You environment_vars section is wrong. It should look like:
"environment_vars": [
"AWS_ACCESS_KEY_ID={{ user `aws_access_key` }}",
"AWS_SECRET_ACCESS_KEY={{ user `aws_secret_key` }}"
],
But environment_vars isn't very useful when using inlines, instead directly
inline it in the code.
{
"type": "shell",
"inline": [
"#!/bin/bash -x",
"echo {{ user `aws_access_key` }}",
"sudo rm /var/lib/apt/lists/lock",
"sleep 60",
"sudo apt-get install -y curl openssh-server
ca-certificates apt-transport-https ca-certificates
software-properties-common",
"curl
https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh
| sudo bash",
"sudo EXTERNAL_URL='http://gitlab.tb65.net' apt-get install
gitlab-ee",
"#Certs",
"sudo mkdir -p /etc/gitlab/ssl",
"sudo chmod 700 /etc/gitlab/ssl",
"sudo AWS_ACCESS_KEY_ID={{ user `aws_access_key` }} [...]
aws s3 cp s3://BUCKET_NAME-devops/Certs/__MY_DOMAIN/__MY_DOMAIN.key
/etc/gitlab/ssl/__MY_DOMAIN.key"
]
}
On Mon, Dec 3, 2018 at 3:16 AM Seth Floyd <[email protected]> wrote:
> Hi. Im running into an issue and I feel like ive missed something in a doc
> somewhere and i need someone to set me straight.
> Im using Gitlab CI for my pipeline which builds a docker container that
> has packer installed inside it and thats where i run my packer build from.
> I have my AWS keys set in my gitlab project as CI variables.
> Here are the commands im running in my pipeline:
>
> - docker build --build-arg PACKER_VERSION=$PACKER_VERSION -t packer .
> - docker run -d -t -i --name packer_builder packer
> - docker exec -i -e AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" -e
> AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" packer_builder packer
> validate /tmp/gitlab.json
> - docker exec -i -e AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" -e
> AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" packer_builder packer build
> /tmp/gitlab.json
>
> My PACKER_VERSION gets passed into my docker container just fine. I can
> echo it. My AWS keys are being passed into the container as env vars which
> allow packer build to run, which it does just fine. What I need to do is
> actually use these AWS keys inside a script provisioner so that I can do
> some CP from an S3 bucket. The var name im using in Gitlab is
> AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.
>
> Can someone tell me what Ive missed or what I should be doing here to make
> these env vars available?
> Thanks!
>
> Trimmed down example packer template:
>
> {
> "variables": {
> "aws_access_key": "{{env `AWS_ACCESS_KEY_ID`}}",
> "aws_secret_key": "{{env `AWS_SECRET_ACCESS_KEY`}}"
> },
> "builders": [{
> "type": "amazon-ebs",
> "access_key": "{{user `aws_access_key`}}",
> "secret_key": "{{user `aws_secret_key`}}",
> "region": "us-east-1",
> "source_ami_filter": {
> "filters": {
> "virtualization-type": "hvm",
> "name": "Base-AMI-Ubuntu-*",
> "root-device-type": "ebs"
> },
> "owners": [
> "XXXXXXXXXXXX"
> ],
> "most_recent": true
> },
> "instance_type": "t2.large",
> "ssh_username": "ubuntu",
> "ami_name": "Gitlab-{{timestamp}}",
> "vpc_id": "vpc-XXXXXX",
> "subnet_id": "subnet-XXXXXXXX"
> }],
> "provisioners": [{
> "type": "shell",
> "environment_vars": [
> "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID",
> "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY"
> ],
> "inline": [
> "#!/bin/bash -x",
> "echo $AWS_ACCESS_KEY_ID", <----This only returns
> $AWS_ACCESS_KEY_ID
> "sudo rm /var/lib/apt/lists/lock",
> "sleep 60",
> "sudo apt-get install -y curl openssh-server
> ca-certificates apt-transport-https ca-certificates
> software-properties-common",
> "curl
> https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh
> | sudo bash",
> "sudo EXTERNAL_URL='http://gitlab.tb65.net' apt-get
> install gitlab-ee",
>
> "#Certs",
> "sudo mkdir -p /etc/gitlab/ssl",
> "sudo chmod 700 /etc/gitlab/ssl",
> "sudo aws s3 cp
> s3://BUCKET_NAME-devops/Certs/__MY_DOMAIN/__MY_DOMAIN.key
> /etc/gitlab/ssl/__MY_DOMAIN.key" <-- This fails and says my creds are not
> available.
> ]
> }
> ]
> }
>
> --
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in
> violation of those guidelines may result in your removal from this mailing
> list.
>
> GitHub Issues: https://github.com/mitchellh/packer/issues
> IRC: #packer-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Packer" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/packer-tool/e7cfb131-096d-40b3-a5a9-e0e4d4e1611f%40googlegroups.com
> <https://groups.google.com/d/msgid/packer-tool/e7cfb131-096d-40b3-a5a9-e0e4d4e1611f%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
This mailing list is governed under the HashiCorp Community Guidelines -
https://www.hashicorp.com/community-guidelines.html. Behavior in violation of
those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups
"Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/packer-tool/CALz9Rt-rvmj1bHeqa7YdjkcB69BhbwtQgd_TtAP5GouOsL%2Bfrg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
