Enterprise-CMCS · cthulhuplus · Apr 6, 2023 · Mar 27, 2023 · Mar 28, 2023 · Apr 4, 2023
diff --git a/bin/preview-deploy/aws.user-data.sh b/bin/preview-deploy/aws.user-data.sh
@@ -191,4 +191,4 @@ su - ec2-user -c 'pm2 save'
 su - ec2-user -c 'pm2 restart "eAPD API"'
 
 yum upgrade -y
-yum update -y
+yum update -y
diff --git a/bin/prod-deploy/aws.user-data.sh b/bin/prod-deploy/aws.user-data.sh
@@ -239,6 +239,7 @@ pm2 start ecosystem.config.cjs
 E_USER
 
 # Restart New Relic Infrastructure Monitor
+yum install newrelic-infra -y
 systemctl enable newrelic-infra
 systemctl start newrelic-infra
 
@@ -249,4 +250,5 @@ su - ec2-user -c 'pm2 save'
 su - ec2-user -c 'pm2 restart "eAPD API"'
 
 yum upgrade -y
-yum update -y
+yum update -y
+
diff --git a/packer/backend-ami.pkr.hcl b/packer/backend-ami.pkr.hcl
@@ -33,6 +33,6 @@ build {
         environment_vars = [
             "ENVIRONMENT=${var.environment}"
         ]        
-        script = "./backend20220608.sh"
+        script = "./backend20230405.sh"
     }
 }
diff --git a/packer/backend20220608.sh → packer/backend20230405.sh b/packer/backend20220608.sh → packer/backend20230405.sh
@@ -3,6 +3,8 @@
 # Become root user to perform installation and configuration
 sudo su <<R_USER
 #!/bin/bash
+yum upgrade -y
+yum update -y
 
 # Update Logrotate Configuration
 # Logs are offloaded to CloudWatch & Splunk
@@ -18,17 +20,13 @@ mkdir /app
 chown -R :eapd /app
 chmod g+w /app
 
-# Oddly, EC2 images don't have git installed.
+# Install Git
 yum -y install git
 
-# Install New Relic Infrastructure Monitor
-curl -o /etc/yum.repos.d/newrelic-infra.repo https://download.newrelic.com/infrastructure_agent/linux/yum/el/7/x86_64/newrelic-infra.repo
-yum -q makecache -y --disablerepo='*' --enablerepo='newrelic-infra'
-yum install newrelic-infra -y
-
 # Become the default user. Everything between "<<E_USER" and "E_USER" will be
 # run in the context of this su command.
 su ec2-user <<E_USER
+
 # The su block begins inside the root user's home directory.  Switch to the
 # ec2-user home directory.
 cd ~

diff --git a/packer/preview-ami.pkr.hcl b/packer/preview-ami.pkr.hcl
@@ -60,10 +60,10 @@ build {
             "PREVIEW_TEALIUM_TAG=${var.preview_tealium_tag}",
             "PREVIEW_TEALIUM_ENV=${var.preview_tealium_env}"
         ]        
-        script = "./preview20220608.sh"
+        script = "./preview20230405.sh"
     }
     provisioner "file" {
         source = "nginx.conf.tpl"
         destination = "/home/ec2-user/nginx.conf.tpl"
     }
-}
+}
diff --git a/packer/preview20220608.sh → packer/preview20230405.sh b/packer/preview20220608.sh → packer/preview20230405.sh
@@ -3,23 +3,25 @@
 # Become root user to perform installation and configuration
 sudo su <<R_USER
 #!/bin/bash
+yum upgrade -y
+yum update -y
 
 # Update Logrotate Configuration
 # Logs are offloaded to CloudWatch & Splunk
 sed -i 's|weekly|daily|g' /etc/logrotate.conf
 sed -i 's|rotate 12|rotate 5|g' /etc/logrotate.conf
 systemctl restart rsyslog
 
