[arvados] updated: 2.6.0-144-g536b3faf5

git repository hosting git at public.arvados.org
Wed May 10 17:47:46 UTC 2023 

Summary of changes:
 tools/salt-install/terraform/aws/services/main.tf          | 10 +++-------
 tools/salt-install/terraform/aws/services/outputs.tf       |  2 +-
 tools/salt-install/terraform/aws/services/terraform.tfvars |  6 +++++-
 tools/salt-install/terraform/aws/services/user_data.sh     | 10 ++++++++++
 tools/salt-install/terraform/aws/services/variables.tf     |  6 ++++++
 5 files changed, 25 insertions(+), 9 deletions(-)

       via  536b3faf5d3494bfe7aebc727efb6464b67f367b (commit)
      from  e83d9f4c1cf5d5178d756bd1246730ed73354928 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 536b3faf5d3494bfe7aebc727efb6464b67f367b
Author: Lucas Di Pentima <lucas.dipentima at curii.com>
Date:   Wed May 10 14:45:40 2023 -0300

    20482: Allows the admin to specify the user for deployment.
    
    Also, removes the need to use AWS key pairs, by directly storing the SSH
    pubkey in the user's ~/.ssh/ directory via the user-data script.
    
    Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima at curii.com>

diff --git a/tools/salt-install/terraform/aws/services/main.tf b/tools/salt-install/terraform/aws/services/main.tf
index b214aeb11..e4724c92c 100644
--- a/tools/salt-install/terraform/aws/services/main.tf
+++ b/tools/salt-install/terraform/aws/services/main.tf
@@ -19,11 +19,6 @@ provider "aws" {
   }
 }
 
-resource "aws_key_pair" "deployer" {
-  key_name = local.pubkey_name
-  public_key = file(local.pubkey_path)
-}
-
 resource "aws_iam_instance_profile" "keepstore_instance_profile" {
   name = "${local.cluster_name}-keepstore-00-iam-role"
   role = data.terraform_remote_state.data-storage.outputs.keepstore_iam_role_name
@@ -48,9 +43,10 @@ resource "aws_instance" "arvados_service" {
   for_each = toset(concat(local.public_hosts, local.private_hosts))
   ami = data.aws_ami.debian-11.image_id
   instance_type = var.default_instance_type
-  key_name = local.pubkey_name
   user_data = templatefile("user_data.sh", {
-    "hostname": each.value
+    "hostname": each.value,
+    "deploy_user": var.deploy_user,
+    "ssh_pubkey": file(local.pubkey_path)
   })
   private_ip = local.private_ip[each.value]
   subnet_id = contains(local.user_facing_hosts, each.value) ? data.terraform_remote_state.vpc.outputs.public_subnet_id : data.terraform_remote_state.vpc.outputs.private_subnet_id
diff --git a/tools/salt-install/terraform/aws/services/outputs.tf b/tools/salt-install/terraform/aws/services/outputs.tf
index 8ff12c71b..7ac42a783 100644
--- a/tools/salt-install/terraform/aws/services/outputs.tf
+++ b/tools/salt-install/terraform/aws/services/outputs.tf
@@ -48,7 +48,7 @@ output "domain_name" {
 
 # Debian AMI's default user
 output "deploy_user" {
-  value = "admin"
+  value = var.deploy_user
 }
 
 output "region_name" {
diff --git a/tools/salt-install/terraform/aws/services/terraform.tfvars b/tools/salt-install/terraform/aws/services/terraform.tfvars
index 79f3dc318..7231717ee 100644
--- a/tools/salt-install/terraform/aws/services/terraform.tfvars
+++ b/tools/salt-install/terraform/aws/services/terraform.tfvars
@@ -10,4 +10,8 @@
 
 # AWS secret's name which holds the SSL certificate private key's password.
 # Default: "arvados-ssl-privkey-password"
-# ssl_password_secret_name_suffix = "some-name-suffix"
\ No newline at end of file
+# ssl_password_secret_name_suffix = "some-name-suffix"
+
+# User for software deployment. Depends on the AMI's distro.
+# Default: 'admin'
+# deploy_user = ubuntu
diff --git a/tools/salt-install/terraform/aws/services/user_data.sh b/tools/salt-install/terraform/aws/services/user_data.sh
index 6c5b574dd..68af17ee2 100644
--- a/tools/salt-install/terraform/aws/services/user_data.sh
+++ b/tools/salt-install/terraform/aws/services/user_data.sh
@@ -17,3 +17,13 @@ while true; do
 done
 
 apt-get -o Acquire::ForceIPv4=true install -y git curl
+
+SSH_DIR="/home/${deploy_user}/.ssh"
+if [ ! -d "$${SSH_DIR}" ]; then
+  mkdir $${SSH_DIR}
+  chown ${deploy_user}.${deploy_user} $${SSH_DIR}
+  chmod 700 $${SSH_DIR}
+fi
+
+echo "${ssh_pubkey}" > $${SSH_DIR}/authorized_keys
+chmod 600 $${SSH_DIR}/authorized_keys
diff --git a/tools/salt-install/terraform/aws/services/variables.tf b/tools/salt-install/terraform/aws/services/variables.tf
index e520a9ab8..4117b7b49 100644
--- a/tools/salt-install/terraform/aws/services/variables.tf
+++ b/tools/salt-install/terraform/aws/services/variables.tf
@@ -14,6 +14,12 @@ variable "pubkey_path" {
   default = "~/.ssh/id_rsa.pub"
 }
 
+variable "deploy_user" {
+  description = "User for deploying the software"
+  type = string
+  default = "admin"
+}
+
 variable "ssl_password_secret_name_suffix" {
   description = "Name suffix for the SSL certificate's private key password AWS secret."
   type = string

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list