Merge pull request #69 from chicagopcdc/pcdc_dev

Pcdc dev

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2022-06-21T21:12:27Z",
+  "generated_at": "2022-07-29T15:31:31Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -2235,12 +2235,21 @@
         "type": "Secret Keyword"
       }
     ],
+    "tf_files/aws/eks/sample.tfvars": [
+      {
+        "hashed_secret": "83c1003f406f34fba4d6279a948fee3abc802884",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 107,
+        "type": "Hex High Entropy String"
+      }
+    ],
     "tf_files/aws/eks/variables.tf": [
       {
         "hashed_secret": "83c1003f406f34fba4d6279a948fee3abc802884",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 135,
+        "line_number": 133,
         "type": "Hex High Entropy String"
       }
     ],
@@ -2412,15 +2421,6 @@
         "type": "Hex High Entropy String"
       }
     ],
-    "tf_files/aws/rds/sample.tfvars": [
-      {
-        "hashed_secret": "76c3c4836dee37d8d0642949f84092a9a24bbf46",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 7,
-        "type": "Secret Keyword"
-      }
-    ],
     "tf_files/aws/slurm/README.md": [
       {
         "hashed_secret": "fd85d792fa56981cf6a8d2a5c0857c74af86e99d",

Docker/awshelper/Dockerfile

@@ -1,7 +1,7 @@
 # Build from root of cloud-automation/ repo:
 #   docker build -f Docker/awshelper/Dockerfile 
 #
-FROM quay.io/cdis/ubuntu:18.04
+FROM quay.io/cdis/ubuntu:22.04
 
 ENV DEBIAN_FRONTEND=noninteractive
 
@@ -51,7 +51,7 @@ RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2
     && /bin/rm -rf awscliv2.zip ./aws
 
 # From  https://hub.docker.com/r/google/cloud-sdk/~/dockerfile/
-RUN export CLOUD_SDK_REPO="cloud-sdk-$(lsb_release -c -s)" && \
+RUN export CLOUD_SDK_REPO="cloud-sdk" && \
     echo "deb https://packages.cloud.google.com/apt $CLOUD_SDK_REPO main" > /etc/apt/sources.list.d/google-cloud-sdk.list && \
     curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - && \
     curl -sL https://deb.nodesource.com/setup_14.x | bash - && \
@@ -75,6 +75,13 @@ RUN curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc| gpg --dearmor
     apt-get update && \
     apt-get install -y postgresql-client-13
 
+# install terraform
+RUN curl -o /tmp/terraform.zip https://releases.hashicorp.com/terraform/0.11.15/terraform_0.11.15_linux_amd64.zip \
+   && unzip /tmp/terraform.zip -d /usr/local/bin && /bin/rm /tmp/terraform.zip
+
+RUN curl -o /tmp/terraform.zip https://releases.hashicorp.com/terraform/0.12.31/terraform_0.12.31_linux_amd64.zip \
+   && unzip /tmp/terraform.zip -d /tmp && mv /tmp/terraform /usr/local/bin/terraform12 && /bin/rm /tmp/terraform.zip
+
 RUN useradd -m -s /bin/bash ubuntu && \
     ( echo "ubuntu:gen3" | chpasswd )
 
@@ -113,7 +120,7 @@ RUN cd ./cloud-automation \
     && npm ci \
     && cat ./Docker/awshelper/bashrc_suffix.sh >> ~/.bashrc
 
-RUN curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | python3 -
+RUN export DEB_PYTHON_INSTALL_LAYOUT=deb && export POETRY_VERSION=1.1.15 && curl -sSL https://install.python-poetry.org | python3 -
 
