Dso 2239/ansible failure handling in ami builds #638

shajida95 · 2023-11-28T20:31:48Z

No description provided.

github-actions · 2023-11-28T20:32:43Z

commonimages/base/rhel_6_10 terragrunt plan on pull_request event #459

module.imagebuilder.data.terraform_remote_state.imagebuilder_mp: Reading...
module.imagebuilder.data.terraform_remote_state.core_shared_services_production: Reading...
module.imagebuilder.data.aws_secretsmanager_secret.environment_management: Reading...
module.imagebuilder.data.terraform_remote_state.imagebuilder_mp: Read complete after 1s
module.imagebuilder.data.aws_secretsmanager_secret.environment_management: Read complete after 1s [id=<REDACTED>]
module.imagebuilder.data.aws_secretsmanager_secret_version.environment_management: Reading...
module.imagebuilder.data.terraform_remote_state.core_shared_services_production: Read complete after 2s
module.imagebuilder.data.aws_secretsmanager_secret_version.environment_management: Read complete after 0s [id=<REDACTED>]
module.imagebuilder.data.aws_caller_identity.current: Reading...
module.imagebuilder.data.aws_imagebuilder_component.this["update-linux"]: Reading...
module.imagebuilder.data.aws_ami.parent[0]: Reading...
module.imagebuilder.data.aws_caller_identity.current: Read complete after 1s [id=<REDACTED>]
module.imagebuilder.data.aws_kms_key.hmpps_ebs_encryption_cmk: Reading...
module.imagebuilder.data.aws_kms_key.hmpps_ebs_encryption_cmk: Read complete after 0s [id=<REDACTED>]
module.imagebuilder.data.aws_imagebuilder_component.this["update-linux"]: Read complete after 1s [id=<REDACTED>]
module.imagebuilder.aws_imagebuilder_component.this["stig_rhel6_ansible.yml.tftpl"]: Refreshing state... [id=<REDACTED>]
module.imagebuilder.aws_imagebuilder_infrastructure_configuration.this: Refreshing state... [id=<REDACTED>]
module.imagebuilder.aws_imagebuilder_distribution_configuration.this: Refreshing state... [id=<REDACTED>]
module.imagebuilder.data.aws_ami.parent[0]: Read complete after 1s [id=<REDACTED>]
module.imagebuilder.aws_imagebuilder_image_recipe.this: Refreshing state... [id=<REDACTED>]
module.imagebuilder.aws_imagebuilder_image_pipeline.this: Refreshing state... [id=<REDACTED>]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement
+/- create replacement and then destroy

Terraform will perform the following actions:

  # module.imagebuilder.aws_imagebuilder_component.this["stig_rhel6_ansible.yml.tftpl"] must be replaced
+/- resource "aws_imagebuilder_component" "this" {
      ~ arn                   = "arn:aws:imagebuilder:eu-west-2:374269020027:component/base-rhel-6-10-stig-rhel6-ansible/0.2.4/1" -> (known after apply)
      ~ data                  = <<-EOT # forces replacement
            ---
            name: base_rhel_6_10_stig_rhel6_ansible
            description: Install ansible roles for running stig_rhel6
            schemaVersion: 1.0
            parameters:
              - Version:
                  type: string
                  default: 0.2.4
                  description: Uses the recipe version to avoid any issues with the branch template arg.
              - Platform:
                  type: string
                  default: "Linux"
                  description: Platform.
            phases:
              - name: build
                steps:
                  # Install ansible roles
                  - name: InstallAndRunAnsible
                    action: ExecuteBash
                    inputs:
                      commands:
                        - |
                          set -e
                          PATH=$PATH:/usr/local/bin
                          run_ansible() {
                            repo="modernisation-platform-ami-builds"
                            ami_tag="base_rhel_6_10"
            
                            # clone ansible roles and playbook
                            yum install -y git
                            ansible_dir=$(mktemp -d)
          -                 echo "Cloning $repo into $ansible_dir using branch=dso-2239/ansible-failure-handling-in-ami-builds"
          +                 echo "Cloning $repo into $ansible_dir using branch=main"
                            cd $ansible_dir
          -                 git clone -b dso-2239/ansible-failure-handling-in-ami-builds "https://github.com/ministryofjustice/$repo.git"
          +                 git clone -b main "https://github.com/ministryofjustice/$repo.git"
            
