wazuh-qa icon indicating copy to clipboard operation
wazuh-qa copied to clipboard

Published 20 hours ago verified publisher icon wazuh

GH self-hosted runner in AWS for MacStadium

Open teddytpc1 opened this issue 1 year ago • 0 comments

Target version Related issue
4.9.0 #5346

Description

During the Packages redesign tier 1 testing some issues with the VPN connection to create resources in the MacStadium hosts were found. Several alternatives to resolve this were analyzed. We have decided to use a Self-hosted GH runner to execute the workflows that include MacStadium instances.

Runner specifications

The runner will be an EC2 instance deployed in the wazuh-qa account in the us-east-1 region. The type should be t3a.medium and it might be resized according to the needs.

  • It also must have the following components installed:

    • AWS CLI
    • Python3
    • pip

  • The OS will be AL2023 and the instance should have an instance role with the following policies:

    • devops-allocation-secret-manager-policy
    • devops-allocation-ec2-policy
    • devops-allocation-ec2-hosts-policy
    • ci_secrets_manager_packages_certificates

  • The instance must have stop and termination protection and has to be registered as a GH Self-hosted runner. An issue for @rauldpm might be needed to perform this task.

  • The instance must be deployed in the Jenkins subnet, so it can reach the VPN resources.

Tasks

  • [ ] Provision an EC2 instances with the specifications mentioned above
  • [ ] Generate an AMI using the new EC2 instance.
  • [ ] Test the allocation module against the MacStadium hosts (both, Intel and ARM) using the VPN IP.

teddytpc1 avatar May 09 '24 17:05 teddytpc1