Need help figuring out environment variables

25 views
Skip to first unread message

Seth Floyd

unread,
Dec 2, 2018, 9:16:30 PM12/2/18
to Packer
Hi. Im running into an issue and I feel like ive missed something in a doc somewhere and i need someone to set me straight.
Im using Gitlab CI for my pipeline which builds a docker container that has packer installed inside it and thats where i run my packer build from. I have my AWS keys set in my gitlab project as CI variables. 
Here are the commands im running in my pipeline:

  - docker build --build-arg PACKER_VERSION=$PACKER_VERSION -t packer .
  - docker run -d -t -i --name packer_builder packer
  - docker exec -i -e AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" -e AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" packer_builder packer validate /tmp/gitlab.json
  - docker exec -i -e AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" -e AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" packer_builder packer build /tmp/gitlab.json

My PACKER_VERSION gets passed into my docker container just fine. I can echo it. My AWS keys are being passed into the container as env vars which allow packer build to run, which it does just fine. What I need to do is actually use these AWS keys inside a script provisioner so that I can do some CP from an S3 bucket. The var name im using in Gitlab is AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.

Can someone tell me what Ive missed or what I should be doing here to make these env vars available?  
Thanks!

Trimmed down example packer template:

{
    "variables": {
        "aws_access_key": "{{env `AWS_ACCESS_KEY_ID`}}",
        "aws_secret_key": "{{env `AWS_SECRET_ACCESS_KEY`}}"
    },
    "builders": [{
        "type": "amazon-ebs",
        "access_key": "{{user `aws_access_key`}}",
        "secret_key": "{{user `aws_secret_key`}}",
        "region": "us-east-1",
        "source_ami_filter": {
            "filters": {
                "virtualization-type": "hvm",
                "name": "Base-AMI-Ubuntu-*",
                "root-device-type": "ebs"
            },
            "owners": [
                "XXXXXXXXXXXX"
            ],
            "most_recent": true
        },
        "instance_type": "t2.large",
        "ssh_username": "ubuntu",
        "ami_name": "Gitlab-{{timestamp}}",
        "vpc_id": "vpc-XXXXXX",
        "subnet_id": "subnet-XXXXXXXX"
    }],
    "provisioners": [{
            "type": "shell",
            "environment_vars": [
                "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID",
                "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY"
            ],
            "inline": [
                "#!/bin/bash -x",
                "echo $AWS_ACCESS_KEY_ID",    <----This only returns $AWS_ACCESS_KEY_ID
                "sudo rm /var/lib/apt/lists/lock",
                "sleep 60",
                "sudo apt-get install -y curl openssh-server ca-certificates apt-transport-https ca-certificates software-properties-common",
                "sudo EXTERNAL_URL='http://gitlab.tb65.net' apt-get install gitlab-ee",

                "#Certs",
                "sudo mkdir -p /etc/gitlab/ssl",
                "sudo chmod 700 /etc/gitlab/ssl",
                "sudo aws s3 cp s3://BUCKET_NAME-devops/Certs/__MY_DOMAIN/__MY_DOMAIN.key /etc/gitlab/ssl/__MY_DOMAIN.key"  <-- This fails and says my creds are not available.
            ]
        }
    ]
}

Rickard von Essen

unread,
Dec 3, 2018, 2:18:17 AM12/3/18
to packe...@googlegroups.com
You environment_vars section is wrong. It should look like:

"environment_vars": [
                "AWS_ACCESS_KEY_ID={{ user `aws_access_key` }}",
                "AWS_SECRET_ACCESS_KEY={{ user `aws_secret_key` }}"
            ],

But environment_vars isn't very useful when using inlines, instead directly inline it in the code. 

{
            "type": "shell",
            "inline": [
                "#!/bin/bash -x",
                "echo {{ user `aws_access_key` }}",
                "sudo rm /var/lib/apt/lists/lock",
                "sleep 60",
                "sudo apt-get install -y curl openssh-server ca-certificates apt-transport-https ca-certificates software-properties-common",
                "sudo EXTERNAL_URL='http://gitlab.tb65.net' apt-get install gitlab-ee",

                "#Certs",
                "sudo mkdir -p /etc/gitlab/ssl",
                "sudo chmod 700 /etc/gitlab/ssl",
                "sudo AWS_ACCESS_KEY_ID={{ user `aws_access_key` }} [...] aws s3 cp s3://BUCKET_NAME-devops/Certs/__MY_DOMAIN/__MY_DOMAIN.key /etc/gitlab/ssl/__MY_DOMAIN.key"
            ]
        }

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/e7cfb131-096d-40b3-a5a9-e0e4d4e1611f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Seth Floyd

unread,
Dec 3, 2018, 1:09:09 PM12/3/18
to packe...@googlegroups.com
Thanks. Thats exactly what I was looking for nd probably the only combination I didnt't try. Thanks again.


You received this message because you are subscribed to a topic in the Google Groups "Packer" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/packer-tool/csnkpxrtgtM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to packer-tool...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/CALz9Rt-rvmj1bHeqa7YdjkcB69BhbwtQgd_TtAP5GouOsL%2Bfrg%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.


--
Seth Floyd Jr.
DevOps Terbium Labs
Reply all
Reply to author
Forward
0 new messages