-# Install New Relic Infrastructure Monitor
-curl -o /etc/yum.repos.d/newrelic-infra.repo https://download.newrelic.com/infrastructure_agent/linux/yum/el/7/x86_64/newrelic-infra.repo
+## Install New Relic Infrastructure Monitor
+wget https://download.newrelic.com/infrastructure_agent/linux/yum/el/7/x86_64/newrelic-infra.repo
+mv newrelic-infra.repo /etc/yum.repos.d/newrelic-infra.repo
 yum -q makecache -y --disablerepo='*' --enablerepo='newrelic-infra'
 yum install newrelic-infra -y
 
 # Add a user group for the default user, and make it the owner of the /app
 # directory.  Unzip stuff there and then set permissions.
 groupadd eapd
 gpasswd -a ec2-user eapd
-
 mkdir /app
 mkdir /app/api
 mkdir /app/web
@@ -34,10 +36,8 @@ touch /app/api/logs/Database-migration-out.log
 touch /app/api/logs/Database-seeding-error.log
 touch /app/api/logs/Database-seeding-out.log
 touch /app/api/logs/cms-hitech-apd-api.logs
-
 chown -R :eapd /app
 chmod -R g+w /app
-
 mkdir /app/tls
 
 # Setup PostGres for Mongo Migraton
@@ -52,6 +52,7 @@ local     all         all                     peer
 host      all         all     127.0.0.1/32    password
 host      all         all     ::1/128         password
 " > /var/lib/pgsql/13/data/pg_hba.conf
+
 systemctl enable postgresql-13
 systemctl start postgresql-13
 
@@ -70,20 +71,20 @@ gpgkey=https://www.mongodb.org/static/pgp/server-5.0.asc
 yum -y install git
 yum -y install epel-release
 yum -y install nginx
-
 yum -y install mongodb-org-5.0.3-1.el7 checkpolicy
 
 # Install CloudWatch Agent
-curl -O https://s3.amazonaws.com/amazoncloudwatch-agent/redhat/amd64/latest/amazon-cloudwatch-agent.rpm
+wget https://s3.amazonaws.com/amazoncloudwatch-agent/redhat/amd64/latest/amazon-cloudwatch-agent.rpm
 rpm -U ./amazon-cloudwatch-agent.rpm
 rm ./amazon-cloudwatch-agent.rpm
 
 # Create self-signed certificates
 openssl genrsa -des3 -passout pass:x -out /app/tls/server.pass.key 2048
 openssl rsa -passin pass:x -in /app/tls/server.pass.key -out /app/tls/server.key
 rm -f /app/tls/server.pass.key
+
 # Use the instance metadata service to get public hostname
-openssl req -new -key /app/tls/server.key -out /app/tls/server.csr -subj "/CN=$(curl http://169.254.169.254/latest/meta-data/public-hostname)"
+openssl req -new -key /app/tls/server.key -out /app/tls/server.csr -subj "/CN=$(wget -qO- http://169.254.169.254/latest/meta-data/public-hostname)"
 openssl x509 -req -sha256 -days 365 -in /app/tls/server.csr -signkey /app/tls/server.key -out /app/tls/server.crt
 rm -f /app/tls/server.csr
 
@@ -149,7 +150,8 @@ export TERM="xterm"
 # Install nvm.  Do it inside the ec2-user home directory so that user will have
 # access to it forever, just in case we need to get into the machine and
 # manually do some stuff to it.
-curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.2/install.sh | bash
+wget -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.2/install.sh
+bash install.sh
 source ~/.bashrc
 
 # We're using Node 16.19.1, we care about minor/patch versions
@@ -335,12 +337,9 @@ cat <<CWVAROPTCONFIG > /opt/aws/amazon-cloudwatch-agent/doc/var-opt.json
     }
   }
 }
-
 CWVAROPTCONFIG
 
