#!/bin/bash # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance # with the License. A copy of the License is located at # # http://www.apache.org/licenses/LICENSE-2.0 # # or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES # OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions # and limitations under the License. set -x if [ -f /root/bootstrap/semaphore/instance_ready.lock ]; then exit 0 fi SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source "${SCRIPT_DIR}/../common/bootstrap_common.sh" BASE_OS=$(get_base_os) {% set PATH = '/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin' %} curr_environment=$(echo -e " ## [BEGIN] IDEA Environment Configuration - Do Not Delete AWS_DEFAULT_REGION={{ context.aws_region }} AWS_REGION={{ context.aws_region }} RES_BASE_OS=$BASE_OS IDEA_MODULE_NAME={{ context.module_name }} IDEA_MODULE_ID={{ context.module_id }} IDEA_MODULE_SET={{ context.module_set }} IDEA_MODULE_VERSION={{ context.module_version }} IDEA_CLUSTER_S3_BUCKET={{ context.cluster_s3_bucket }} IDEA_CLUSTER_NAME={{ context.cluster_name }} environment_name={{ context.cluster_name }} IDEA_CLUSTER_HOME={{ context.cluster_home_dir }} IDEA_APP_DEPLOY_DIR={{ context.app_deploy_dir }} BOOTSTRAP_DIR=/root/bootstrap ") {% if context.https_proxy != '' %} curr_environment+=$(echo -e " IDEA_HTTPS_PROXY={{ context.https_proxy }} IDEA_NO_PROXY={{ context.no_proxy }} ") {% endif %} curr_environment+=$(echo -e " ## [END] IDEA Environment Configuration PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin ") # Merge Environments /bin/bash "${SCRIPT_DIR}/../common/merge_environments.sh" -r "${curr_environment}" -o /etc/environment source /etc/environment echo -n "no" > ${BOOTSTRAP_DIR}/reboot_required.txt {% include '_templates/linux/idea_proxy.jinja2' %} {% include '_templates/linux/idea_service_account.jinja2' %} # Begin: Install and Configure AWS Systems Manager Agent /bin/bash "${SCRIPT_DIR}/../common/aws_ssm.sh" -o $RES_BASE_OS -r $AWS_REGION -n $IDEA_CLUSTER_NAME -s "${SCRIPT_DIR}" /bin/bash "${SCRIPT_DIR}/../common/configure_amazon_ssm_agent.sh" -o $RES_BASE_OS -s "${SCRIPT_DIR}" # End: Install and Configure AWS Systems Manager Agent # Begin: Install EPEL Repo /bin/bash "${SCRIPT_DIR}/../common/epel_repo.sh" -o $RES_BASE_OS -s "${SCRIPT_DIR}" # End: Install EPEL Repo # Begin: Install jq /bin/bash "${SCRIPT_DIR}/../common/jq.sh" -o $RES_BASE_OS -s "${SCRIPT_DIR}" # End: Install jq # Begin: Install System Packages /bin/bash "${SCRIPT_DIR}/../common/system_packages.sh" -o $RES_BASE_OS -r $AWS_REGION -n $IDEA_CLUSTER_NAME -s "${SCRIPT_DIR}" # End: Install System Packages # Begin: Install/Configure CloudWatch Agent /bin/bash "${SCRIPT_DIR}/../common/cloudwatch_agent.sh" -o $RES_BASE_OS -r $AWS_REGION -n $IDEA_CLUSTER_NAME -s "${SCRIPT_DIR}" {%- set cloudwatch_agent_config = context.get_cloudwatch_agent_config(additional_log_files=additional_log_files) %} {%- if cloudwatch_agent_config %} echo '{{ context.utils.to_json(cloudwatch_agent_config, indent=True) }}' > /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c file:/opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json {%- else %} log_warning "cloudwatch_agent_config not provided." {%- endif %} # End: Install/Configure CloudWatch Agent {%- include '_templates/linux/restrict_ssh.jinja2' %} {%- include '_templates/linux/disable_ssh.jinja2' %} {%- if context.is_metrics_provider_prometheus() %} {%- include '_templates/linux/prometheus.jinja2' %} {%- include '_templates/linux/prometheus_node_exporter.jinja2' %} {%- endif %} # Begin: Install jq /bin/bash "${SCRIPT_DIR}/../common/jq.sh" -o $RES_BASE_OS -s "${SCRIPT_DIR}" # End: Install jq {%- with ebs_volume_tags = [ {'Key':'res:EnvironmentName', 'Value': context.cluster_name }, {'Key':'res:ModuleName', 'Value': context.module_name }, {'Key':'res:ModuleId', 'Value': context.module_id }, {'Key':'Name', 'Value': context.cluster_name + '/' + context.module_id + ' Root Volume' } ] %} {% include '_templates/linux/tag_ebs_volumes.jinja2' %} {%- endwith %} {%- with network_interface_tags = [ {'Key':'res:EnvironmentName', 'Value': context.cluster_name }, {'Key':'res:ModuleName', 'Value': context.module_name }, {'Key':'res:ModuleId', 'Value': context.module_id }, {'Key':'Name', 'Value': context.cluster_name + '/' + context.module_id + ' Network Interface' } ] %} {% include '_templates/linux/tag_network_interface.jinja2' %} {%- endwith %} {% include '_templates/linux/chronyd.jinja2' %} {% include '_templates/linux/disable_ulimit.jinja2' %} {% include '_templates/linux/disable_strict_host_check.jinja2' %} {% include '_templates/linux/disable_motd_update.jinja2' %} {%- with secure_path = PATH %} {% include '_templates/linux/sudoer_secure_path.jinja2' %} {%- endwith %} {%- with messages = [ context.module_name + ' (v'+context.module_version+'), Cluster: ' + context.cluster_name ] %} {% include '_templates/linux/motd.jinja2' %} {%- endwith %} /bin/bash ${SCRIPT_DIR}/install_app.sh "{{context.vars.dcv_connection_gateway_package_uri}}" # Daily crontab to fetch latest certificate and private key secrets (crontab -l; echo "@daily /bin/bash ${SCRIPT_DIR}/refresh_certificates.sh crontab >> ${BOOTSTRAP_DIR}/logs/refresh_certificates.log 2>&1") | crontab - echo $(date +%s) > /root/bootstrap/semaphore/instance_ready.lock