ci: let packer remove ssh authorized keys

Cosmian · Jun 16, 2024 · 43dcb23 · 43dcb23
1 parent 5154835
commit 43dcb23
Show file tree

Hide file tree

Showing 12 changed files with 30 additions and 119 deletions.
diff --git a/.github/scripts/azure-new-instance.sh b/.github/scripts/azure-new-instance.sh
@@ -37,8 +37,6 @@ else
     IMAGE_NAME="redhat:rhel-cvm:9_3_cvm_sev_snp:latest"
   fi
 
-  IMAGE_NAME="/subscriptions/e04f52be-d51f-43fe-95f8-d63a8fc91464/resourceGroups/packer-snp/providers/Microsoft.Compute/galleries/cosmian_packer/images/cosmian-vm-${DISTRIB}-${TECHNO}/versions/1.2.2"
-
   az vm create -g packer-snp -n "$NAME" \
     --image "$IMAGE_NAME" \
     --security-type ConfidentialVM \

diff --git a/.github/workflows/aws_ansible.yml b/.github/workflows/aws_ansible.yml
@@ -114,7 +114,7 @@ jobs:
           for i in {1..1}
           do
             echo "Iteration: $i"
-            ansible-playbook ${{ inputs.product }}-playbook.yml -i ${IP_ADDR}, -u $SSH_USER --private-key="$HOME/packer.pem" -e cosmian_vm_version=$COSMIAN_VM_VERSION -e cosmian_kms_version=${{ inputs.kms-version }} -e cosmian_ai_runner_version=${{ inputs.ai-runner-version }} -e '{ "check_app_test_reboot": false, "check_cosmian_vm_test_reboot": false, "reboot_allowed": false }' --tags playbook-base-image,playbook-${{ inputs.product }},check-${{ inputs.product }} --skip-tags role-cleanup
+            ansible-playbook ${{ inputs.product }}-playbook.yml -i ${IP_ADDR}, -u $SSH_USER --private-key="$HOME/packer.pem" -e cosmian_vm_version=$COSMIAN_VM_VERSION -e cosmian_kms_version=${{ inputs.kms-version }} -e cosmian_ai_runner_version=${{ inputs.ai-runner-version }} -e '{ "check_app_test_reboot": false, "check_cosmian_vm_test_reboot": false, "reboot_allowed": false }' --tags playbook-base-image,playbook-${{ inputs.product }},check-${{ inputs.product }}
           done
 
       - name: Stop and delete AWS instance

diff --git a/.github/workflows/azure_ansible.yml b/.github/workflows/azure_ansible.yml
@@ -110,7 +110,7 @@ jobs:
           for i in {1..1}
           do
             echo "Iteration: $i"
-            ansible-playbook ${{ inputs.product }}-playbook.yml -i ${IP_ADDR}, -u cosmian -e cosmian_vm_version=$COSMIAN_VM_VERSION -e cosmian_kms_version=${{ inputs.kms-version }} -e cosmian_ai_runner_version=${{ inputs.ai-runner-version }} --skip-tags role-cleanup
+            ansible-playbook ${{ inputs.product }}-playbook.yml -i ${IP_ADDR}, -u cosmian -e cosmian_vm_version=$COSMIAN_VM_VERSION -e cosmian_kms_version=${{ inputs.kms-version }} -e cosmian_ai_runner_version=${{ inputs.ai-runner-version }}
           done
 
       - name: Stop and delete Azure instance

diff --git a/.github/workflows/gcp_ansible.yml b/.github/workflows/gcp_ansible.yml
@@ -146,7 +146,7 @@ jobs:
           for i in {1..1}
           do
             echo "Iteration: $i"
-            ansible-playbook ${{ inputs.product }}-playbook.yml -i ${IP_ADDR}, -u cosmian -e cosmian_vm_version=$COSMIAN_VM_VERSION -e cosmian_kms_version=${{ inputs.kms-version }} -e cosmian_ai_runner_version=${{ inputs.ai-runner-version }} --skip-tags role-cleanup
+            ansible-playbook ${{ inputs.product }}-playbook.yml -i ${IP_ADDR}, -u cosmian -e cosmian_vm_version=$COSMIAN_VM_VERSION -e cosmian_kms_version=${{ inputs.kms-version }} -e cosmian_ai_runner_version=${{ inputs.ai-runner-version }}
           done
 
