Closed Bug 1562969 Opened 6 years ago Closed 5 years ago

[Ronin Windows] Set EC2 config settings for AWS instances

Categories

(Infrastructure & Operations :: RelOps: Puppet, task)

task
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: markco, Assigned: markco)

References

Details

No description provided.

Currently in https://github.com/mozilla-releng/OpenCloudConfig/blob/master/userdata/OCC-Bootstrap.psm1
function Set-Ec2ConfigSettings {
param (
[string] $ec2ConfigSettingsFile = ('{0}\Amazon\Ec2ConfigService\Settings\Config.xml' -f $env:ProgramFiles),
[hashtable] $ec2ConfigSettings = @{
'Ec2HandleUserData' = $(if (Test-ScheduledTaskExists -TaskName 'RunDesiredStateConfigurationAtStartup') { 'Disabled' } else { 'Enabled' });
'Ec2InitializeDrives' = 'Enabled';
'Ec2EventLog' = 'Enabled';
'Ec2OutputRDPCert' = 'Enabled';
'Ec2SetDriveLetter' = 'Enabled';
'Ec2WindowsActivate' = 'Disabled';
'Ec2SetPassword' = 'Disabled';
'Ec2SetComputerName' = 'Disabled';
'Ec2ConfigureRDP' = 'Disabled';
'Ec2DynamicBootVolumeSize' = 'Disabled';
'AWS.EC2.Windows.CloudWatch.PlugIn' = 'Disabled'
}
)
begin {
Write-Log -message ('{0} :: begin - {1:o}' -f $($MyInvocation.MyCommand.Name), (Get-Date).ToUniversalTime()) -severity 'DEBUG'
}
process {
$ec2ConfigSettingsFileModified = $false;
[xml]$xml = (Get-Content $ec2ConfigSettingsFile)
foreach ($plugin in $xml.DocumentElement.Plugins.Plugin) {
if ($ec2ConfigSettings.ContainsKey($plugin.Name)) {
if ($plugin.State -ne $ec2ConfigSettings[$plugin.Name]) {
$plugin.State = $ec2ConfigSettings[$plugin.Name]
$ec2ConfigSettingsFileModified = $true
Write-Log -message ('{0} :: Ec2Config {1} set to: {2}, in: {3}' -f $($MyInvocation.MyCommand.Name), $plugin.Name, $plugin.State, $ec2ConfigSettingsFile) -severity 'INFO'
}
}
}
if ($ec2ConfigSettingsFileModified) {
try {
Start-LoggedProcess -filePath 'takeown' -ArgumentList @('/a', '/f', ('"{0}"' -f $ec2ConfigSettingsFile)) -name 'takeown-ec2config-settings'
Start-LoggedProcess -filePath 'icacls' -ArgumentList @(('"{0}"' -f $ec2ConfigSettingsFile), '/grant', 'Administrators:F') -name 'icacls-ec2config-settings-grant-admin'
Start-LoggedProcess -filePath 'icacls' -ArgumentList @(('"{0}"' -f $ec2ConfigSettingsFile), '/grant', 'System:F') -name 'icacls-ec2config-settings-grant-system'
$xml.Save($ec2ConfigSettingsFile)
Write-Log -message ('{0} :: Ec2Config settings file saved at: {1}' -f $($MyInvocation.MyCommand.Name), $ec2ConfigSettingsFile) -severity 'INFO'
}
catch {
Write-Log -message ('{0} :: failed to save Ec2Config settings file: {1}. {2}' -f $($MyInvocation.MyCommand.Name), $ec2ConfigSettingsFile, $_.Exception.Message) -severity 'ERROR'
}
}
}
end {
Write-Log -message ('{0} :: end - {1:o}' -f $($MyInvocation.MyCommand.Name), (Get-Date).ToUniversalTime()) -severity 'DEBUG'
}
}

Assignee: relops → mcornmesser
Blocks: 1559443

Landed in https://github.com/mozilla-platform-ops/ronin_puppet/pull/70.

Profile: modules/roles_profiles/manifests/profiles/ec2_instance_configuration.pp

Using this file, modules/win_aws/files/ec2_config.xml . Called by this manifest, modules/win_aws/manifests/ec2_instance_config.pp .

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.