Merge branch 'master' into fix/secondary-subnet

Docker/awshelper/Dockerfile

@@ -1,7 +1,7 @@
 # Build from root of cloud-automation/ repo:
 #   docker build -f Docker/awshelper/Dockerfile 
 #
-FROM quay.io/cdis/ubuntu:18.04
+FROM quay.io/cdis/ubuntu:22.04
 
 ENV DEBIAN_FRONTEND=noninteractive
 
@@ -26,7 +26,6 @@ RUN apt-get update && apt-get upgrade -y \
       net-tools \
       openssh-client \
       openssh-server \
-      postgresql-client \
       python3 \
       python3-dev \
       python3-pip \
@@ -52,7 +51,7 @@ RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2
     && /bin/rm -rf awscliv2.zip ./aws
 
 # From  https://hub.docker.com/r/google/cloud-sdk/~/dockerfile/
-RUN export CLOUD_SDK_REPO="cloud-sdk-$(lsb_release -c -s)" && \
+RUN export CLOUD_SDK_REPO="cloud-sdk" && \
     echo "deb https://packages.cloud.google.com/apt $CLOUD_SDK_REPO main" > /etc/apt/sources.list.d/google-cloud-sdk.list && \
     curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - && \
     curl -sL https://deb.nodesource.com/setup_14.x | bash - && \
@@ -70,6 +69,19 @@ RUN export CLOUD_SDK_REPO="cloud-sdk-$(lsb_release -c -s)" && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/* /var/log/*
 
+# Install postgres 13 client
+RUN curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc| gpg --dearmor -o /etc/apt/trusted.gpg.d/postgresql.gpg && \
+    echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" | tee  /etc/apt/sources.list.d/pgdg.list && \
+    apt-get update && \
+    apt-get install -y postgresql-client-13
+
+# install terraform
+RUN curl -o /tmp/terraform.zip https://releases.hashicorp.com/terraform/0.11.15/terraform_0.11.15_linux_amd64.zip \
+   && unzip /tmp/terraform.zip -d /usr/local/bin && /bin/rm /tmp/terraform.zip
+
+RUN curl -o /tmp/terraform.zip https://releases.hashicorp.com/terraform/0.12.31/terraform_0.12.31_linux_amd64.zip \
+   && unzip /tmp/terraform.zip -d /tmp && mv /tmp/terraform /usr/local/bin/terraform12 && /bin/rm /tmp/terraform.zip
+
 RUN useradd -m -s /bin/bash ubuntu && \
     ( echo "ubuntu:gen3" | chpasswd )
 
@@ -108,7 +120,7 @@ RUN cd ./cloud-automation \
     && npm ci \
     && cat ./Docker/awshelper/bashrc_suffix.sh >> ~/.bashrc
 
-RUN curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | python3 -
+RUN export DEB_PYTHON_INSTALL_LAYOUT=deb && export POETRY_VERSION=1.1.15 && curl -sSL https://install.python-poetry.org | python3 -
 
 RUN git config --global user.email gen3 \
     && git config --global user.name gen3

ansible/hosts.yaml

@@ -279,4 +279,4 @@ all:
           ansible_user: ubuntu
         emalinowskiv1:
           ansible_host: cdistest.csoc
-          ansible_user: emalinowskiv1
+          ansible_user: emalinowskiv1