 RUN git config --global user.email gen3 \
     && git config --global user.name gen3

ansible/hosts.yaml

@@ -279,4 +279,4 @@ all:
           ansible_user: ubuntu
         emalinowskiv1:
           ansible_host: cdistest.csoc
-          ansible_user: emalinowskiv1
+          ansible_user: emalinowskiv1

ansible/oldPeKeys/testremove

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAC7GaYGfV3VaHX+RlzSvSHc6f+Nmu6Ikoe+fgc5m8avrWIJEDfYd+z1bGCcPiVpEiSrzHYjuvxAkHMxPlteiGxWqWnUBhf9vCNKCxj1m7BW1+wQ333iaio8JzA20M363EbSxGPe0LJplN6/aReLC5OUj4if/dnOE0Usrc4n5WTaSR8Ip6jwitDoFNLH5tZZCYMWi08flvKO7y8zvXJ7D3MrWUGroKsBRrkrFp3dDkPKCtrU6tGaRO5GkWbw408oWsFIt6fr7WBzx1HvB2u4z4Y+wZxRIl45wU8xPZR+u8e/VsL/KzKQLAnqcBqToRN83ugxyJfnbuFazjKZKEk9iSJfshpz00qFnXomBXpv5fLxTByo8EMnhNM23jyE3Fw3co8B3MJK/CF71ztosQGPxZrYZYLPY5fYXAmjeLPVahr/jKwyYJukV3LzHF2pmMrfymefmaX7s0NdY/4Md99DIRXcehQaLCa6KHA8KqzbB6KjCvWGykUHwJoCIrK/hqIJ62heBneIP3wXBHche3EA32P1QnnI3QEptOvPDe7gFqRYrfant1NRNrOxU9TtIlujgME80Bx9EVvhjf3Yim0zNyk4I4yTar7CqWxyIP/REsze24q0yyW3e2llPKrX8gqWwnl/ANYPeUgz8Y9CHAQkZm+SWotyqVeLNTUSmW90RUXwJ ubuntu@csoc_admin

ansible/peKeys/aaugustine

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC+iK0ZvY25lgwh4nNUTkD0bq2NES3cPEK+f52HEC2GSVI845ZOqX32kfNpDFT9zvspadOA6KwAgKsRphP/iV8k8WLjAYSYQ3sAE/enuW1+Cr0hhmtahA+uxOavUwsvJ93vIOlIlkD26gIUZTZeYUhi6Aa2FjWFTJ0CtxtUYEdBh+sqW3VoyVvOOA+2DnNYt7/pTrh0DwNxHX7+9TfkmRaVLD4xcdwNLx5N3Yyjgci+oGmw8HATYfSBTaGEXSKJflrN6TDqN87D2pJpMkEvYeZIktoU0kX4HwodrNfwhlruJ2PsePzZ28xlaaZz2fI/LGiqnwf1fRY10R5C/9RpcAcpcYaz305uBCUCI7GGbL9u7WC0W0NZsyaaybaKXyt97p/05os2oe/N5un0whv+NL8z5SLZnaelvttrmVKApvsCD/IqZv5b2PlDilY3L638eKmVOcHaLX/N67MeL9FKnipv2QPzaUKhMoEAtSPqdOWnlndt9dmMBlqT0BKmB85mm0k= ajoa@uchicago.edu

