(module.baseline_presets.ec2_autoscaling_group.default, {
desired_capacity = 0 # set to 0 while testing
})
autoscaling_schedules = module.baseline_presets.ec2_autoscaling_schedules.working_hours
tags = {
description = "Windows Server 2022 host for RDS web access role"
os-type = "Windows"
component = "RDS Web Access"
server-type = "hmpps-windows_2022"
}
},

rds-gateway = {
# ami has unwanted ephemeral device, don't copy all the ebs_volumess
config = merge(module.baseline_presets.ec2_instance.config.default, {
ami_name = "hmpps_windows_server_2022_release_2023-*"
availability_zone = null
ebs_volumes_copy_all_from_ami = false
user_data_raw = base64encode(templatefile("./templates/rds.yaml.tftpl",{
rds_hostname = "RDSGateway"
}))
})
instance = merge(module.baseline_presets.ec2_instance.instance.default, {
vpc_security_group_ids = ["private-dc"]
})
ebs_volumes = {
"/dev/sda1" = { type = "gp3", size = 100 }
}
autoscaling_group = merge(module.baseline_presets.ec2_autoscaling_group.default, {
desired_capacity = 0 # set to 0 while testing
})
autoscaling_schedules = module.baseline_presets.ec2_autoscaling_schedules.working_hours
tags = {
description = "Windows Server 2022 host for RDS gateway"
os-type = "Windows"
component = "RDS Gateway"
server-type = "hmpps-windows_2022"
}
},

rds-session-host = {
# ami has unwanted ephemeral device, don't copy all the ebs_volumess
config = merge(module.baseline_presets.ec2_instance.config.default, {
ami_name = "hmpps_windows_server_2022_release_2023-*"
availability_zone = null
ebs_volumes_copy_all_from_ami = false
user_data_raw = base64encode(templatefile("./templates/rds.yaml.tftpl",{
rds_hostname = "RDSSessionHost"
}))
})
instance = merge(module.baseline_presets.ec2_instance.instance.default, {
vpc_security_group_ids = ["private-dc"]
})
ebs_volumes = {
"/dev/sda1" = { type = "gp3", size = 100 }
}
autoscaling_group = merge(module.baseline_presets.ec2_autoscaling_group.default, {
desired_capacity = 0 # set to 0 while testing
})
autoscaling_schedules = module.baseline_presets.ec2_autoscaling_schedules.working_hours
tags = {
description = "Windows Server 2022 host for RDS session host"
os-type = "Windows"
component = "RDS Session Host"
server-type = "hmpps-windows_2022"
}
}
}
}
}

99 changes: 99 additions & 0 deletions terraform/environments/hmpps-domain-services/templates/rds.yaml.tftpl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
# This is an EC2Launch V2 type user-data script
# https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2launch-v2-settings.html#ec2launch-v2-task-configuration
# See C:\ProgramData\Amazon\EC2Launch\log for logs
version: 1.0 # version 1.0 is required as this executes AFTER the SSM Agent is running
tasks:
- task: executeScript
inputs:
- frequency: always
type: powershell
runAs: admin
# debug AmazonSSMAgent service start
content: |-
$aws_ssm_status = (Get-Service -Name "AmazonSSMAgent").Status

$logFilePath = "C:\Temp\ssm_status.txt"
New-Item -Type File -Force -Path $logFilePath
Add-Content -Path $logFilePath -Value "SSM Agent status start: $aws_ssm_status"

if ($aws_ssm_status -eq "Running") {
Add-Content -Path $logFilePath -Value "SSM Agent is running, no action required. $(Get-Date)"
} elseif ($aws_ssm_status -eq "Stopped") {
Add-Content -Path $logFilePath -Value "SSM Agent is not running, starting service. $(Get-Date)"
Start-Service -Name "AmazonSSMAgent"
} elseif ($aws_ssm_status -eq "Paused") {
Add-Content -Path $logFilePath -Value "SSM Agent is paused, resuming service. $(Get-Date)"
Resume-Service -Name "AmazonSSMAgent"
} elseif ($aws_ssm_status -eq $null) {
Add-Content -Path $logFilePath -Value "SSM Agent is not installed... Installing"
[System.Net.ServicePointManager]::SecurityProtocol = 'TLS12'
$progressPreference = 'silentlyContinue'
Invoke-WebRequest https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/windows_amd64/AmazonSSMAgentSetup.exe -OutFile $env:USERPROFILE\Desktop\SSMAgent_latest.exe

Start-Process -FilePath $env:USERPROFILE\Desktop\SSMAgent_latest.exe -ArgumentList "/S"

Remove-Item $env:USERPROFILE\Desktop\SSMAgent_latest.exe -Force

Start-Service -Name "AmazonSSMAgent"
} else {
Add-Content -Path $logFilePath -Value "SSM Agent is in an unknown state: $aws_ssm_status $(Get-Date)"
}
- frequency: once
type: powershell
runAs: admin
# run SSM test document
content: |-
# Install AWS PowerShell module if not already installed
if (-Not (Get-Module -ListAvailable -Name "AWSPowerShell")) {
Install-Package -Name "AWSPowerShell" -Force -SkipPublisherCheck
}

Function Check-SSMAgent {
$service = Get-Service -Name "AmazonSSMAgent"
if ($service.Status -eq "Running") {
return $true
} else {
Start-Service -Name "AmazonSSMAgent" -Force
}
}

Function Execute-SSMCommand {
$instanceId = Get-EC2InstanceMetadata -Category InstanceId
$documentName = "csr-server-config"

$commandId = Send-SSMCommand -InstanceId $instanceId -DocumentName $documentName -Force
Write-Host "Executed SSM command with Command ID: $($commandId.CommandId)"
}

$startTime = Get-Date

# Main loop to wait for SSM Agent to be running
do {
if (Check-SSMAgent) {
Add-Content -Path "C:\Temp\ssm_status.txt" -Value "SSM Agent is running, executing SSM command. $(Get-Date)"
Execute-SSMCommand
break
} else {
Add-Content -Path "C:\Temp\ssm_status.txt" -Value "SSM Agent is not running yet. $(Get-Date) Waiting..."
Start-Sleep -Seconds 10
}
} while ((Get-Date) -lt $startTime.AddMinutes(10))
- frequency: once
type: powershell
runAs: admin # or localSystem
# install AD commands
content: |-
Install-WindowsFeature -Name RSAT-AD-PowerShell
- frequency: once
type: powershell
runAs: admin
# Configure RDS
content: |-
Set-NetFirewallProfile -Profile Domain, Public, Private -Enabled False
Disable-NetAdapterBinding -Name 'Ethernet' -ComponentID 'ms_tcpip6'
Get-WindowsUpdate -Download -Install -AcceptAll
Import-Module RemoteDesktop
Enable-PSRemoting -force
Rename-Computer -NewName $rds_hostname
Sleep 5
Restart-Computer -Force

0 comments on commit a855636

Please sign in to comment.