ansible/oldPeKeys/testremove

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAC7GaYGfV3VaHX+RlzSvSHc6f+Nmu6Ikoe+fgc5m8avrWIJEDfYd+z1bGCcPiVpEiSrzHYjuvxAkHMxPlteiGxWqWnUBhf9vCNKCxj1m7BW1+wQ333iaio8JzA20M363EbSxGPe0LJplN6/aReLC5OUj4if/dnOE0Usrc4n5WTaSR8Ip6jwitDoFNLH5tZZCYMWi08flvKO7y8zvXJ7D3MrWUGroKsBRrkrFp3dDkPKCtrU6tGaRO5GkWbw408oWsFIt6fr7WBzx1HvB2u4z4Y+wZxRIl45wU8xPZR+u8e/VsL/KzKQLAnqcBqToRN83ugxyJfnbuFazjKZKEk9iSJfshpz00qFnXomBXpv5fLxTByo8EMnhNM23jyE3Fw3co8B3MJK/CF71ztosQGPxZrYZYLPY5fYXAmjeLPVahr/jKwyYJukV3LzHF2pmMrfymefmaX7s0NdY/4Md99DIRXcehQaLCa6KHA8KqzbB6KjCvWGykUHwJoCIrK/hqIJ62heBneIP3wXBHche3EA32P1QnnI3QEptOvPDe7gFqRYrfant1NRNrOxU9TtIlujgME80Bx9EVvhjf3Yim0zNyk4I4yTar7CqWxyIP/REsze24q0yyW3e2llPKrX8gqWwnl/ANYPeUgz8Y9CHAQkZm+SWotyqVeLNTUSmW90RUXwJ ubuntu@csoc_admin

ansible/peKeys/aaugustine

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC+iK0ZvY25lgwh4nNUTkD0bq2NES3cPEK+f52HEC2GSVI845ZOqX32kfNpDFT9zvspadOA6KwAgKsRphP/iV8k8WLjAYSYQ3sAE/enuW1+Cr0hhmtahA+uxOavUwsvJ93vIOlIlkD26gIUZTZeYUhi6Aa2FjWFTJ0CtxtUYEdBh+sqW3VoyVvOOA+2DnNYt7/pTrh0DwNxHX7+9TfkmRaVLD4xcdwNLx5N3Yyjgci+oGmw8HATYfSBTaGEXSKJflrN6TDqN87D2pJpMkEvYeZIktoU0kX4HwodrNfwhlruJ2PsePzZ28xlaaZz2fI/LGiqnwf1fRY10R5C/9RpcAcpcYaz305uBCUCI7GGbL9u7WC0W0NZsyaaybaKXyt97p/05os2oe/N5un0whv+NL8z5SLZnaelvttrmVKApvsCD/IqZv5b2PlDilY3L638eKmVOcHaLX/N67MeL9FKnipv2QPzaUKhMoEAtSPqdOWnlndt9dmMBlqT0BKmB85mm0k= [email protected]

ansible/peKeys/ahilt

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDXzpRFVdZMdW8G4hP1or6O26zHvAj+OLxP0G8kGzCiIdmCwuycurU1MhxatPLfEmWuc31FGdhD5xDb2taHEwdTcMTHaqGa/K03NDFm2Ary7FeVEuBuur1jSWHIq+o4wp9vtsAfBLmV89yxZU40BHauac5uhXcHXfQ7OeZBVZhkCdUcN2l21H44b6V3RAqqxaf4dOiapTd8YbMHMJmyeu5rMFbbW9zS8lXule4pNTREXfh3Zt9MYPZnZ2aV/hQV28KRRjWJnMXuPQxSqEKVDsVbKT9Hu0Re9I8cQLEakNQV5G5c0YDuQjzXL8rEiYKm2AEHlpri/IkOiKu0gKeyZDVTJjW1/n0fCYlcjOJ9AB5wlM6CtsdwBC4spN85E2oJrfvmKIMnRdqSQnLe+w/DyyaZJsMgvXjItB5tysOZI2BkM2Z2cQ3XFK91gwxEUVQHlbvWBI7Nl2VEykQ5O8HdcPnKPcspnOByJMFfdvbh6HXlrstPOuNm2dyw+CUIMlQpa0nEEs/fyB+PoeRYMPs6VNA1syOpH70EXslyfDiN+5eH3asUohvbe4fOjF1jyviQEYXZ2mSbL+D/5sw4x9uWpg/oa+DzWX7ACBUt+ZEwF7xMWIO2O48HWokUrshNB1ksfK+tBXf6mL9SDlxzPYfcR2INRQgllidhPZIqVHoD57HUSw== [email protected]