                            # set python version
                            if [[ $(which python3.9) ]]; then
                              python=$(which python3.9)
                            elif [[ $(which python3.6) ]]; then
                              python=$(which python3.6)
                            else
                              echo "Python3.9/3.6 not found"
                              exit 1
                            fi
                            echo "python: $python"
            
                            # install python dependencies outside of virtual env so ansible
                            # can be executed remotely
                            cd $ansible_dir/$repo/ansible
                            $python -m pip install -r requirements.txt
            
                            # activate virtual environment
                            mkdir $ansible_dir/python-venv && cd "$_"
                            $python -m venv ansible
                            source ansible/bin/activate
                            $python -m pip install --upgrade pip
                            if [[ "$python" =~ 3.6 ]]; then
                              $python -m pip install wheel
                              $python -m pip install cryptography==2.3
                              export LC_ALL=en_US.UTF-8
                              $python -m pip install ansible-core==2.11.12
                            else
                              $python -m pip install ansible==6.0.0
                            fi
            
                            # install requirements in virtual env
                            cd $ansible_dir/$repo/ansible
                            $python -m pip install -r requirements.txt
                            ansible-galaxy role install -r requirements.rhel6.yml
                            ansible-galaxy collection install -r requirements.rhel6.yml --force
            
                            # run ansible (note comma after localhost is deliberate)
                            ansible-playbook -v playbooks/stig_rhel6.yml \
                            --connection=local \
                            --inventory localhost, \
                            --extra-vars "ansible_python_interpreter=$python" \
                            --extra-vars "target=localhost" \
                            --tags "amibuild,prelim,cat1,cat2" \
                            --skip-tags "low,aide,sshd,selinux,V-38484,V-38497,V-38518,V-38519,V-38585,V-38623,V-51337" \
                            --become
            
                            # Cleanup
                            deactivate
                            echo "Cleaning up $ansible_dir"
                            rm -rf $ansible_dir/$repo
                            rm -rf $ansible_dir/python-venv
                            rmdir $ansible_dir
                          }
                          echo "stig_rhel6_ansible $ami_tag start" | logger -p local3.info -t ami-component
                          run_ansible 2>&1 | logger -p local3.info -t ami-component -s 2>&1
                          echo "stig_rhel6_ansible $ami_tag end" | logger -p local3.info -t ami-component
        EOT
      ~ date_created          = "2023-11-28T20:22:48.802Z" -> (known after apply)
      ~ encrypted             = true -> (known after apply)
      ~ id                    = "arn:aws:imagebuilder:eu-west-2:374269020027:component/base-rhel-6-10-stig-rhel6-ansible/0.2.4/1" -> (known after apply)
        name                  = "base_rhel_6_10_stig_rhel6_ansible"
      ~ owner                 = "374269020027" -> (known after apply)
      - supported_os_versions = [] -> null
      ~ tags                  = {
            "application"                               = "n/a"
            "base_rhel_6_10_stig_rhel6_ansible-version" = "0.2.4"
          ~ "branch"                                    = "dso-2239/ansible-failure-handling-in-ami-builds" -> "main"
            "business-unit"                             = "HMPPS"
            "image-pipeline"                            = "base_rhel_6_10"
            "image-recipe"                              = "base_rhel_6_10/0.2.4"
            "infrastructure-configuration"              = "base_rhel_6_10/0.2.4"
          ~ "is-production"                             = "false" -> "true"
            "os-version"                                = "rhel 6.10"
            "owner"                                     = "[email protected]"
          ~ "release-or-patch"                          = "test" -> "n/a"
            "source-code"                               = "https://github.com/ministryofjustice/modernisation-platform-ami-builds/tree/main/commonimages/base/rhel_6_10"
            "update-linux-version"                      = "1.0.2"
        }
      ~ tags_all              = {
          ~ "branch"                                    = "dso-2239/ansible-failure-handling-in-ami-builds" -> "main"
          ~ "is-production"                             = "false" -> "true"
          ~ "release-or-patch"                          = "test" -> "n/a"
            # (10 unchanged elements hidden)
        }
      ~ type                  = "BUILD" -> (known after apply)
        # (5 unchanged attributes hidden)
    }

