#packer (2020-06)

packer

Discuss Packer for building AMIs and Docker Images

Archive: https://archive.sweetops.com/packer/

2020-06-04

Pierre Humberdroz avatar
Pierre Humberdroz

Hey I am trying to pass 2 env vars from a ci pipeline to my shell provisioner somehow this does not seems to work. RESOURCES_AWS_ACCESS_KEY_ID and RESOURCES_AWS_SECRET_ACCESS_KEY my packer json is in the thread

Pierre Humberdroz avatar
Pierre Humberdroz
{
  "variables": {
    "resources_aws_id": "{{env `RESOURCES_AWS_ACCESS_KEY_ID`}}",
    "resources_aws_key": "{{env `RESOURCES_AWS_SECRET_ACCESS_KEY`}}"
  },
  "provisioners": [
    {
      "type": "shell",
      "inline": [
        "mkdir -p /tmp/httpd/ /tmp/crontab/ /tmp/sAI/"
      ]
    },
    {
      "type": "file",
      "source": "./httpd",
      "destination": "/tmp/"
    },
    {
      "type": "file",
      "source": "./sAI",
      "destination": "/tmp/"
    },
    {
      "type": "file",
      "source": "./crontab",
      "destination": "/tmp/"
    },
    {
      "type": "shell",
      "scripts": [
        "./httpd/install.sh",
        "./sAI/install.sh",
        "./crontab/install.sh"
      ],
      "environment_vars": [
        "RELEASE_PROJECT={{user `RELEASE_PROJECT`}}",
        "RELEASE_STAGE={{user `RELEASE_STAGE`}}",
        "RELEASE_VERSION={{user `RELEASE_VERSION`}}",
        "AWS_ACCESS_KEY_ID={{user `AWS_ACCESS_KEY_ID`}}",
        "AWS_SECRET_ACCESS_KEY={{user `AWS_SECRET_ACCESS_KEY`}}",
        "RESOURCES_AWS_ACCESS_KEY_ID={{user `resources_aws_id`}}",
        "RESOURCES_AWS_SECRET_ACCESS_KEY={{user `resources_aws_key`}}"
      ]
    }
  ]
}
ikar avatar
"AWS_ACCESS_KEY_ID={{user `AWS_ACCESS_KEY_ID`}}"

should be:

"AWS_ACCESS_KEY_ID={{user `resources_aws_id`}}"
ikar avatar

also RELEASE_* seem not to be defined?

Pierre Humberdroz avatar
Pierre Humberdroz

oh these I pass in via cli

Pierre Humberdroz avatar
Pierre Humberdroz
packer build \
        -var "SOURCE_AMI=$SOURCE_AMI" \
        -var "RELEASE_PROJECT=$PROJECT_NAME" \
        -var "RELEASE_STAGE=$TARGET" \
        -var "RELEASE_VERSION=$TAG" \
        -var "RELEASE_NAME=$PROJECT_NAME-$TARGET-$TAG" \
        -var "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID" \
        -var "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY" \
        -var "CI_JOB_TOKEN=$CI_JOB_TOKEN" \
        "packer.json"
Pierre Humberdroz avatar
Pierre Humberdroz

but I want the RESOURCES_* to be passed in via env vars instead of defining them via cli arguments

Pierre Humberdroz avatar
Pierre Humberdroz

since those are project specific

Pierre Humberdroz avatar
Pierre Humberdroz

I found the issue it is not related to packer but how I merge with a different packer file later

ikar avatar

dunno, sorry. Was my first shot in the dark

2020-06-14

RB avatar

Anyone use hcl for packer?

RB avatar

One thing I’m interested in is modules so i can create a good template of build commands that other repos can source.. i don’t see any examples of this

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

We recently looked into it for a project we are working on.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
HCL2: implementation list · Issue #9176 · hashicorp/packer

HCL2 support is a beta work in progress and features are added one by one. As a result it can be hard for end users to know where we are at. While the full list HCL2 issues can be found using the H…

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Many things are not yet implemented.

aaratn avatar

This is helpful !! Thanks @Erik Osterman (Cloud Posse) @RB!! I was looking to use HCL for packer stuff, thanks for heads up !!

1
RB avatar

Ah i see. Ill watch that issue and wait for it to be fully implemented

2020-06-15

2020-06-18

Sai Krishna avatar
Sai Krishna

Hi Everyone - How do I set image name in packer docker image builder script?

2020-06-19

2020-06-30

RB avatar

is there a packer linter ?

RB avatar

or perhaps a json linter with configurable rules for packer

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

conftest?

RB avatar

contest? or conftest?

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
open-policy-agent/conftest

Write tests against structured configuration data using the Open Policy Agent Rego query language - open-policy-agent/conftest

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

it supports like 20 languages and formats

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

including json/yaml/hcl/etc

RB avatar

ah interesting. i guess i need to explore this more. once hcl2 is completely embraced by packer, we could modularize our packer configs hopefully, and to be extra we could test with conftest too

RB avatar

awesome, thanks erik. i wonder if someone has already posted on testing their json code with this tool.

RB avatar
open-policy-agent/conftest

Write tests against structured configuration data using the Open Policy Agent Rego query language - open-policy-agent/conftest

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

ya was just about to share

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
open-policy-agent/conftest

Write tests against structured configuration data using the Open Policy Agent Rego query language - open-policy-agent/conftest

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

funny coincidence, @joshmyers just asked about https://sweetops.slack.com/archives/CB6GHNLG0/p1593520077380600

Anyone using Open Policy Agent/Conftest with Terraform?

joshmyers avatar
joshmyers

Ya, doing that now, integrating OPA with Atlantis

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Very cool! I hope we get to work on a project that requires that this year.

joshmyers avatar
joshmyers

Still figuring out if I want conftest or direct OPA

joshmyers avatar
joshmyers

Looking reasonable so far though

joshmyers avatar
joshmyers

Interested to know folks approaches to this and integration into Atlantis, storing the rego policies besides your modules etc?

RB avatar

That seems like it would work but you may require the same checks across different repos so perhaps youd want to either put the shared checka in its own repo and somehow clone it as a custom workflow

joshmyers avatar
joshmyers

Aye, or separate to actually enforce policies, so folks can just change them on a branch to suit their needs

    keyboard_arrow_up