 /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a append-config -m ec2 -s -c file:/opt/aws/amazon-cloudwatch-agent/doc/app-logs.json
-
 /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a append-config -m ec2 -s -c file:/opt/aws/amazon-cloudwatch-agent/doc/var-log.json
-
 /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a append-config -m ec2 -s -c file:/opt/aws/amazon-cloudwatch-agent/doc/var-opt.json
 R_USER
diff --git a/terraform/legacy/public/modules/instances/eapd_jumpbox.tf b/terraform/legacy/public/modules/instances/eapd_jumpbox.tf
@@ -30,7 +30,12 @@ resource "aws_instance" "eapd_jumpbox_bb" {
         "cms-cloud-exempt:open-sg" = "CLDSPT-5877"
         "Patch Window" = "ITOPS-Wave1-Non-Mktplc-Prod-MW"
         Terraform = "True"
-    }   
+    }
+    user_data = <<-EOL
+    #!/bin/bash -xe
+    sudo sh -c "echo license_key: ${var.newrelic_liscense_key} >> /etc/newrelic-infra.yml"
+    EOL
+    user_data_replace_on_change = true
 }
 
 resource "aws_instance" "eapd_jumpbox_tf" {
@@ -53,6 +58,11 @@ resource "aws_instance" "eapd_jumpbox_tf" {
         "Patch Window" = "ITOPS-Wave1-Non-Mktplc-Prod-MW"
         Terraform = "True"
     }
+    user_data = <<-EOL
+    #!/bin/bash -xe
+    sudo sh -c "echo license_key: ${var.newrelic_liscense_key} >> /etc/newrelic-infra.yml"
+    EOL
+    user_data_replace_on_change = true    
 }
 resource "aws_instance" "eapd_jumpbox_tb" {
 
@@ -74,7 +84,12 @@ resource "aws_instance" "eapd_jumpbox_tb" {
         "cms-cloud-exempt:open-sg" = "CLDSPT-5877"
         "Patch Window" = "ITOPS-Wave1-Non-Mktplc-Prod-MW"
         Terraform = "True"
-    }   
+    }
+    user_data = <<-EOL
+    #!/bin/bash -xe
+    sudo sh -c "echo license_key: ${var.newrelic_liscense_key} >> /etc/newrelic-infra.yml"
+    EOL
+    user_data_replace_on_change = true    
 }
 
 resource "aws_instance" "eapd_jumpbox_nz" {
@@ -98,4 +113,9 @@ resource "aws_instance" "eapd_jumpbox_nz" {
         "Patch Window" = "ITOPS-Wave1-Non-Mktplc-Prod-MW"
         Terraform = "True"
     }
+    user_data = <<-EOL
+    #!/bin/bash -xe
+    sudo sh -c "echo license_key: ${var.newrelic_liscense_key} >> /etc/newrelic-infra.yml"
+    EOL
+    user_data_replace_on_change = true    
 }
diff --git a/terraform/legacy/public/modules/instances/variables.tf b/terraform/legacy/public/modules/instances/variables.tf
@@ -4,4 +4,4 @@ variable "eapd_jumpbox_key_name_tf" {}
 variable "eapd_jumpbox_key_name_tb" {}
 variable "eapd_jumpbox_vpc_security_group_ids" {}
 variable "eapd_jumpbox_subnet_id" {}
-
+variable "newrelic_liscense_key" {}
diff --git a/terraform/legacy/public/public.tf b/terraform/legacy/public/public.tf
@@ -38,5 +38,6 @@ module "instances" {
     eapd_jumpbox_key_name_tb                  = var.eapd_jumpbox_key_name_tb
     eapd_jumpbox_vpc_security_group_ids       = var.eapd_jumpbox_vpc_security_group_ids
     eapd_jumpbox_subnet_id                    = var.eapd_jumpbox_subnet_id
+    newrelic_liscense_key                     = var.newrelic_liscense_key
 }
 
diff --git a/terraform/legacy/public/variables.tf b/terraform/legacy/public/variables.tf
@@ -5,4 +5,4 @@ variable "eapd_jumpbox_key_name_tf" {}
 variable "eapd_jumpbox_key_name_tb" {}
 variable "eapd_jumpbox_vpc_security_group_ids" {}
 variable "eapd_jumpbox_subnet_id" {}
-
+variable "newrelic_liscense_key" {}