  # module.imagebuilder.aws_imagebuilder_distribution_configuration.this will be updated in-place
  ~ resource "aws_imagebuilder_distribution_configuration" "this" {
        id           = "arn:aws:imagebuilder:eu-west-2:374269020027:distribution-configuration/base-rhel-6-10"
        name         = "base_rhel_6_10"
      ~ tags         = {
            "application"                               = "n/a"
            "base_rhel_6_10_stig_rhel6_ansible-version" = "0.2.4"
          ~ "branch"                                    = "dso-2239/ansible-failure-handling-in-ami-builds" -> "main"
            "business-unit"                             = "HMPPS"
            "image-pipeline"                            = "base_rhel_6_10"
            "image-recipe"                              = "base_rhel_6_10/0.2.4"
            "infrastructure-configuration"              = "base_rhel_6_10/0.2.4"
          ~ "is-production"                             = "false" -> "true"
            "os-version"                                = "rhel 6.10"
            "owner"                                     = "[email protected]"
          ~ "release-or-patch"                          = "test" -> "n/a"
            "source-code"                               = "https://github.com/ministryofjustice/modernisation-platform-ami-builds/tree/main/commonimages/base/rhel_6_10"
            "update-linux-version"                      = "1.0.2"
        }
      ~ tags_all     = {
          ~ "branch"                                    = "dso-2239/ansible-failure-handling-in-ami-builds" -> "main"
          ~ "is-production"                             = "false" -> "true"
          ~ "release-or-patch"                          = "test" -> "n/a"
            # (10 unchanged elements hidden)
        }
        # (4 unchanged attributes hidden)

      - distribution {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }
      + distribution {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }
    }

  # module.imagebuilder.aws_imagebuilder_image_pipeline.this must be replaced
-/+ resource "aws_imagebuilder_image_pipeline" "this" {
      ~ arn                              = "arn:aws:imagebuilder:eu-west-2:374269020027:image-pipeline/base-rhel-6-10" -> (known after apply)
      ~ date_created                     = "2023-11-28T20:22:53.166Z" -> (known after apply)
      + date_last_run                    = (known after apply)
      ~ date_next_run                    = "2023-12-01T00:00:00.000Z" -> (known after apply)
      ~ date_updated                     = "2023-11-28T20:22:53.166Z" -> (known after apply)
      ~ id                               = "arn:aws:imagebuilder:eu-west-2:374269020027:image-pipeline/base-rhel-6-10" -> (known after apply)
      ~ image_recipe_arn                 = "arn:aws:imagebuilder:eu-west-2:374269020027:image-recipe/base-rhel-6-10/0.2.4" # forces replacement -> (known after apply) # forces replacement
        name                             = "base_rhel_6_10"
      ~ platform                         = "Linux" -> (known after apply)
      ~ tags                             = {
            "application"                               = "n/a"
            "base_rhel_6_10_stig_rhel6_ansible-version" = "0.2.4"
          ~ "branch"                                    = "dso-2239/ansible-failure-handling-in-ami-builds" -> "main"
            "business-unit"                             = "HMPPS"
            "image-pipeline"                            = "base_rhel_6_10"
            "image-recipe"                              = "base_rhel_6_10/0.2.4"
            "infrastructure-configuration"              = "base_rhel_6_10/0.2.4"
          ~ "is-production"                             = "false" -> "true"
            "os-version"                                = "rhel 6.10"
            "owner"                                     = "[email protected]"
          ~ "release-or-patch"                          = "test" -> "n/a"
            "source-code"                               = "https://github.com/ministryofjustice/modernisation-platform-ami-builds/tree/main/commonimages/base/rhel_6_10"
            "update-linux-version"                      = "1.0.2"
        }
      ~ tags_all                         = {
          ~ "branch"                                    = "dso-2239/ansible-failure-handling-in-ami-builds" -> "main"
          ~ "is-production"                             = "false" -> "true"
          ~ "release-or-patch"                          = "test" -> "n/a"
            # (10 unchanged elements hidden)
        }
        # (5 unchanged attributes hidden)

      ~ schedule {
          + timezone                           = (known after apply)
            # (2 unchanged attributes hidden)
        }

