diff --git a/modules/base.ps1 b/modules/base.ps1 index abb93a5..dc14b37 100644 --- a/modules/base.ps1 +++ b/modules/base.ps1 @@ -5,32 +5,3 @@ Stop-Service -Name "wuauserv" # Fix Win Server 2019 Visual Style (hard to see window boarders) Set-ItemProperty -Path 'HKCU:\\Software\\Microsoft\\Windows\\DWM' -Name ColorPrevalence -Value 1 - -# Create a desktop shortcut for remounting S3 -$batchPath = "C:\mount_s3.bat" -New-Item $batchPath -Set-Content $batchPath @" -powershell.exe C:\fixs3.ps1 -powershell.exe C:\workdir\start-rclone.ps1 -"@ - -$fixerPath = "C:\fixs3.ps1" -New-Item $fixerPath -Set-Content $fixerPath @" -taskkill /IM rclone.exe /F - -Get-ChildItem -Path D:\ -Depth 0 -Directory -ErrorAction SilentlyContinue | ForEach-Object { - `$d = `$_ - try { - `$files = `$d.GetFiles() - } catch { - `$name = `$d.Name - Remove-Item -Path "D:\`${name}" -Force - } -} -"@ - -$WshShell = New-Object -comObject WScript.Shell -$Shortcut = $WshShell.CreateShortcut("C:\Users\Administrator\Desktop\Remount D Drive.lnk") -$Shortcut.TargetPath = $batchPath -$Shortcut.Save() diff --git a/modules/conda-setup.sh b/modules/conda-setup.sh index e408983..19023de 100644 --- a/modules/conda-setup.sh +++ b/modules/conda-setup.sh @@ -29,9 +29,11 @@ for env in "${SETUPDIR}"/conda-environment*.yml ; do ~/conda/bin/mamba env update --file "$env" done +if [ -n "${CONDA_SERVER:-}" ]; then echo "Setting default conda channel" cat > "$HOME/.condarc" < insight-install-job.sh < /dev/null; do diff --git a/modules/rstudio.ps1 b/modules/rstudio.ps1 index 48bf906..f7b5d56 100644 --- a/modules/rstudio.ps1 +++ b/modules/rstudio.ps1 @@ -12,13 +12,14 @@ Start-Process C:\Tools\RStudio-installer.exe -ArgumentList "/S" -NoNewWindow -Wa Invoke-WebRequest -Uri "https://github.com/r-windows/rtools-installer/releases/download/2022-02-06/rtools40-x86_64.exe" -OutFile C:\Tools\RTools.exe Start-Process C:\Tools\RTools.exe -ArgumentList "/VERYSILENT" -NoNewWindow -Wait -PassThru +if ("$Env:CRAN_SERVER") { $RConfig = @" # Set the default help type options(help_type="html") # HIC TRE R Repository local({r <- getOption("repos") - r["CRAN"] <- "http://cran.hic-tre.dundee.ac.uk/" + r["CRAN"] <- "$Env:CRAN_SERVER" options(repos=r) }) @@ -27,3 +28,4 @@ Sys.setenv(TZ='Europe/London') "@ Set-Content "C:\Program Files\R\R-4.1.3\etc\Rprofile.site" $RConfig Set-Content "C:\Users\Administrator\Documents\.Renviron" "RSTUDIO_DISABLE_SECURE_DOWNLOAD_WARNING=1" +} diff --git a/modules/rstudio.sh b/modules/rstudio.sh index c52a1d5..c5ac046 100644 --- a/modules/rstudio.sh +++ b/modules/rstudio.sh @@ -37,13 +37,14 @@ else exit 1 fi +if [ -n "${CRAN_SERVER:-}" ]; then cat > "$HOME/.Rprofile" <> "$HOME/.Renviron" +fi sudo add-apt-repository -y ppa:c2d4u.team/c2d4u4.0+ sudo apt update diff --git a/modules/sophos.ps1 b/modules/sophos.ps1 index eea001e..25b52d3 100644 --- a/modules/sophos.ps1 +++ b/modules/sophos.ps1 @@ -1,9 +1,18 @@ # Sophos # We have to sleep for a