An Ansible role for installing the cyhy_archive.sh script from
cisagov/cyhy-core.
In order to execute the Molecule tests for this Ansible role in GitHub Actions, a build user must exist in AWS. The accompanying Terraform code will create the user with the appropriate name and permissions. This only needs to be run once per project, per AWS account. This user can also be used to run the Molecule tests on your local machine.
Before the build user can be created, you will need a profile in your
AWS credentials file that allows you to read and write your remote
Terraform state. (You almost certainly do not want to use local
Terraform state for this long-lived build user.) If the build user is
to be created in the CISA COOL environment, for example, then you will
need the cool-terraform-backend profile.
The easiest way to set up the Terraform remote state profile is to
make use of our
aws-profile-sync
utility. Follow the usage instructions in that repository before
continuing with the next steps, and note that you will need to know
where your team stores their remote profile data in order to use
aws-profile-sync.
To create the build user, follow these instructions:
cd terraform
terraform init --upgrade=true
terraform applyNone.
| Variable | Description | Default | Required |
|---|---|---|---|
| cyhy_archive_file_owner_group | The name of the group that should own any files or directories created by this role. | Omitted | No |
| cyhy_archive_file_owner_username | The name of the user that should own any files or directories created by this role. | Omitted | No |
| cyhy_archive_install_geoipupdate | Whether to install the MaxMind geoipupdate tool. | false |
No |
| cyhy_archive_maxmind_account_id | The MaxMind account ID for access to a GeoIP2 database subscription. | n/a | Yes |
| cyhy_archive_maxmind_license_key | The MaxMind license key that provides access to a GeoIP2 database subscription. | n/a | Yes |
This role can be installed via the command:
ansible-galaxy install --role-file path/to/requirements.ymlwhere requirements.yml looks like:
---
- name: cyhy_archive
src: https://github.com/cisagov/ansible-role-cyhy-archiveand may contain other roles as well.
For more information about installing Ansible roles via a YAML file,
please see the ansible-galaxy
documentation.
Here's how to use it in a playbook:
- hosts: all
become: true
become_method: sudo
tasks:
- name: Install cisagov/cyhy-archive
ansible.builtin.include_role:
name: cyhy_archiveWe welcome contributions! Please see CONTRIBUTING.md for
details.
This project is in the worldwide public domain.
This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.
All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.
Shane Frasier - jeremy.frasier@gwe.cisa.dhs.gov