        # (1 unchanged block hidden)
    }

  # module.imagebuilder.aws_imagebuilder_image_recipe.this must be replaced
+/- resource "aws_imagebuilder_image_recipe" "this" {
      ~ arn              = "arn:aws:imagebuilder:eu-west-2:374269020027:image-recipe/base-rhel-6-10/0.2.4" -> (known after apply)
      ~ date_created     = "2023-11-28T20:22:52.044Z" -> (known after apply)
      ~ id               = "arn:aws:imagebuilder:eu-west-2:374269020027:image-recipe/base-rhel-6-10/0.2.4" -> (known after apply)
        name             = "base_rhel_6_10"
      ~ owner            = "374269020027" -> (known after apply)
      ~ platform         = "Linux" -> (known after apply)
      ~ tags             = {
            "application"                               = "n/a"
            "base_rhel_6_10_stig_rhel6_ansible-version" = "0.2.4"
          ~ "branch"                                    = "dso-2239/ansible-failure-handling-in-ami-builds" -> "main"
            "business-unit"                             = "HMPPS"
            "image-pipeline"                            = "base_rhel_6_10"
            "image-recipe"                              = "base_rhel_6_10/0.2.4"
            "infrastructure-configuration"              = "base_rhel_6_10/0.2.4"
          ~ "is-production"                             = "false" -> "true"
            "os-version"                                = "rhel 6.10"
            "owner"                                     = "[email protected]"
          ~ "release-or-patch"                          = "test" -> "n/a"
            "source-code"                               = "https://github.com/ministryofjustice/modernisation-platform-ami-builds/tree/main/commonimages/base/rhel_6_10"
            "update-linux-version"                      = "1.0.2"
        }
      ~ tags_all         = {
          ~ "branch"                                    = "dso-2239/ansible-failure-handling-in-ami-builds" -> "main"
          ~ "is-production"                             = "false" -> "true"
          ~ "release-or-patch"                          = "test" -> "n/a"
            # (10 unchanged elements hidden)
        }
        # (4 unchanged attributes hidden)

      - block_device_mapping {
          - device_name = "/dev/sda1" -> null
          - no_device   = false -> null

          - ebs {
              - delete_on_termination = "true" -> null
              - encrypted             = "true" -> null
              - iops                  = 0 -> null
              - kms_key_id            = "arn:aws:kms:eu-west-2:374269020027:key/12984197-3371-4c21-8e43-a88a1581e691" -> null
              - throughput            = 0 -> null
              - volume_size           = 30 -> null
              - volume_type           = "gp3" -> null
            }
        }
      + block_device_mapping {
          + device_name = "/dev/sda1"

          + ebs {
              + delete_on_termination = "true"
              + encrypted             = "true"
              + kms_key_id            = "arn:aws:kms:eu-west-2:374269020027:key/12984197-3371-4c21-8e43-a88a1581e691"
              + volume_size           = 30
              + volume_type           = "gp3"
            }
        }

      ~ component {
          ~ component_arn = "arn:aws:imagebuilder:eu-west-2:374269020027:component/base-rhel-6-10-stig-rhel6-ansible/0.2.4/1" # forces replacement -> (known after apply) # forces replacement
        }