       - name: Stop and delete GCP instance

diff --git a/ansible/ai-runner-packer-playbook.yml b/ansible/ai-runner-packer-playbook.yml
@@ -7,5 +7,3 @@
   become: true
   roles:
     - ai_runner
-    - role: cleanup
-      tags: role-cleanup
diff --git a/ansible/base-image-packer-playbook.yml b/ansible/base-image-packer-playbook.yml
@@ -44,10 +44,3 @@
         - name: Display Security updates
           ansible.builtin.debug:
             var: dnf_security_update
-
-- name: Clean base image
-  hosts: all
-  become: true
-  roles:
-    - role: cleanup
-      tags: role-cleanup
diff --git a/ansible/cosmian-vm-packer-playbook.yml b/ansible/cosmian-vm-packer-playbook.yml
@@ -6,5 +6,3 @@
     - check_cpu
     - role: cosmian_vm_agent
       tags: role_cosmian_vm_agent
-    - role: cleanup
-      tags: role-cleanup
diff --git a/ansible/kms-packer-playbook.yml b/ansible/kms-packer-playbook.yml
@@ -7,5 +7,3 @@
   become: true
   roles:
     - kms
-    - role: cleanup
-      tags: role-cleanup
diff --git a/ansible/roles/cleanup/tasks/main.yml b/ansible/roles/cleanup/tasks/main.yml
diff --git a/packer/aws.pkr.hcl b/packer/aws.pkr.hcl
@@ -12,16 +12,17 @@ packer {
 }
 
 source "amazon-ebssurrogate" "TEMPLATE_DISTRIBUTION" {
-  source_ami              = "TEMPLATE_SOURCE_AMI"
-  region                  = "eu-west-1"
-  ssh_username            = "TEMPLATE_SSH_USERNAME"
-  ami_name                = "TEMPLATE_IMAGE_NAME"
-  instance_type           = "c6a.2xlarge"
-  ssh_timeout             = "5m"
-  ami_virtualization_type = "hvm"
-  ena_support             = true
-  tpm_support             = "TEMPLATE_SUPPORT"
-  boot_mode               = "uefi"
+  ssh_username              = "TEMPLATE_SSH_USERNAME"
+  ssh_timeout               = "5m"
+  ssh_clear_authorized_keys = true
+  source_ami                = "TEMPLATE_SOURCE_AMI"
+  region                    = "eu-west-1"
+  ami_name                  = "TEMPLATE_IMAGE_NAME"
+  instance_type             = "c6a.2xlarge"
+  ami_virtualization_type   = "hvm"
+  ena_support               = true
+  tpm_support               = "TEMPLATE_SUPPORT"
+  boot_mode                 = "uefi"
 
   launch_block_device_mappings {
     volume_type           = "gp3"

diff --git a/packer/azure.pkr.hcl b/packer/azure.pkr.hcl
@@ -12,6 +12,8 @@ packer {
 }
 
 source "azure-arm" "TEMPLATE_DISTRIBUTION" {
+  ssh_timeout               = "5m"
+  ssh_clear_authorized_keys = true
   client_id                 = "TEMPLATE_CLIENT_ID"
   tenant_id                 = "TEMPLATE_TENANT_ID"
   subscription_id           = "TEMPLATE_SUBSCRIPTION_ID"

diff --git a/packer/gcp.pkr.hcl b/packer/gcp.pkr.hcl
@@ -12,19 +12,20 @@ packer {
 }
 
 source "googlecompute" "TEMPLATE_GOOGLE_COMPUTE" {
-  project_id              = "cosmian-dev"
-  source_image            = "TEMPLATE_SOURCE_IMAGE"
-  source_image_family     = "TEMPLATE_SOURCE_FAMILY"
-  zone                    = "europe-west4-a"
-  ssh_username            = "root"
-  ssh_timeout             = "5m"
-  image_name              = "TEMPLATE_IMAGE_NAME"
-  image_guest_os_features = ["TEMPLATE_OS_FEATURES"]
-  network                 = "default"
-  subnetwork              = "default"
-  tags                    = ["ssh"]
-  use_os_login            = true
-  wait_to_add_ssh_keys    = "60s"
+  ssh_username              = "root"
+  ssh_timeout               = "5m"
+  ssh_clear_authorized_keys = true
+  project_id                = "cosmian-dev"
+  source_image              = "TEMPLATE_SOURCE_IMAGE"
+  source_image_family       = "TEMPLATE_SOURCE_FAMILY"
+  zone                      = "europe-west4-a"
+  image_name                = "TEMPLATE_IMAGE_NAME"
+  image_guest_os_features   = ["TEMPLATE_OS_FEATURES"]
+  network                   = "default"
+  subnetwork                = "default"
+  tags                      = ["ssh"]
+  use_os_login              = true
+  wait_to_add_ssh_keys      = "60s"
 }
 
 build {