while because the network takes some time to start up (with the correct nameserver etc). Invoke-WebRequest -Uri ${Env:SOPHOS_SETUP_EXE} -OutFile C:\SophosSetup.exe + +if ("$Env:SOPHOS_MESSAGE_RELAY") { + $SOPHOS_SETUP_ARGS="--messagerelays=${Env:SOPHOS_MESSAGE_RELAY} --proxyaddress=${Env:SOPHOS_MESSAGE_RELAY}" + $GROUP_PREFIX="HIC - AWS - Cloud TRE" +} else { + $SOPHOS_SETUP_ARGS="" + $GROUP_PREFIX="HIC - AWS - Other" +} + Write-Output "` Start-Sleep -Seconds 600 ` -C:\SophosSetup.exe --quiet --messagerelays=${Env:SOPHOS_MESSAGE_RELAY} --proxyaddress=${Env:SOPHOS_MESSAGE_RELAY} --devicegroup='HIC - AWS - Cloud TRE\\${SOPHOS_GROUP}'" | ` +C:\SophosSetup.exe --quiet $SOPHOS_SETUP_ARGS --devicegroup='$GROUP_PREFIX\\${SOPHOS_GROUP}'" | ` Out-File -FilePath C:\SophosSetup.ps1 Register-ScheduledJob -Name SophosSetup -FilePath C:\SophosSetup.ps1 ` diff --git a/modules/sophos.sh b/modules/sophos.sh index d0a5fd5..f139b41 100644 --- a/modules/sophos.sh +++ b/modules/sophos.sh @@ -12,6 +12,14 @@ while [ ! -s SophosSetup.sh ] ; do chmod +x SophosSetup.sh done +if [ -z "${SOPHOS_MESSAGE_RELAY:-}" ]; then + SOPHOS_SERVER=https://central.sophos.com + GROUP_PREFIX="HIC - AWS - Other" +else + SOPHOS_SERVER=http://${SOPHOS_MESSAGE_RELAY} + GROUP_PREFIX="HIC - AWS - Cloud TRE" +fi + # if https://central.sophos.com is accessible assume full outbound access cat > sophos-install-job.sh < /dev/null ; do + while ! curl -s "${SOPHOS_SERVER}" > /dev/null ; do date - echo "${SOPHOS_MESSAGE_RELAY} not available yet, sleeping..." + echo "${SOPHOS_SERVER} not available yet, sleeping..." sleep 60 done echo "Sophos is reachable!" date - /opt/ami-setup/SophosSetup.sh --group="HIC - AWS - Cloud TRE\\\\${SOPHOS_GROUP}" + /opt/ami-setup/SophosSetup.sh --group="${GROUP_PREFIX}\\\\${SOPHOS_GROUP}" date echo "Sophos install complete" diff --git a/nontre-scripts/swb-non-amazonlinux.sh b/nontre-scripts/swb-non-amazonlinux.sh new file mode 100755 index 0000000..9164aad --- /dev/null +++ b/nontre-scripts/swb-non-amazonlinux.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +# Service workbench environment files only support Amazon Linux in userdata +# https://github.com/awslabs/service-workbench-on-aws/blob/v4.3.1/addons/addon-base-raas/packages/base-raas-cfn-templates/src/templates/service-catalog/ec2-linux-instance.cfn.yml +# https://github.com/awslabs/service-workbench-on-aws/blob/v4.3.1/main/solution/post-deployment/config/environment-files/get_bootstrap.sh +# https://github.com/awslabs/service-workbench-on-aws/blob/v4.3.1/main/solution/post-deployment/config/environment-files/bootstrap.sh +# https://github.com/awslabs/service-workbench-on-aws/tree/v4.3.1/main/solution/post-deployment/config/environment-files + +# To work around this install required packages here, and bundle a modified +# bootstrap script that can be called from userdata + +set -eu + +SETUPDIR=$(realpath "$(dirname "${BASH_SOURCE[0]}")") +cd "$SETUPDIR" + +sudo