        # (4 unchanged blocks hidden)
    }

  # module.imagebuilder.aws_imagebuilder_infrastructure_configuration.this will be updated in-place
  ~ resource "aws_imagebuilder_infrastructure_configuration" "this" {
        id                            = "arn:aws:imagebuilder:eu-west-2:374269020027:infrastructure-configuration/base-rhel-6-10-0-2-4"
        name                          = "base_rhel_6_10_0_2_4"
      ~ resource_tags                 = {
          ~ "branch"                                    = "dso-2239/ansible-failure-handling-in-ami-builds" -> "main"
          ~ "is-production"                             = "false" -> "true"
          ~ "release-or-patch"                          = "test" -> "n/a"
            # (10 unchanged elements hidden)
        }
      ~ tags                          = {
            "application"                               = "n/a"
            "base_rhel_6_10_stig_rhel6_ansible-version" = "0.2.4"
          ~ "branch"                                    = "dso-2239/ansible-failure-handling-in-ami-builds" -> "main"
            "business-unit"                             = "HMPPS"
            "image-pipeline"                            = "base_rhel_6_10"
            "image-recipe"                              = "base_rhel_6_10/0.2.4"
            "infrastructure-configuration"              = "base_rhel_6_10/0.2.4"
          ~ "is-production"                             = "false" -> "true"
            "os-version"                                = "rhel 6.10"
            "owner"                                     = "[email protected]"
          ~ "release-or-patch"                          = "test" -> "n/a"
            "source-code"                               = "https://github.com/ministryofjustice/modernisation-platform-ami-builds/tree/main/commonimages/base/rhel_6_10"
            "update-linux-version"                      = "1.0.2"
        }
      ~ tags_all                      = {
          ~ "branch"                                    = "dso-2239/ansible-failure-handling-in-ami-builds" -> "main"
          ~ "is-production"                             = "false" -> "true"
          ~ "release-or-patch"                          = "test" -> "n/a"
            # (10 unchanged elements hidden)
        }
        # (8 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 3 to add, 2 to change, 3 to destroy.

github-actions · 2023-11-28T20:32:46Z

commonimages/components terraform plan on pull_request event #199

data.aws_secretsmanager_secret.environment_management: Reading...
data.aws_secretsmanager_secret.environment_management: Read complete after 1s [id=<REDACTED>]
data.aws_secretsmanager_secret_version.environment_management: Reading...
data.aws_secretsmanager_secret_version.environment_management: Read complete after 0s [id=<REDACTED>]
data.aws_caller_identity.current: Reading...
data.aws_caller_identity.current: Read complete after 0s [id=<REDACTED>]
data.aws_kms_key.hmpps_ebs_encryption_cmk: Reading...
data.aws_kms_key.hmpps_ebs_encryption_cmk: Read complete after 0s [id=<REDACTED>]
aws_imagebuilder_component.this["prometheus_windows_exporter.yml"]: Refreshing state... [id=<REDACTED>]
aws_imagebuilder_component.this["yum_packages.yml"]: Refreshing state... [id=<REDACTED>]
aws_imagebuilder_component.this["python_3_6.yml"]: Refreshing state... [id=<REDACTED>]
aws_imagebuilder_component.this["aws_cli.yml"]: Refreshing state... [id=<REDACTED>]
aws_imagebuilder_component.this["python_3_9.yml"]: Refreshing state... [id=<REDACTED>]
aws_imagebuilder_component.this["ansible.yml"]: Refreshing state... [id=<REDACTED>]
aws_imagebuilder_component.this["powershell_core.yml"]: Refreshing state... [id=<REDACTED>]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
+/- create replacement and then destroy

Terraform will perform the following actions:

  # aws_imagebuilder_component.this["ansible.yml"] must be replaced
+/- resource "aws_imagebuilder_component" "this" {
      ~ arn                   = "arn:aws:imagebuilder:eu-west-2:374269020027:component/ansible/0.0.8/1" -> (known after apply)
      ~ data                  = <<-EOT # forces replacement
            ---
            name: ansible
            description: Install ansible roles
            schemaVersion: 1.0
            parameters:
              - Version:
                  type: string
          -       default: 0.0.8
          +       default: 0.0.10
                  description: "Component version, increment if you make changes."
              - Platform:
                  type: string
                  default: "Linux"
                  description: Platform.
              - Ami:
                  type: string
                  description: "Name of AMI. There must be a group_vars/ami_$Ami file in the repo."
              - Branch:
                  type: string
                  default: main
                  description: Git branch to use when cloning the ansible repo
              - AnsibleRepo:
                  type: string
                  default: modernisation-platform-configuration-management
                  description: The ansible github repo to clone
              - AnsibleRepoDir:
                  type: string
                  default: ansible
                  description: The directory in the repo where the ansible code is found
              - AnsibleTags:
                  type: string
                  default: amibuild
                  description: The tags to run ansible with
              - AnsibleArgs:
                  type: string
                  default: ""
                  description: Any other additional arguments to pass into ansible
            phases:
              - name: build
                steps:
                  # Install ansible roles
                  - name: InstallAndRunAnsible
                    action: ExecuteBash
                    inputs:
                      commands:
                        - |
                          # do not set -u as it breaks on RedHat 6
                          set -e
                          PATH=$PATH:/usr/local/bin
                          run_ansible() {
                            # define all params here to make standalone testing of script easier
                            repo="{{ AnsibleRepo }}"
                            ami_tag="{{ Ami }}"
                            ansible_repo_dir="{{ AnsibleRepoDir }}"
                            ansible_tags="{{ AnsibleTags }}"
                            ansible_args="{{ AnsibleArgs }}"
                            branch="{{ Branch }}"
            
