Skip to content

Commit 83f3f2f

Browse files
Add fips canaries (#1988)
* Add fips canaries * Condition Fips canary previous to have a second release
1 parent 800e0ab commit 83f3f2f

8 files changed

+20
-58
lines changed

.github/workflows/component_canaries.yml

+6-6
Original file line numberDiff line numberDiff line change
@@ -32,10 +32,10 @@ jobs:
3232
runs-on: ubuntu-20.04
3333
if: ${{ inputs.PLATFORM == 'macos' }}
3434
steps:
35-
- uses: actions/checkout@v2
35+
- uses: actions/checkout@v4
3636

3737
- name: Configure AWS Credentials
38-
uses: aws-actions/configure-aws-credentials@v1
38+
uses: aws-actions/configure-aws-credentials@v4
3939
with:
4040
role-to-assume: ${{ env.AWS_ASSUME_ROLE }}
4141
aws-region: us-east-2
@@ -68,10 +68,10 @@ jobs:
6868
runs-on: ubuntu-20.04
6969
if: ${{ inputs.PLATFORM == 'linux' }}
7070
steps:
71-
- uses: actions/checkout@v2
71+
- uses: actions/checkout@v4
7272

7373
- name: Configure AWS Credentials
74-
uses: aws-actions/configure-aws-credentials@v1
74+
uses: aws-actions/configure-aws-credentials@v4
7575
with:
7676
role-to-assume: ${{ env.AWS_ASSUME_ROLE }}
7777
aws-region: us-east-2
@@ -130,10 +130,10 @@ jobs:
130130
runs-on: ubuntu-20.04
131131
if: ${{ inputs.PLATFORM == 'windows' }}
132132
steps:
133-
- uses: actions/checkout@v2
133+
- uses: actions/checkout@v4
134134

135135
- name: Configure AWS Credentials
136-
uses: aws-actions/configure-aws-credentials@v1
136+
uses: aws-actions/configure-aws-credentials@v4
137137
with:
138138
role-to-assume: ${{ env.AWS_ASSUME_ROLE }}
139139
aws-region: us-east-2

test/canaries/deploy_canaries.yml

+8-4
Original file line numberDiff line numberDiff line change
@@ -19,27 +19,31 @@
1919
block:
2020

2121
- name: install latest agent on host
22-
include_role:
22+
ansible.builtin.include_role:
2323
name: caos.ansible_roles.infra_agent
2424
vars:
25-
target_version: "{{ current_version }}"
2625
repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent"
26+
fips_enabled: "{{ '-fips' in inventory_hostname }}"
2727

2828
- name: install latest agent in container
29-
include_role:
29+
ansible.builtin.include_role:
3030
name: caos.ansible_roles.infra_agent
3131
vars:
3232
is_containerized: true
3333
target_version: "{{ current_version }}-rc"
3434
display_name: "{{ inventory_hostname }}-current"
35+
fips_enabled: "{{ '-fips' in inventory_hostname }}"
3536

3637
- name: install previous agent in container
37-
include_role:
38+
# Remove the "when" condition after second release https://new-relic.atlassian.net/browse/NR-355851
39+
when: "'-fips' not in inventory_hostname"
40+
ansible.builtin.include_role:
3841
name: caos.ansible_roles.infra_agent
3942
vars:
4043
is_containerized: true
4144
target_version: "{{ previous_version }}"
4245
display_name: "{{ inventory_hostname }}-previous"
46+
fips_enabled: "{{ '-fips' in inventory_hostname }}"
4347

4448
# Windows
4549
- name: installation-agent-no-clean

test/packaging/ansible/installation-pinned.yml

+1-11
Original file line numberDiff line numberDiff line change
@@ -18,22 +18,12 @@
1818

1919
block:
2020
- name: Install agent
21-
# when: "'-fips' not in inventory_hostname"
2221
ansible.builtin.include_role:
2322
name: caos.ansible_roles.infra_agent
2423
vars:
2524
target_version: "{{ target_agent_version }}"
2625
repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent"
27-
28-
# TODO: https://new-relic.atlassian.net/browse/NR-355845 Uncomment when FIPS version is available for the minimum version
29-
# - name: Install agent - FIPS
30-
# when: "'-fips' in inventory_hostname"
31-
# ansible.builtin.include_role:
32-
# name: caos.ansible_roles.infra_agent
33-
# vars:
34-
# target_version: "{{ target_agent_version }}"
35-
# repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent"
36-
# fips_enabled: true
26+
fips_enabled: "{{ '-fips' in inventory_hostname }}"
3727

