Misc Packer improvements
This commit is contained in:
Radon Rosborough
parent
2062bfecdb
commit
be7403e367
|
|
@ -1,44 +0,0 @@
|
|||
{
|
||||
"variables": {
|
||||
"admin_password": "{{env `ADMIN_PASSWORD`}}"
|
||||
},
|
||||
"builders": [
|
||||
{
|
||||
"type": "amazon-ebs",
|
||||
"source_ami_filter": {
|
||||
"filters": {
|
||||
"virtualization-type": "hvm",
|
||||
"root-device-type": "ebs",
|
||||
"name": "ubuntu/images/hvm-ssd/ubuntu-*-21.04-amd64-server-*"
|
||||
},
|
||||
"owners": ["099720109477"],
|
||||
"most_recent": true
|
||||
},
|
||||
"instance_type": "t3.micro",
|
||||
"ssh_username": "ubuntu",
|
||||
"ami_name": "riju-{{timestamp}}"
|
||||
}
|
||||
],
|
||||
"provisioners": [
|
||||
{
|
||||
"type": "file",
|
||||
"source": "riju-init-volume",
|
||||
"destination": "/tmp/riju-init-volume"
|
||||
},
|
||||
{
|
||||
"type": "file",
|
||||
"source": "../supervisor/out/riju-supervisor",
|
||||
"destination": "/tmp/riju-supervisor"
|
||||
},
|
||||
{
|
||||
"type": "file",
|
||||
"source": "riju.service",
|
||||
"destination": "/tmp/riju.service"
|
||||
},
|
||||
{
|
||||
"type": "shell",
|
||||
"script": "provision.bash",
|
||||
"environment_vars": ["ADMIN_PASSWORD={{user `admin_password`}}"]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -0,0 +1,69 @@
|
|||
variable "admin_password" {
|
||||
type = string
|
||||
default = "${env("ADMIN_PASSWORD")}"
|
||||
}
|
||||
|
||||
variable "aws_region" {
|
||||
type = string
|
||||
default = "${env("AWS_REGION")}"
|
||||
}
|
||||
|
||||
variable "s3_bucket" {
|
||||
type = string
|
||||
default = "${env("S3_BUCKET")}"
|
||||
}
|
||||
|
||||
variable "supervisor_access_token" {
|
||||
type = string
|
||||
default = "${env("SUPERVISOR_ACCESS_TOKEN")}"
|
||||
}
|
||||
|
||||
data "amazon-ami" "ubuntu" {
|
||||
filters = {
|
||||
name = "ubuntu/images/hvm-ssd/ubuntu-*-21.04-amd64-server-*"
|
||||
root-device-type = "ebs"
|
||||
virtualization-type = "hvm"
|
||||
}
|
||||
most_recent = true
|
||||
owners = ["099720109477"]
|
||||
}
|
||||
|
||||
locals {
|
||||
timestamp = regex_replace(timestamp(), "[- TZ:]", "")
|
||||
}
|
||||
|
||||
source "amazon-ebs" "ubuntu" {
|
||||
ami_name = "riju-${local.timestamp}"
|
||||
instance_type = "t3.micro"
|
||||
source_ami = "${data.amazon-ami.ubuntu.id}"
|
||||
ssh_username = "ubuntu"
|
||||
}
|
||||
|
||||
build {
|
||||
sources = ["source.amazon-ebs.ubuntu"]
|
||||
|
||||
provisioner "file" {
|
||||
destination = "/tmp/riju-init-volume"
|
||||
source = "riju-init-volume"
|
||||
}
|
||||
|
||||
provisioner "file" {
|
||||
destination = "/tmp/riju-supervisor"
|
||||
source = "../supervisor/out/riju-supervisor"
|
||||
}
|
||||
|
||||
provisioner "file" {
|
||||
destination = "/tmp/riju.service"
|
||||
source = "riju.service"
|
||||
}
|
||||
|
||||
provisioner "shell" {
|
||||
environment_vars = [
|
||||
"ADMIN_PASSWORD=${var.admin_password}",
|
||||
"AWS_REGION=${var.aws_region}",
|
||||
"S3_BUCKET=${var.s3_bucket}",
|
||||
"SUPERVISOR_ACCESS_TOKEN=${var.supervisor_access_token}",
|
||||
]
|
||||
script = "provision.bash"
|
||||
}
|
||||
}
|
||||
|
|
@ -3,6 +3,8 @@
|
|||
set -euo pipefail
|
||||
|
||||
: ${ADMIN_PASSWORD}
|
||||
: ${S3_BUCKET}
|
||||
: ${SUPERVISOR_ACCESS_TOKEN}
|
||||
|
||||
mkdir /tmp/riju-work
|
||||
pushd /tmp/riju-work
|
||||
|
|
@ -21,7 +23,7 @@ ubuntu_name="$(lsb_release -cs)"
|
|||
sudo tee -a /etc/apt/sources.list.d/custom.list >/dev/null <<EOF
|
||||
deb [arch=amd64] https://download.docker.com/linux/ubuntu ${ubuntu_name} stable
|
||||
EOF
|
||||
|
||||
}
|
||||
sudo -E apt-get update
|
||||
sudo -E apt-get install -y certbot docker-ce docker-ce-cli containerd.io unzip whois
|
||||
|
||||
|
|
@ -36,6 +38,9 @@ sudo mv /tmp/riju.service /etc/systemd/system/
|
|||
sudo sed -Ei 's/^#?PermitRootLogin .*/PermitRootLogin no/' /etc/ssh/sshd_config
|
||||
sudo sed -Ei 's/^#?PasswordAuthentication .*/PasswordAuthentication no/' /etc/ssh/sshd_config
|
||||
sudo sed -Ei 's/^#?PermitEmptyPasswords .*/PermitEmptyPasswords no/' /etc/ssh/sshd_config
|
||||
sudo sed -Ei "s/\$AWS_REGION/${AWS_REGION}/" /etc/systemd/system/riju.service
|
||||
sudo sed -Ei "s/\$S3_BUCKET/${S3_BUCKET}/" /etc/systemd/system/riju.service
|
||||
sudo sed -Ei "s/\$SUPERVISOR_ACCESS_TOKEN/${SUPERVISOR_ACCESS_TOKEN}/" /etc/systemd/system/riju.service
|
||||
|
||||
sudo passwd -l root
|
||||
sudo useradd admin -g admin -G sudo -s /usr/bin/bash -p "$(echo "${ADMIN_PASSWORD}" | mkpasswd -s)" -m
|
||||
|
|
|
|||
|
|
@ -7,6 +7,9 @@ After=docker.service
|
|||
Type=exec
|
||||
ExecStart=riju-supervisor
|
||||
Restart=always
|
||||
Environment=AWS_REGION=$AWS_REGION
|
||||
Environment=S3_BUCKET=$S3_BUCKET
|
||||
Environment=SUPERVISOR_ACCESS_TOKEN=$SUPERVISOR_ACCESS_TOKEN
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
|||
|
|
@ -2,5 +2,12 @@
|
|||
|
||||
set -euo pipefail
|
||||
|
||||
export AWS_REGION="${AWS_REGION:-$(aws configure get region)}"
|
||||
|
||||
if [[ -n "${AWS_REGION}" ]]; then
|
||||
echo >&2 "no default AWS region specified, and AWS_REGION unset"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
cd packer
|
||||
packer build config.json
|
||||
packer build config.pkr.hcl
|
||||
|
|
|
|||
Loading…
Reference in New Issue