How to set variables for bash script using packer?

918 views
Skip to first unread message

Deking

unread,
Mar 13, 2019, 7:14:53 AM3/13/19
to Packer
I want to achive following:

1. Create Linux VPN server image with Packer
2. Pull config files from S3 bucket and configure StrongSwan, BGPD, keepalive etc

The troubles starts with pulling files from S3 bucket, where i need to set variable in order for bash script to connect to AWS and transfer the mentioned files.

Here is packer code:

    {
        "variables": {
          "aws_access_key": "{{env `AWS_ACCESS_KEY_ID`}}",
          "aws_secret_key": "{{env `AWS_SECRET_ACCESS_KEY`}}",
          "aws_default_region": "{{env `AWS_DEFAULT_REGION`}}",
          "aws_source_ami": "{{env `AWS_SOURCE_AMI`}}",
          "aws_ssh_user": "{{env `AWS_SSH_USER`}}",
          "script_aws_access": "{{env `SCRIPT_AWS_ACCESS_KEY`}}",
          "script_aws_secret_access": "{{env `SCRIPT_AWS_SECRET_ACCESS_KEY`}}"
        },
        "builders": [
        {
          "type": "amazon-ebs",
          "access_key": "{{user `aws_access_key`}}",
          "secret_key": "{{user `aws_secret_key`}}",
          "region": "eu-west-1",
          "vpc_id": "vpc-0816d88cdecb1438a",
          "subnet_id": "subnet-07e30b1ad80f0c4a8",
          "security_group_id": "sg-098ff42f1bdaf7183",
          "associate_public_ip_address": "true",
          "instance_type": "t2.micro",
          "ami_name": "myLinuxPackerImage",
          "source_ami": "ami-0ff760d16d9497662",
          "ssh_username": "{{user `aws_ssh_user`}}"
          }
         ],
    
      "provisioners": [
        {
            "type": "file",
            "source": "./welcome.txt",
            "destination": "/home/centos/"
        },
        {
            "type": "shell",
            "inline":[
                "ls -al /home/centos",
                "cat /home/centos/welcome.txt",
                "sleep 30",
                "sudo yum update -y"
            ]
        },
        {
            "type": "shell",
            "script": "./example.sh",
            "environment_vars": [
              "AWS_ACCESS_KEY={{user `script_aws_access`}}",
              "AWS_SECRET_ACCESS_KEY={{user `script_aws_secret_access`}}"
            ],    
            "pause_before": "10s"
        }
    ]
    }


Environment variables:

    export AWS_ACCESS_KEY_ID="mykey"
    export AWS_SECRET_ACCESS_KEY="mysecret"
    export AWS_DEFAULT_REGION="eu-west-1"
    export AWS_SOURCE_AMI="ami-0ff760d16d9497662"
    export AWS_SSH_USER="centos"
    export SCRIPT_AWS_ACCESS_KEY="my-SCRIPT-key"
    export SCRIPT_AWS_SECRET_ACCESS_KEY="my-secret-SCRIPT-key"

Actual bash script (example.sh) for provisioner:

    #!/bin/bash
    AWS_ACCESS_KEY=${1}
    AWS_SECRET_ACCESS_KEY=${2}
    sudo yum install epel-release -y 
    sudo yum install nano wget htop telnet strongswan quagga iptables-services iptables python-pip -y 
    sudo systemctl stop firewalld && systemctl disable firewalld  
    sudo systemctl enable iptables && systemctl start iptables 
    sh -c 'echo -e "[azure-cli]\nname=Azure CLI\nbaseurl=https://packages.microsoft.com/yumrepos/azure-cli\nenabled=1\ngpgcheck=1\ngpgkey=https://packages.microsoft.com/keys/microsoft.asc" > /etc/yum.repos.d/azure-cli.repo'
    sudo yum install azure-cli -y
    sudo yum update -y && easy_install pip
    sudo pip install awscli
    sudo yum install keepalived -y && sudo systemctl enable keepalived
    sudo useradd keepalived_script 
    export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY
    export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
    export AWS_DEFAULT_REGION=eu-west-1
    
    # Copy BGPD files
    
    aws s3 cp --recursive  s3://<s3-url>/azure_vpn_server_primary/quagga/ /etc/quagga/
    
    #Copy StrongSwan files
    
    aws s3 cp --recursive  s3://<s3-url>/azure_vpn_server_primary/strongswan/ /etc/strongswan/
    
    # In Azure, the instance should have IP Forwarding enabled on its network interface
    
    # Copy keepalived files
    
    aws s3 cp --recursive  s3://<s3-url>/azure_vpn_server_primary/keepalived/ /etc/keepalived/

ERROR:

    amazon-ebs: Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
        amazon-ebs: fatal error: An error occurred (AuthorizationHeaderMalformed) when calling the ListObjectsV2 operation: The authorization header is malformed; a non-empty Access Key (AKID) must be provided in the credential.
        amazon-ebs: fatal error: An error occurred (AuthorizationHeaderMalformed) when calling the ListObjectsV2 operation: The authorization header is malformed; a non-empty Access Key (AKID) must be provided in the credential.

Rickard von Essen

unread,
Mar 13, 2019, 7:52:04 AM3/13/19
to packe...@googlegroups.com
In your example.sh script you overwrite AWS_ACCESS_KEY and AWS_SECRET_ACCESS_KEY with argument 1 and 2 respectively, but you don't pass any arguments so that clears them.

It should work if you remove the 2nd and 3rd line from your script.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/3dc4d12a-4988-49e3-9e10-dcad5bac6f29%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Deking

unread,
Mar 13, 2019, 8:40:46 AM3/13/19
to Packer
Thanks! Works now.

Deking

unread,
Mar 13, 2019, 9:01:29 AM3/13/19
to Packer
Hi,

I have another problem with this example.
Seems that line: aws s3 cp --recursive  s3://<s3-url>/azure_vpn_server_primary/quagga/ /etc/quagga/
is not executed as ROOT user so i have permission denied. Command is tryin to copy file to /etc/ which requires SUDO.

How can i achieve this?


On Wednesday, March 13, 2019 at 12:52:04 PM UTC+1, Rickard von Essen wrote:

Deking

unread,
Mar 13, 2019, 10:14:14 AM3/13/19
to Packer
Hi,

Manage to fix this with a work around>

# Copy BGPD files
aws s3 cp --recursive s3://<s3 url>/azure_vpn_server_primary/quagga/ /tmp

#Copy StrongSwan files
aws s3 cp --recursive s3://<s3-url>/azure_vpn_server_primary/strongswan/ /tmp

# In Azure, the instance should have IP Forwarding enabled on its network interface
# Copy keepalived files
aws s3 cp --recursive s3://<s3-url>/azure_vpn_server_primary/keepalived/ /tmp

# Move files to their destionation
cd /tmp/ && sudo mv bgpd.* zebra.* /etc/quagga/
cd /tmp/ && sudo mv ipsec* strongswan.* /etc/strongswan/
cd /tmp/ && sudo mv backup.* checks.* fault.* keepalived.* master.* /etc/strongswan/

Packer does not have some kind of elevation to root user while executing the script? 

Something like:
{
"type": "shell",
"script": "./example.sh",
<< "become": yes >>
"environment_vars": [
"AWS_ACCESS_KEY={{user `script_aws_access`}}",
"AWS_SECRET_ACCESS_KEY={{user `script_aws_secret_access`}}"
],
"pause_before": "10s"
}
Reply all
Reply to author
Forward
0 new messages