                            # clone ansible roles and playbook
                            yum install -y git
                            ansible_dir=$(mktemp -d)
                            echo "Cloning $repo into $ansible_dir using branch=$branch"
                            cd $ansible_dir
                            git clone -b $branch "https://github.com/ministryofjustice/$repo.git"
            
                            # set python version
                            # check if already installed (e.g. RHEL6/7 via python component)
                            if [[ $(which python3.9 2> /dev/null) ]]; then
                              python=$(which python3.9)
                            elif [[ $(which python3.6 2> /dev/null) ]]; then
                              python=$(which python3.6)
                            else
                              # otherwise just install via yum
                              yum install -y python39 || true
                              if [[ $(which python3.9 2> /dev/null) ]]; then
                                python=$(which python3.9)
                              else
                                echo "Python3.9/3.6 not found"
                                exit 1
                              fi
                            fi
                            echo "python: $python"
            
                            # install python dependencies outside of virtual env so ansible
                            # can be executed remotely
                            cd $ansible_dir/$repo/$ansible_repo_dir
                            $python -m pip install -r requirements.txt
            
                            # activate virtual environment
                            mkdir $ansible_dir/python-venv && cd "$_"
                            $python -m venv ansible
                            source ansible/bin/activate
                            $python -m pip install --upgrade pip
                            if [[ "$python" =~ 3.6 ]]; then
                              $python -m pip install wheel
                              $python -m pip install cryptography==2.3
                              export LC_ALL=en_US.UTF-8
                              $python -m pip install ansible-core==2.11.12
                            else
                              $python -m pip install ansible==6.0.0
                            fi
            
                            # install requirements in virtual env
                            cd $ansible_dir/$repo/$ansible_repo_dir
                            $python -m pip install -r requirements.txt
                            ansible-galaxy role install -r requirements.yml
                            ansible-galaxy collection install -r requirements.yml --force
            
                            # run ansible (note comma after localhost is deliberate)
                            ansible-playbook site.yml \
                            --connection=local \
                            --inventory localhost, \
                            --extra-vars "ansible_python_interpreter=$python" \
                            --extra-vars "target=localhost" \
                            --extra-vars "@group_vars/ami_$ami_tag.yml" \
                            --tags "$ansible_tags" \
                            --become $ansible_args
            
                            # Cleanup
                            deactivate
                            echo "Cleaning up $ansible_dir"
                            rm -rf $ansible_dir/$repo
                            rm -rf $ansible_dir/python-venv
                            rmdir $ansible_dir
                          }
                          echo "ansible $ami_tag start" | logger -p local3.info -t ami-component
                          run_ansible | logger -p local3.info -t ami-component -s 2>&1
                          echo "ansible $ami_tag end" | logger -p local3.info -t ami-component
        EOT
      ~ date_created          = "2023-11-28T15:27:18.841Z" -> (known after apply)
      ~ encrypted             = true -> (known after apply)
      ~ id                    = "arn:aws:imagebuilder:eu-west-2:374269020027:component/ansible/0.0.8/1" -> (known after apply)
        name                  = "ansible"
      ~ owner                 = "374269020027" -> (known after apply)
      - supported_os_versions = [] -> null
      ~ tags                  = {
            "application"   = "n/a"
          ~ "branch"        = "dso-2239/ansible-failure-handling-in-ami-builds" -> "main"
            "business-unit" = "HMPPS"
          ~ "is-production" = "false" -> "true"
            "owner"         = "[email protected]"
            "source-code"   = "https://github.com/ministryofjustice/modernisation-platform-ami-builds/tree/main/commonimages/components"
        }
      ~ tags_all              = {
          ~ "branch"        = "dso-2239/ansible-failure-handling-in-ami-builds" -> "main"
          ~ "is-production" = "false" -> "true"
            # (4 unchanged elements hidden)
        }
      ~ type                  = "BUILD" -> (known after apply)
      ~ version               = "0.0.8" -> "0.0.10" # forces replacement
        # (4 unchanged attributes hidden)
    }