ansible/peKeys/ecastle

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCkf6aIs6bmOAZS+Q7yFaRzPnZPa3eExrDDKqGuikGoNDMP1VcPoyb0cYTZTG5X6YzFt5Blv95WWuw6WEBdUxIax/Z9V4H83A+KRvuwiRI9zU3FaKEeYb18hcHSclAWyjl+N7b9V2KzxVBJCkmdC3XBLp/geDRIbGusg40lySYzYhs73hTYs0CQWHcLIj1jX00hbIdbKyc/fq8ODIEOo/XojvjBQyPlT/BJ5fK08LO7kIBoeQ62iT8yG+J/2vch+WsMBeOt+agYKRSn9pv10+5SdP/emX4r5PkyTS8H3ysuequMUMv5w0rXAL53uTYpJELisNTl8pv2Y4VQKCh2Aj5989NFjcqBcv7KKTfvI3WVG5SNsOtu1tAmC05Xf3fdsb3BRVu7I0pCna26NOKRSh8eLy/uUfA4fUKOQyXr5yG3a+Vse57WZiPizOamhkjYTdvyBB8ad7vZST1ir1viSZl6ps+f3bhfx//DPKYpYyZIc6uDdGQMwFoMEhpTdKYopqGmny5LoR9J9LLeGDJd3M0bj/yyd+2/6cU+1KwjLO7fgyjSCjVUKEdG0HufwS/NZc1q3QT6OrXAd8lw5A4BoHDt+Mp8uRVz5508h7XIOC718nLuiJqwqh3dS6hkybGoBCIvh1BDWsEWOUi0Ygt+Ast3Qw4/eMqvmTCN32OIVtOBpQ== elisecastle@Elises-MBP

ansible/playbooks/peAddKeys.yaml

@@ -0,0 +1,18 @@
+#
+# Playbook to handle keys in a particular host
+#
+# @variables:
+#   _hosts => hosts in which you want the playbook to be applied
+#             it must exists in hosts.yaml
+
+#This playbook will loop around each public key file in the keys/ directory and will add them to the specified vms
+
+
+---
+- hosts: "{{ _hosts }}"
+  tasks:
+  - authorized_key:
+      user: "{{ ansible_user_id }}"
+      state: present
+      key: "{{ lookup('file', item) }}"
+    with_fileglob: '../peKeys/*'

ansible/playbooks/peRemoveKeys.yaml

@@ -0,0 +1,18 @@
+#
+# Playbook to handle keys in a particular host
+#
+# @variables:
+#   _hosts => hosts in which you want the playbook to be applied
+#             it must exists in hosts.yaml
+
+#This playbook will loop around each public key file in the removed_keys/ directory and remove them from the specified vms
+
+
+---
+- hosts: "{{ _hosts }}"
+  tasks:
+  - authorized_key:
+      user: "{{ ansible_user_id }}"
+      state: absent
+      key: "{{ lookup('file', item) }}"
+    with_fileglob: '../oldPeKeys/*'

