Add ec2 user data scripts #247
Conversation
add 2 script, one for windows EC2 user data and one for Linux EC2 user data
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned FilesNone |
There was a problem hiding this comment.
Thanks for your submission, however, there are a few things that need to be fixed before it can be approved:
- It needs to get a successful pass from GitHub's 'Super Linter'. Both the PowerShell and the bash scripts have things it didn't like.
a) For the bash version, looks like you just need to put double quotes around the "initial setting" that has spaces in it.
b) The PowerShell lint found lots of things it didn't like. I don't think you have to fix the informational ones, but it would be nice. The one 'Error' one will probably require you to simply adding an exception for that one error for that one function. - I saw the following issue with the README file:
a) You should probably mention it will create a LUN as well as a volume.
b) The correct abbreviation of FSx for ONTAP is "FSxN" (not FSXn).
c) There are places where it is not formatted correctly. Please review the README file from the GitHub page. You should be able to spot the issues. - I saw the following issues with the Linux script:
a) "The FSXN_PASSWORD" variable is assigned at top. That should be deleted since you are using secrets.
b) The ONTAP_USER variable assignment should be moved to the "user data" block so users will know they can easily change the ONTAP username that the script will use.
c) The fsxnSshCommand() function is never used so it should be deleted.
d) The "checkCommnd on line 83 will report the status of thegrepcommand, not whether thesedcommand was successful.
e) You should use 'systemctl' instead of 'service'. For example. to start the iscsi service you should runsystemctl start iscsid. You should probably enabling it first. Enabling it means it will start every time the system boots.systemctl enable iscsid. Also to check that a service is running, the following is better than grep'ing the output:systemctl is-active --quiet service. The exit code will be 0 for running, non-zero for anything else. So, you could use your CheckCommand after calling that.
f) Note that the 'user-data' script is run as 'root' so you really don't need to put 'sudo' in front of any commands.
g) You should maybe consider using 'curl' with ONTAP APIs instead of 'ssh'. Mostly because then you could more programmatically look at the output and provide useful error messages. - I saw the following issues with the PowerShell script:
a) I don't know if that is your AWS account ID in the example script ARN, but if it is, you should replace it with an obvious mock number.
b) You should move the$uservariable assignment to the top with the other variable assignments.
c) I'm sure it is just me, since I don't mess with PowerShell much, but I'm not seeing where the ONTAP PowerShell tool kit is being installed
Fix lint errors and fix comments
Fix comments, fix lint error
| @@ -24,13 +24,15 @@ function unInstall { | |||
| } | |||
|
|
|||
| # default values | |||
| # All FSxN instances are created with the user 'fsxadmin' which can't be changed | |||
There was a problem hiding this comment.
All FSxN instance are created with a default admin user with the name of 'fsxadmin' but there is nothing to stop you, and many customers do this, from creating new users. especially if the user is going to be used in automation. That way they can create a user that only has the permissions it needs to do the tasks that the automation will ask it to do. Please support this capability.
Fixed formatting and other issues.
| LUN_NAME=${VOLUME_NAME}_$(($RANDOM%($max-$min+1)+$min)) | ||
|
|
||
| # defaults | ||
| # All FSxN instances are created with the user 'fsxadmin' which can't be changed |
There was a problem hiding this comment.
All FSxN instance are created with a default 'fsxadmin' user, but there is nothing stopping you from creating additional ones, Please support this capability.
| catch { | ||
| Write-Output "Failed to add igroup initiator, due to: $_" >> $currentLogPath | ||
| Write-Host "Failed to add igroup initiator, due to: $_" -ForegroundColor Red | ||
| unInstall $printUninstallConnect |
There was a problem hiding this comment.
Shouldn't this be passing the $ip $credentials $svm_name parameters? Looks like $printUninstallConnect was set to $true on line 190, but never set to $false before this line, so I'm guessing that could cause issues with the call to Connect-NcController within the unInstall function
Looks like there are many instances of this below.
Created some exceptions to the PowerShell lint program. I couldn't add them to the source itself, because it was a file to be included as a "userdata" for an EC2 instance and therefore it had to have <powershell> as the first line. This caused the PowerShell lint to ignore the in source directives.
|
I created a parameter file for the PowerShell Analyzer that forced it to exclude the 'PSAvoidUsingConvertToSecureStringWithPlainText', 'PSAvoidTrailingWhitespace' and 'PSAvoidUsingWriteHost' rules. There are just a few warnings left. Please try to address them. |
|
You may have noticed I totally redid README file. I felt it was probably easier to do that than try and explain the issues. |
use systemctl instead of service for iscsi operations
|
Fix linter warnings
| ONTAP_USER=fsxadmin | ||
| LOG_FILE=/home/ec2-user/install.log | ||
|
|
||
| VOL_SIZE=$(echo $VOLUME_SIZE | sed 's/.$//') |
There was a problem hiding this comment.
I don't think you should just assume the user put a 'g' at the end. Maybe change to:
VOL_SIZE=$(echo $VOLUME_SIZE | sed 's/g$//')
| # verify read write | ||
| # example: echo "test mount iscsci" > /mnt/myIscsi/testIscsi.txt | ||
| echo "test mount iscsci" > /$directory_path/$mount_point/testIscsi.txt | ||
| cat /$directory_path/$mount_point/testIscsci.txt |
There was a problem hiding this comment.
Should you check that these commands succeeded? Otherwise, why do the test?
Also, you should probably delete the test file after you are done.
|
You should update the /etc/fstab in the Linux script so that the LUN is mounted when the system is rebooted. Also, maybe put a comment in the README file that if they want it to be mounted somewhere else, they should create the desired directory and update the /etc/fstab file and reboot. |
- Set LUN size to 90% of vol size - Make disk persist after boot - Move ONTAP_USER to user data section - Fix check of multi session update - Fix check if service is running
add notes regarding actual volume size and process running time
Fix lint issue Fix mount disk after restart Fix lun size to 90% of vol size
Adding 2 scripts for launching AWS EC2 instances Windows and Linux, the scripts are applied as user data.
The scripts create FSXn volume and mount it to the the instance while installing all the required libraries for that action.