  # aws_imagebuilder_component.this["aws_cli.yml"] will be updated in-place
  ~ resource "aws_imagebuilder_component" "this" {
        id                    = "arn:aws:imagebuilder:eu-west-2:374269020027:component/aws-cli/0.0.3/1"
        name                  = "aws_cli"
      ~ tags                  = {
            "application"   = "n/a"
          ~ "branch"        = "dso-2239/ansible-failure-handling-in-ami-builds" -> "main"
            "business-unit" = "HMPPS"
          ~ "is-production" = "false" -> "true"
            "owner"         = "[email protected]"
            "source-code"   = "https://github.com/ministryofjustice/modernisation-platform-ami-builds/tree/main/commonimages/components"
        }
      ~ tags_all              = {
          ~ "branch"        = "dso-2239/ansible-failure-handling-in-ami-builds" -> "main"
          ~ "is-production" = "false" -> "true"
            # (4 unchanged elements hidden)
        }
        # (12 unchanged attributes hidden)
    }

  # aws_imagebuilder_component.this["powershell_core.yml"] will be updated in-place
  ~ resource "aws_imagebuilder_component" "this" {
        id                    = "arn:aws:imagebuilder:eu-west-2:374269020027:component/powershell-core/0.3.0/1"
        name                  = "powershell_core"
      ~ tags                  = {
            "application"   = "n/a"
          ~ "branch"        = "dso-2239/ansible-failure-handling-in-ami-builds" -> "main"
            "business-unit" = "HMPPS"
          ~ "is-production" = "false" -> "true"
            "owner"         = "[email protected]"
            "source-code"   = "https://github.com/ministryofjustice/modernisation-platform-ami-builds/tree/main/commonimages/components"
        }
      ~ tags_all              = {
          ~ "branch"        = "dso-2239/ansible-failure-handling-in-ami-builds" -> "main"
          ~ "is-production" = "false" -> "true"
            # (4 unchanged elements hidden)
        }
        # (12 unchanged attributes hidden)
    }

  # aws_imagebuilder_component.this["prometheus_windows_exporter.yml"] will be updated in-place
  ~ resource "aws_imagebuilder_component" "this" {
        id                    = "arn:aws:imagebuilder:eu-west-2:374269020027:component/prometheus-windows-exporter/1.1.7/1"
        name                  = "prometheus_windows_exporter"
      ~ tags                  = {
            "application"   = "n/a"
          ~ "branch"        = "dso-2239/ansible-failure-handling-in-ami-builds" -> "main"
            "business-unit" = "HMPPS"
          ~ "is-production" = "false" -> "true"
            "owner"         = "[email protected]"
            "source-code"   = "https://github.com/ministryofjustice/modernisation-platform-ami-builds/tree/main/commonimages/components"
        }
      ~ tags_all              = {
          ~ "branch"        = "dso-2239/ansible-failure-handling-in-ami-builds" -> "main"
          ~ "is-production" = "false" -> "true"
            # (4 unchanged elements hidden)
        }
        # (12 unchanged attributes hidden)
    }

  # aws_imagebuilder_component.this["python_3_6.yml"] will be updated in-place
  ~ resource "aws_imagebuilder_component" "this" {
        id                    = "arn:aws:imagebuilder:eu-west-2:374269020027:component/python-3-6/0.0.4/1"
        name                  = "python_3_6"
      ~ tags                  = {
            "application"   = "n/a"
          ~ "branch"        = "dso-2239/ansible-failure-handling-in-ami-builds" -> "main"
            "business-unit" = "HMPPS"
          ~ "is-production" = "false" -> "true"
            "owner"         = "[email protected]"
            "source-code"   = "https://github.com/ministryofjustice/modernisation-platform-ami-builds/tree/main/commonimages/components"
        }
      ~ tags_all              = {
          ~ "branch"        = "dso-2239/ansible-failure-handling-in-ami-builds" -> "main"
          ~ "is-production" = "false" -> "true"
            # (4 unchanged elements hidden)
        }
        # (12 unchanged attributes hidden)
    }

