fix: Spinwait tailscale install to protect against SSM conflicts (#24)

Co-authored-by: JT <[email protected]>
Hawxy · Sep 29, 2024 · 10b7459 · 10b7459
1 parent 0fb41e8
commit 10b7459
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 13 deletions.
diff --git a/src/index.ts b/src/index.ts
@@ -148,9 +148,7 @@ export class TailscaleBastion extends Construct {
         // Install Tailscale
         InitCommand.shellCommand('dnf config-manager --add-repo https://pkgs.tailscale.com/stable/amazon-linux/2023/tailscale.repo'),
         // Protect against a potential conflict with AWS activity
-        InitCommand.shellCommand('sleep 10'),
-        InitCommand.shellCommand('dnf -y install jq'),
-        InitCommand.shellCommand('dnf -y install tailscale'),
+        InitCommand.shellCommand('until dnf -y install tailscale ; do sleep 10s ; done'),
         InitCommand.shellCommand('systemctl enable --now tailscaled'),
         InitCommand.shellCommand(`echo TS_AUTHKEY=${authKeyCommand} >> /etc/environment`),
         InitCommand.shellCommand(`source /etc/environment && tailscale up --authkey $TS_AUTHKEY --advertise-routes=${advertiseRoute ?? vpc.vpcCidrBlock} --accept-routes --accept-dns=false`),

diff --git a/test/construct.test.ts b/test/construct.test.ts
@@ -68,18 +68,12 @@ test('Bastion host should be created', () => {
               command: 'dnf config-manager --add-repo https://pkgs.tailscale.com/stable/amazon-linux/2023/tailscale.repo',
             },
             '007': {
-              command: 'sleep 10',
+              command: 'until dnf -y install tailscale ; do sleep 10s ; done',
             },
             '008': {
-              command: 'dnf -y install jq',
-            },
-            '009': {
-              command: 'dnf -y install tailscale',
-            },
-            '010': {
               command: 'systemctl enable --now tailscaled',
             },
-            '011': {
+            '009': {
               command: {
                 'Fn::Join': [
                   '',
@@ -97,7 +91,7 @@ test('Bastion host should be created', () => {
                 ],
               },
             },
-            '012': {
+            '010': {
               command: {
                 'Fn::Join': [
                   '',

diff --git a/test/routes.test.ts b/test/routes.test.ts
@@ -49,7 +49,7 @@ test('Bastion host should have routing set up', () => {
       'AWS::CloudFormation::Init': {
         config: {
           commands: {
-            '012': {
+            '010': {
               command: 'source /etc/environment && tailscale up --authkey $TS_AUTHKEY --advertise-routes=fd7a:115c:a1e0:b1a:0:7:a01:100/120 --accept-routes --accept-dns=false',
             },
           },