[Ronin Windows] Set EC2 config settings for AWS instances
Categories
(Infrastructure & Operations :: RelOps: Puppet, task)
Tracking
(Not tracked)
People
(Reporter: markco, Assigned: markco)
References
Details
Assignee | ||
Comment 1•6 years ago
|
||
Currently in https://github.com/mozilla-releng/OpenCloudConfig/blob/master/userdata/OCC-Bootstrap.psm1
function Set-Ec2ConfigSettings {
param (
[string] $ec2ConfigSettingsFile = ('{0}\Amazon\Ec2ConfigService\Settings\Config.xml' -f $env:ProgramFiles),
[hashtable] $ec2ConfigSettings = @{
'Ec2HandleUserData' = $(if (Test-ScheduledTaskExists -TaskName 'RunDesiredStateConfigurationAtStartup') { 'Disabled' } else { 'Enabled' });
'Ec2InitializeDrives' = 'Enabled';
'Ec2EventLog' = 'Enabled';
'Ec2OutputRDPCert' = 'Enabled';
'Ec2SetDriveLetter' = 'Enabled';
'Ec2WindowsActivate' = 'Disabled';
'Ec2SetPassword' = 'Disabled';
'Ec2SetComputerName' = 'Disabled';
'Ec2ConfigureRDP' = 'Disabled';
'Ec2DynamicBootVolumeSize' = 'Disabled';
'AWS.EC2.Windows.CloudWatch.PlugIn' = 'Disabled'
}
)
begin {
Write-Log -message ('{0} :: begin - {1:o}' -f $($MyInvocation.MyCommand.Name), (Get-Date).ToUniversalTime()) -severity 'DEBUG'
}
process {
$ec2ConfigSettingsFileModified = $false;
[xml]$xml = (Get-Content $ec2ConfigSettingsFile)
foreach ($plugin in $xml.DocumentElement.Plugins.Plugin) {
if ($ec2ConfigSettings.ContainsKey($plugin.Name)) {
if ($plugin.State -ne $ec2ConfigSettings[$plugin.Name]) {
$plugin.State = $ec2ConfigSettings[$plugin.Name]
$ec2ConfigSettingsFileModified = $true
Write-Log -message ('{0} :: Ec2Config {1} set to: {2}, in: {3}' -f $($MyInvocation.MyCommand.Name), $plugin.Name, $plugin.State, $ec2ConfigSettingsFile) -severity 'INFO'
}
}
}
if ($ec2ConfigSettingsFileModified) {
try {
Start-LoggedProcess -filePath 'takeown' -ArgumentList @('/a', '/f', ('"{0}"' -f $ec2ConfigSettingsFile)) -name 'takeown-ec2config-settings'
Start-LoggedProcess -filePath 'icacls' -ArgumentList @(('"{0}"' -f $ec2ConfigSettingsFile), '/grant', 'Administrators:F') -name 'icacls-ec2config-settings-grant-admin'
Start-LoggedProcess -filePath 'icacls' -ArgumentList @(('"{0}"' -f $ec2ConfigSettingsFile), '/grant', 'System:F') -name 'icacls-ec2config-settings-grant-system'
$xml.Save($ec2ConfigSettingsFile)
Write-Log -message ('{0} :: Ec2Config settings file saved at: {1}' -f $($MyInvocation.MyCommand.Name), $ec2ConfigSettingsFile) -severity 'INFO'
}
catch {
Write-Log -message ('{0} :: failed to save Ec2Config settings file: {1}. {2}' -f $($MyInvocation.MyCommand.Name), $ec2ConfigSettingsFile, $_.Exception.Message) -severity 'ERROR'
}
}
}
end {
Write-Log -message ('{0} :: end - {1:o}' -f $($MyInvocation.MyCommand.Name), (Get-Date).ToUniversalTime()) -severity 'DEBUG'
}
}
Assignee | ||
Updated•6 years ago
|
Assignee | ||
Comment 2•5 years ago
|
||
Landed in https://github.com/mozilla-platform-ops/ronin_puppet/pull/70.
Profile: modules/roles_profiles/manifests/profiles/ec2_instance_configuration.pp
Using this file, modules/win_aws/files/ec2_config.xml . Called by this manifest, modules/win_aws/manifests/ec2_instance_config.pp .
Description
•