apt-get update -y -q + +sudo apt-get install -y -q \ + fuse3 \ + jq \ + python3-pip + +sudo wget -qO /usr/local/bin/goofys https://github.com/kahing/goofys/releases/download/v0.24.0/goofys +sudo chmod a+x /usr/local/bin/goofys + +# https://github.com/awslabs/aws-cloudformation-templates/blob/f14e6284488e0a3ac1f9238e3a15bbe0dd4216bd/aws/solutions/OperatingSystems/Ubuntu22.04_cfn-hup.yaml#L310C16-L316 +sudo mkdir -p /opt/aws/bin/ +sudo pip3 install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz +sudo ln -s /usr/local/init/ubuntu/cfn-hup /etc/init.d/cfn-hup +sudo ln -s /usr/local/bin/cfn-* /opt/aws/bin/ + +sudo useradd -m -s /bin/bash ec2-user + +sudo sed -i s/ubuntu/ec2-user/g /etc/systemd/system/vncserver@.service +sudo cp -a /home/ubuntu/Desktop /home/ec2-user/ +sudo chown -R ec2-user:ec2-user /home/ec2-user/Desktop + +# Allow ec2-user to sudo without a password, same as default ubuntu user +echo 'ec2-user ALL=(ALL) NOPASSWD:ALL' | sudo tee -a /etc/sudoers.d/99-ec2-user diff --git a/templates/default.j2 b/templates/default.j2 index 9f1ad21..dec5b80 100644 --- a/templates/default.j2 +++ b/templates/default.j2 @@ -6,8 +6,10 @@ {% set env = env|default([],true) %} {% set private_env = private_env|default([],true) %} +{% set private_tre_env = private_tre_env|default([],true) %} {% set modules = modules|default([],true) %} +{% set tre_modules = tre_modules|default([],true) %} {% set security_modules = security_modules|default([],true) %} {% set s3_resources = s3_resources|default("",true) %} diff --git a/templates/ubuntu.pkr.hcl b/templates/ubuntu.pkr.hcl index 76a8ee6..f30205f 100644 --- a/templates/ubuntu.pkr.hcl +++ b/templates/ubuntu.pkr.hcl @@ -88,10 +88,13 @@ build { "{{ e }}",{% endfor %} {% for e in private_env %} "{{ e }}",{% endfor %} + {% for e in private_tre_env %} + "{{ e }}",{% endfor %} ] scripts = [ "{{ module_basedir }}/cloudinit.sh", "{{ module_basedir }}/base.sh",{% for module in modules %} + "{{ module_basedir }}/{{ module }}.sh",{% endfor %}{% for module in tre_modules %} "{{ module_basedir }}/{{ module }}.sh",{% endfor %}{% for module in security_modules %} "{{ module_basedir }}/{{ module }}.sh",{% endfor %}{% for script in scripts %} "{{ script }}",{% endfor %} diff --git a/templates/windows.pkr.hcl b/templates/windows.pkr.hcl index fb8260b..b870ad9 100644 --- a/templates/windows.pkr.hcl +++ b/templates/windows.pkr.hcl @@ -84,10 +84,13 @@ build { "{{ e }}",{% endfor %} {% for e in private_env %} "{{ e }}",{% endfor %} + {% for e in private_tre_env %} + "{{ e }}",{% endfor %} ] scripts = [ "{{ module_basedir }}/base.ps1", "{{ module_basedir }}/awscli.ps1",{% for module in modules %} + "{{ module_basedir }}/{{ module }}.ps1",{% endfor %}{% for module in tre_modules %} "{{ module_basedir }}/{{ module }}.ps1",{% endfor %}{% for module in security_modules %} "{{ module_basedir }}/{{ module }}.ps1",{% endfor %}{% for script in scripts %} "{{ script }}",{% endfor %}