feat: Add SSM agent configuration (fixes #1)

191f1415 · Jean-François HOVINNE · 2a81c1c7 · 191f1415 · 191f1415 · 191f1415
Commit 191f1415 authored 3 years ago by Jean-François HOVINNE
--- a/defaults/main.yml
+++ b/defaults/main.yml
 ---
-aws_restart_ssm_script_path: "/usr/lib/systemd/system-sleep/99-ws-resume-ssm.sh"
+aws_ssm_agent_restart_script_path: "/usr/lib/systemd/system-sleep/99-ws-resume-ssm.sh"
+aws_ssm_agent_mds_command_retry_limit: 5
+aws_ssm_agent_agent_self_update: true
--- a/molecule/default/verify.yml
+++ b/molecule/default/verify.yml
@@ -6,7 +6,7 @@
  tasks:
    - name: Stat SSM agent restart script
      stat:
-        path: "{{ aws_restart_ssm_script_path }}"
+        path: "{{ aws_ssm_agent_restart_script_path }}"
      register: file
    - name: Assert SSM agent restart script
      assert:
@@ -16,3 +16,15 @@
          - "file.stat.mode == '0755'"
          - "file.stat.pw_name == 'root'"
          - "file.stat.gr_name == 'root'"
+    - name: Stat SSM agent configuration
+      stat:
+        path: /etc/amazon/ssm/amazon-ssm-agent.json
+      register: file
+    - name: Assert SSM agent configuration
+      assert:
+        that:
+          - "file.stat.exists"
+          - "file.stat.isreg"
+          - "file.stat.mode == '0644'"
+          - "file.stat.pw_name == 'root'"
+          - "file.stat.gr_name == 'root'"
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -2,8 +2,26 @@
 - name: Copy SSM agent restart script
  copy:
    src: 99-ws-resume-ssm.sh
-    dest: "{{ aws_restart_ssm_script_path }}"
+    dest: "{{ aws_ssm_agent_restart_script_path }}"
    owner: root
    group: root
    mode: u=rwx,g=rx,o=rx
  become: true
+
+- name: Ensure SSM agent configuration directory exists
+  file:
+    path: /etc/amazon/ssm
+    state: directory
+    owner: root
+    group: root
+    mode: u=rwx,g=rx,o=rx
+  become: true
+
+- name: Create SSM agent configuration
+  template:
+    src: amazon-ssm-agent.json.j2
+    dest: /etc/amazon/ssm/amazon-ssm-agent.json
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+  become: true
--- a/templates/amazon-ssm-agent.json.j2
+++ b/templates/amazon-ssm-agent.json.j2
+{
+    "Profile":{
+        "ShareCreds" : true,
+        "ShareProfile" : "",
+        "ForceUpdateCreds" : false,
+        "KeyAutoRotateDays": 0
+    },
+    "Mds": {
+        "CommandWorkersLimit" : 5,
+        "StopTimeoutMillis" : 20000,
+        "Endpoint": "",
+        "CommandRetryLimit": {{ aws_ssm_agent_mds_command_retry_limit }}
+    },
+    "Ssm": {
+        "Endpoint": "",
+        "HealthFrequencyMinutes": 5,
+        "CustomInventoryDefaultLocation" : "",
+        "AssociationLogsRetentionDurationHours" : 24,
+        "RunCommandLogsRetentionDurationHours" : 336,
+        "SessionLogsRetentionDurationHours" : 336,
+        "PluginLocalOutputCleanup": "",
+        "OrchestrationDirectoryCleanup": ""
+    },
+    "Mgs": {
+        "Region": "",
+        "Endpoint": "",
+        "StopTimeoutMillis" : 20000,
+        "SessionWorkersLimit" : 1000
+    },
+    "Agent": {
+        "Region": "",
+        "OrchestrationRootDir": "",
+        "SelfUpdate": {{ aws_ssm_agent_agent_self_update }},
+        "TelemetryMetricsToCloudWatch": false,
+        "TelemetryMetricsToSSM": true,
+        "AuditExpirationDay" : 7,
+        "LongRunningWorkerMonitorIntervalSeconds": 60
+    },
+    "Os": {
+        "Lang": "en-US",
+        "Name": "",
+        "Version": "1"
+    },
+    "S3": {
+        "Endpoint": "",
+        "Region": "",
+        "LogBucket":"",
+        "LogKey":""
+    },
+    "Kms": {
+        "Endpoint": ""
+    }
+}