ansible/updated-hosts.yaml

@@ -0,0 +1,282 @@
+---
+all:
+  children:
+    adminvms:
+      hosts:
+        account_admin:
+          ansible_host: account.csoc
+        anvil_admin:
+          ansible_host: anvil.csoc
+        vadc_admin:
+          ansible_host: vadc.csoc
+        dcfqa_admin:
+          ansible_host: dcfqa.csoc
+        dcfprod_admin:
+          ansible_host: dcfprod.csoc
+        genomel_admin:
+          ansible_host: genomel.csoc
+        ibdgc_admin:
+          ansible_host: ibdgc.csoc
+        occ_admin:
+          ansible_host: occ.csoc
+        occ-edc_admin:
+          ansible_host: occ-edc.csoc
+        niaiddh_admin:
+          ansible_host: niaiddh.csoc
+        gtex_admin:
+          ansible_host: gtex.csoc
+        kf_admin:
+          ansible_host: kf.csoc
+        gmkfqa_admin:
+          ansible_host: gmkfqa.csoc
+        ncicrdc_admin:
+          ansible_host: ncicrdc.csoc
+        cdistest_admin:
+          ansible_host: cdistest.csoc
+        jcoin_admin:
+          ansible_host: jcoin.csoc
+        oadc_admin:
+          ansible_host: oadc.csoc
+        vhdc_admin:
+          ansible_host: vhdc.csoc
+        covid19_admin:
+          ansible_host: covid19.csoc
+        midrc_admin: 
+          ansible_host: midrc.csoc
+        heal_admin: 
+          ansible_host: heal.csoc
+        brh_admin: 
+          ansible_host: brh.csoc
+      vars:
+        ansible_user: ubuntu
+        ansible_python_interpreter: /usr/bin/python3
+
+    other_admins:
+      hosts:
+        canine_admin:
+          ansible_host: canine.csoc
+        # unreachable
+        # ncigdc_admin:
+        #   ansible_host: 10.128.2.112
+        dcfbuckets_admin:
+          ansible_host: 10.128.2.181
+        # unreachable
+        # pdcgen3_admin:
+        #   ansible_host: 10.128.2.241
+      vars:
+        ansible_user: ubuntu
+
+    commons:
+      hosts:
+        accountprod_commons:
+          ansible_user: accountprod
+          ansible_host: account.csoc
+        anvilprod_commons:
+          ansible_user: anvilprod
+          ansible_host: anvil.csoc
+        vadcprod_commons:
+          ansible_user: vadcprod
+          ansible_host: vadc.csoc
+        dcfprod_commons:
+          ansible_user: dcfprod
+          ansible_host: dcfprod.csoc
+        qa-biologin_commons:
+          ansible_user: qa-biologin
+          ansible_host: genomel.csoc
+        genomelprod_commons:
+          ansible_user: genomelprod
+          ansible_host: genomel.csoc
+        ibdgc_commons:
+          ansible_user: ibdgc
+          ansible_host: ibdgc.csoc
+        bloodv2_commons:
+          ansible_user: bloodv2
+          ansible_host: occ.csoc
+        edcprodv2_commons:
+          ansible_user: edcprodv2
+          ansible_host: occ-edc.csoc
+        niaidprod_commons:
+          ansible_user: niaidprod
+          ansible_host: niaiddh.csoc
+        dataguis_commons:
+          ansible_user: dataguids
+          ansible_host: gtex.csoc
+        prodv1_commons:
+          ansible_user: prodv1
+          ansible_host: kf.csoc
+        loginbionimbus_commons:
+          ansible_user: loginbionimbus
+          ansible_host: genomel.csoc
+        canineprod_commons:
+          ansible_user: canineprod
+          ansible_host: canine.csoc
+        icgc_commons:
+          ansible_user: icgc
+          ansible_host: genomel.csoc
+        niaiddata_commons:
+          ansible_user: niaiddata
+          ansible_host: niaiddh.csoc
+        jcoinprod_commons:
+          ansible_user: jcoinprod
+          ansible_host: jcoin.csoc
+        fitbirprod_commons:
+          ansible_user: fitbirprod
+          ansible_host: oadc.csoc
+        oadc_commons:
+          ansible_user: oadc
+          ansible_host: oadc.csoc
+        neuro_commons:
+          ansible_user: neuro
+          ansible_host: oadc.csoc
+        vhdcprod_commons:
+          ansible_user: vhdcprod
+          ansible_host: vhdc.csoc
+        covid19prod_commons:
+          ansible_user: covid19prod
+          ansible_host: covid19.csoc
+        bdcatprod_commons:
+          ansible_user: bdcatprod