  # aws_imagebuilder_component.this["python_3_9.yml"] will be updated in-place
  ~ resource "aws_imagebuilder_component" "this" {
        id                    = "arn:aws:imagebuilder:eu-west-2:374269020027:component/python-3-9/0.0.3/1"
        name                  = "python_3_9"
      ~ tags                  = {
            "application"   = "n/a"
          ~ "branch"        = "dso-2239/ansible-failure-handling-in-ami-builds" -> "main"
            "business-unit" = "HMPPS"
          ~ "is-production" = "false" -> "true"
            "owner"         = "[email protected]"
            "source-code"   = "https://github.com/ministryofjustice/modernisation-platform-ami-builds/tree/main/commonimages/components"
        }
      ~ tags_all              = {
          ~ "branch"        = "dso-2239/ansible-failure-handling-in-ami-builds" -> "main"
          ~ "is-production" = "false" -> "true"
            # (4 unchanged elements hidden)
        }
        # (12 unchanged attributes hidden)
    }

  # aws_imagebuilder_component.this["yum_packages.yml"] will be updated in-place
  ~ resource "aws_imagebuilder_component" "this" {
        id                    = "arn:aws:imagebuilder:eu-west-2:374269020027:component/yum-packages/0.0.1/1"
        name                  = "yum_packages"
      ~ tags                  = {
            "application"   = "n/a"
          ~ "branch"        = "dso-2239/ansible-failure-handling-in-ami-builds" -> "main"
            "business-unit" = "HMPPS"
          ~ "is-production" = "false" -> "true"
            "owner"         = "[email protected]"
            "source-code"   = "https://github.com/ministryofjustice/modernisation-platform-ami-builds/tree/main/commonimages/components"
        }
      ~ tags_all              = {
          ~ "branch"        = "dso-2239/ansible-failure-handling-in-ami-builds" -> "main"
          ~ "is-production" = "false" -> "true"
            # (4 unchanged elements hidden)
        }
        # (12 unchanged attributes hidden)
    }

Plan: 1 to add, 6 to change, 1 to destroy.

Warning: Value for undeclared variable

The root module does not declare a variable named "account_to_distribute_ami"
but a value was found in file "terraform.tfvars". If you meant to use this
value, add a "variable" block to the configuration.

To silence these warnings, use TF_VAR_... environment variables to provide
certain "global" settings to all configurations in your organization. To
reduce the verbosity of these warnings, use the -compact-warnings option.

Shajida Akthar added 20 commits November 13, 2023 10:12

Increment config version for rhel_6_10_weblogic_appserver_10_3

b171b52

Merge branch 'main' into dso-2239/ansible-failure-handling-in-ami-builds

0dd1ad0

Ansible version updated

b5f2a35

Increment ansible component version

2fdbf10

Ansible component fail test

7eef5b0

Merge branch 'main' into dso-2239/ansible-failure-handling-in-ami-builds

19ce25e

Removing stderr to stdout on build component

b327c83

nomis rhel_6_10 image to use requirements.rhel6.yml

5037de7

Update custom components for nomis and base rhel_6_10

00615c6

Add path root

1c7a4b1

Undo custom components for test

3288c40

Test re-run with root path

d61d651

Test failed component

1ac084b

Merge branch 'main' into dso-2239/ansible-failure-handling-in-ami-builds

ee69f36

Invoke ansible error

21ab667

Ansible component version increment

0c1617c

Nomis weblogic app server to use stig_rhel template

ae8fdcf

Update config versions

d8c8e7f

Revert version update

4ab0a3e

Revert version update

9f66d4c

shajida95 requested review from a team as code owners November 28, 2023 20:31

shajida95 closed this Nov 28, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Dso 2239/ansible failure handling in ami builds #638

Dso 2239/ansible failure handling in ami builds #638

shajida95 commented Nov 28, 2023

github-actions bot commented Nov 28, 2023

github-actions bot commented Nov 28, 2023

Dso 2239/ansible failure handling in ami builds #638

Dso 2239/ansible failure handling in ami builds #638

Conversation

shajida95 commented Nov 28, 2023

github-actions bot commented Nov 28, 2023

github-actions bot commented Nov 28, 2023