ansible/peKeys/ahilt

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDXzpRFVdZMdW8G4hP1or6O26zHvAj+OLxP0G8kGzCiIdmCwuycurU1MhxatPLfEmWuc31FGdhD5xDb2taHEwdTcMTHaqGa/K03NDFm2Ary7FeVEuBuur1jSWHIq+o4wp9vtsAfBLmV89yxZU40BHauac5uhXcHXfQ7OeZBVZhkCdUcN2l21H44b6V3RAqqxaf4dOiapTd8YbMHMJmyeu5rMFbbW9zS8lXule4pNTREXfh3Zt9MYPZnZ2aV/hQV28KRRjWJnMXuPQxSqEKVDsVbKT9Hu0Re9I8cQLEakNQV5G5c0YDuQjzXL8rEiYKm2AEHlpri/IkOiKu0gKeyZDVTJjW1/n0fCYlcjOJ9AB5wlM6CtsdwBC4spN85E2oJrfvmKIMnRdqSQnLe+w/DyyaZJsMgvXjItB5tysOZI2BkM2Z2cQ3XFK91gwxEUVQHlbvWBI7Nl2VEykQ5O8HdcPnKPcspnOByJMFfdvbh6HXlrstPOuNm2dyw+CUIMlQpa0nEEs/fyB+PoeRYMPs6VNA1syOpH70EXslyfDiN+5eH3asUohvbe4fOjF1jyviQEYXZ2mSbL+D/5sw4x9uWpg/oa+DzWX7ACBUt+ZEwF7xMWIO2O48HWokUrshNB1ksfK+tBXf6mL9SDlxzPYfcR2INRQgllidhPZIqVHoD57HUSw== ahilt@aidans-mbp.lan

ansible/peKeys/ecastle

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCkf6aIs6bmOAZS+Q7yFaRzPnZPa3eExrDDKqGuikGoNDMP1VcPoyb0cYTZTG5X6YzFt5Blv95WWuw6WEBdUxIax/Z9V4H83A+KRvuwiRI9zU3FaKEeYb18hcHSclAWyjl+N7b9V2KzxVBJCkmdC3XBLp/geDRIbGusg40lySYzYhs73hTYs0CQWHcLIj1jX00hbIdbKyc/fq8ODIEOo/XojvjBQyPlT/BJ5fK08LO7kIBoeQ62iT8yG+J/2vch+WsMBeOt+agYKRSn9pv10+5SdP/emX4r5PkyTS8H3ysuequMUMv5w0rXAL53uTYpJELisNTl8pv2Y4VQKCh2Aj5989NFjcqBcv7KKTfvI3WVG5SNsOtu1tAmC05Xf3fdsb3BRVu7I0pCna26NOKRSh8eLy/uUfA4fUKOQyXr5yG3a+Vse57WZiPizOamhkjYTdvyBB8ad7vZST1ir1viSZl6ps+f3bhfx//DPKYpYyZIc6uDdGQMwFoMEhpTdKYopqGmny5LoR9J9LLeGDJd3M0bj/yyd+2/6cU+1KwjLO7fgyjSCjVUKEdG0HufwS/NZc1q3QT6OrXAd8lw5A4BoHDt+Mp8uRVz5508h7XIOC718nLuiJqwqh3dS6hkybGoBCIvh1BDWsEWOUi0Ygt+Ast3Qw4/eMqvmTCN32OIVtOBpQ== elisecastle@Elises-MBP

ansible/playbooks/peAddKeys.yaml

@@ -0,0 +1,18 @@
+#
+# Playbook to handle keys in a particular host
+#
+# @variables:
+#   _hosts => hosts in which you want the playbook to be applied
+#             it must exists in hosts.yaml
+
+#This playbook will loop around each public key file in the keys/ directory and will add them to the specified vms
+
+
+---
+- hosts: "{{ _hosts }}"
+  tasks:
+  - authorized_key:
+      user: "{{ ansible_user_id }}"
+      state: present
+      key: "{{ lookup('file', item) }}"
+    with_fileglob: '../peKeys/*'

ansible/playbooks/peRemoveKeys.yaml

@@ -0,0 +1,18 @@
+#
+# Playbook to handle keys in a particular host
+#
+# @variables:
+#   _hosts => hosts in which you want the playbook to be applied
+#             it must exists in hosts.yaml
+
+#This playbook will loop around each public key file in the removed_keys/ directory and remove them from the specified vms
+
+
+---
+- hosts: "{{ _hosts }}"
+  tasks:
+  - authorized_key:
+      user: "{{ ansible_user_id }}"
+      state: absent
+      key: "{{ lookup('file', item) }}"
+    with_fileglob: '../oldPeKeys/*'