3828
- name: Assert version
3929
ansible.builtin.include_role:

test/packaging/ansible/installation-privileged.yml

+1-9
Original file line numberDiff line numberDiff line change
@@ -21,19 +21,11 @@
2121

2222
block:
2323
- name: Install agent
24-
when: "'-fips' not in inventory_hostname"
2524
ansible.builtin.include_role:
2625
name: caos.ansible_roles.infra_agent
2726
vars:
2827
repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent"
29-
30-
- name: Install agent - FIPS
31-
when: "'-fips' in inventory_hostname"
32-
ansible.builtin.include_role:
33-
name: caos.ansible_roles.infra_agent
34-
vars:
35-
repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent"
36-
fips_enabled: true
28+
fips_enabled: "{{ '-fips' in inventory_hostname }}"
3729

3830
- name: Assert privileged caps
3931
ansible.builtin.include_role:

test/packaging/ansible/installation-root.yml

+1-9
Original file line numberDiff line numberDiff line change
@@ -21,19 +21,11 @@
2121
block:
2222

2323
- name: Install agent
24-
when: "'-fips' not in inventory_hostname"
2524
ansible.builtin.include_role:
2625
name: caos.ansible_roles.infra_agent
2726
vars:
2827
repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent"
29-
30-
- name: Install agent - FIPS
31-
when: "'-fips' in inventory_hostname"
32-
ansible.builtin.include_role:
33-
name: caos.ansible_roles.infra_agent
34-
vars:
35-
repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent"
36-
fips_enabled: true
28+
fips_enabled: "{{ '-fips' in inventory_hostname }}"
3729

3830
- name: Assert root
3931
ansible.builtin.include_role:

test/packaging/ansible/installation-unprivileged.yml

+1-8
Original file line numberDiff line numberDiff line change
@@ -26,14 +26,7 @@
2626
name: caos.ansible_roles.infra_agent
2727
vars:
2828
repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent"
29-
30-
- name: Install agent - FIPS
31-
when: "'-fips' in inventory_hostname"
32-
ansible.builtin.include_role:
33-
name: caos.ansible_roles.infra_agent
34-
vars:
35-
repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent"
36-
fips_enabled: true
29+
fips_enabled: "{{ '-fips' in inventory_hostname }}"
3730

3831
- name: Assert no privileged caps
3932
ansible.builtin.include_role:

test/packaging/ansible/shutdown-and-terminate.yml

+1-10
Original file line numberDiff line numberDiff line change
@@ -16,21 +16,12 @@
1616

1717
tasks:
1818
- name: Install agent
19-
when: "'-fips' not in inventory_hostname"
2019
ansible.builtin.include_role:
2120
name: caos.ansible_roles.infra_agent
2221
vars:
2322
display_name: "{{ iid }}:{{ inventory_hostname }}"
2423
repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent"
25-
26-
- name: Install agent - FIPS
27-
when: "'-fips' in inventory_hostname"
28-
ansible.builtin.include_role:
29-
name: caos.ansible_roles.infra_agent
30-
vars:
31-
display_name: "{{ iid }}:{{ inventory_hostname }}"
32-
repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent"
33-
fips_enabled: true
24+
fips_enabled: "{{ '-fips' in inventory_hostname }}"
3425

3526
- name: Install agent windows (HNR)
3627
hosts: testing_hosts_windows

test/packaging/ansible/test.yml

+1-1
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
- name: Pinned version agent installation
44
import_playbook: installation-pinned.yml
5-
when: "'-fips' not in inventory_hostname" # TODO: https://new-relic.atlassian.net/browse/NR-355841
5+
when: "'-fips' not in inventory_hostname" # TODO: https://new-relic.atlassian.net/browse/NR-355845
66

77
- name: Agent installation as root
88
import_playbook: installation-root.yml

0 commit comments

Comments
 (0)