+          ansible_host: gtex.csoc
+        midrc_commons:
+          ansible_user: midrcprod
+          ansible_host: midrc.csoc
+        heal_commons:
+          ansible_user: healprod
+          ansible_host: heal.csoc
+        brh_commons:
+          ansible_user: brhprod
+          ansible_host: brh.csoc
+      vars:
+        ansible_python_interpreter: /usr/bin/python3
+
+    staging:
+      hosts:
+        stagingdatastage_commons:
+          ansible_user: stagingdatastage
+          ansible_host: gtex.csoc
+        dcfstaging_commons:
+          ansible_user: staging
+          ansible_host: dcfprod.csoc
+        anvilstaging_commons:
+          ansible_user: anvilstaging
+          ansible_host: anvil.csoc
+        midrcstaging_commons:
+          ansible_user: staging-validate
+          ansible_host: midrc.csoc
+        brhstaging_commons:
+          ansible_user: brhstaging
+          ansible_host: brh.csoc
+      vars:
+        ansible_python_interpreter: /usr/bin/python3
+    namespaces:
+      hosts:
+        charlie_commons:
+          ansible_user: charlie
+          ansible_host: niaiddh.csoc
+        tb_commons:
+          ansible_user: tb
+          ansible_host: niaiddh.csoc
+        microbiome_commons:
+          ansible_user: microbiome
+          ansible_host: niaiddh.csoc
+        flu_commons:
+          ansible_user: flu
+          ansible_host: niaiddh.csoc
+        clinicaltrial_commons:
+          ansible_user: clinicaltrial
+          ansible_host: niaiddh.csoc
+        preprod_commons:
+          ansible_user: bdcat-internalstaging
+          ansible_host: gtex.csoc
+        va-testing_commons:
+          ansible_user: va-testing
+          ansible_host: vhdc.csoc
+        validate_commons:
+          ansible_user: validate
+          ansible_host: midrc.csoc
+        healpreprod_commons:
+          ansible_user: healpreprod
+          ansible_host: heal.csoc
+        healworkspaces_commons:
+          ansible_user: healworkspaces
+          ansible_host: heal.csoc
+      vars:
+        ansible_python_interpreter: /usr/bin/python3
+
+    dev:
+      hosts:
+        cdistest_dev:
+          ansible_user: devplanetv1
+          ansible_host: cdistest.csoc
+        cdistest_qav1:
+          ansible_user: qaplanetv1
+          ansible_host: cdistest.csoc
+        cdistest_qav2:
+          ansible_user: qaplanetv2
+          ansible_host: cdistest.csoc
+        cdistest_emalinowskiv1:
+          ansible_user: emalinowskiv1
+          ansible_host: cdistest.csoc
+      vars:
+        ansible_python_interpreter: /usr/bin/python3
+
+    qa:
+      hosts:
+        qa_biologin:
+          ansible_user: qa-biologin
+          ansible_host: genomel.csoc
+        kfqa_qa:
+          ansible_user: kfqa
+          ansible_host: gmkfqa.csoc
+        gmkfqa_qa:
+          ansible_user: skfqa
+          ansible_host: gmkfqa.csoc
+        kfqa2_qa:
+          ansible_user: kfqa2
+          ansible_host: gmkfqa.csoc
+      vars:
+        ansible_python_interpreter: /usr/bin/python3
+
+    demo:
+      hosts:
+        ncicrdc_demo:
+          ansible_user: ncicrdcdemo
+          ansible_host: ncicrdc.csoc
+        brh_demo:
+          ansible_user: brhdemo
+          ansible_host: brh.csoc
+
+    vpn:
+      hosts:
+        vpn_prod:
+          ansible_host: csoc-prod-vpn.planx-pla.net
+          ansible_user: ubuntu
+        vpn_dev:
+          ansible_host: csoc-dev-vpn.planx-pla.net
+          ansible_user: ubuntu
+    revproxy:
+      hosts:
+        es_a:
+          ansible_host: 10.128.7.8
+        es_b:
+          ansible_host: 10.128.7.23
+      vars:
+        ansible_user: ubuntu
+
+    cdistest:
+      hosts:
+        cdistest_fauzi:
+          ansible_host: cdistest.csoc 
+          ansible_user: fauziv1
+
+    csoc_squids:
+      hosts:
+        csocsquidnlbcentral1:
+          ansible_host: 10.128.4.101
+        #unreachable
+        # csocsquidnlbcentral2:
+        #   ansible_host: 10.128.4.30
+        csocsquidnlbcentral3:
+          ansible_host: 10.128.4.169
+      vars:
+        ansible_user: ubuntu