-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade select CyHy instances from Debian Bullseye to Debian Bookworm #746
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
With the release of Debian Bookworm on 2023-06-10 it makes sense to migrate our Debian Bullseye Packer configurations to Debian Bookworm.
Update the platforms supported for all of the Ansible roles defined in this repository.
We prefer to install the system package for Python packages whenever possible. This is especially important with Debian Bookworm because you cannot modify the system Python environment directly (with pip) by default. Switching from installing the pexpect package directly with pip to installing the python3-pexpect package is a suitable resolution.
Debian Bookworm switches DNS management from resolvconf to systemd-resolved. This change results in Bookworm instances having an incompatible hostname resolution configuration. Since we rely on cloud-init to automatically configure some of our DNS settings we need to adjust the configuration of Netplan (used by cloud-init) to get the correct configuration for our system. The issue is that Netplan uses a default of false for the value of dhcp4-overrides.use-domains and cloud-init does not explicitly set this key or provide a means to do so. We remedy this by modifying the cloud-init configuration of Bookworm instances to use a Python script to adjust the Netplan configuration and then re-apply Netplan to enable our desired configuration. Co-authored-by: Shane Frasier <[email protected]>
mcdonnnj
added
improvement
This issue or pull request will add or improve functionality, maintainability, or ease of use
terraform
Pull requests that update Terraform code
ansible
Pull requests that update Ansible code
packer
Pull requests that update Packer code
labels
Feb 15, 2024
mcdonnnj
requested review from
dav3r,
felddy,
jasonodoom and
jsf9k
as code owners
February 15, 2024 16:59
9 tasks
dav3r
approved these changes
Feb 15, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fantastic- thanks for getting this done! 💪 💼
jsf9k
approved these changes
Feb 15, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for taking care of this.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
ansible
Pull requests that update Ansible code
improvement
This issue or pull request will add or improve functionality, maintainability, or ease of use
packer
Pull requests that update Packer code
terraform
Pull requests that update Terraform code
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🗣 Description
This pull request is focused on basing the
bastion
,docker
,nessus
, andnmap
AMIs on Debian Bookworm (latest release) instead of Debian Bullseye. This includes updating the AMI configurations, adjusting metadata for Ansible roles defined in this project, and adjusting thecloud-init
configurations.This mirrors the work in cisagov/skeleton-packer#242.
💭 Motivation and context
It is good to stay up-to-date and all of the instances being updated have public IPs so it is extra important to update them accordingly.
🧪 Testing
Automated tests pass. I deployed this configuration in my test environment and verified that I was able to reach the new instances over SSH and that the cyhy-commander functioned as expected with the new scanner instances.
✅ Pre-approval checklist
to reflect the changes in this PR.