Hi,
Manage to fix this with a work around>
# Copy BGPD files
aws s3 cp --recursive s3://<s3 url>/azure_vpn_server_primary/quagga/ /tmp
#Copy StrongSwan files
aws s3 cp --recursive s3://<s3-url>/azure_vpn_server_primary/strongswan/
/tmp
# In Azure, the instance should have IP Forwarding enabled on its network
interface
# Copy keepalived files
aws s3 cp --recursive s3://<s3-url>/azure_vpn_server_primary/keepalived/
/tmp
# Move files to their destionation
cd /tmp/ && sudo mv bgpd.* zebra.* /etc/quagga/
cd /tmp/ && sudo mv ipsec* strongswan.* /etc/strongswan/
cd /tmp/ && sudo mv backup.* checks.* fault.* keepalived.* master.*
/etc/strongswan/
Packer does not have some kind of elevation to root user while executing
the script?
Something like:
{
"type": "shell",
"script": "./example.sh",
<< "become": yes >>
"environment_vars": [
"AWS_ACCESS_KEY={{user `script_aws_access`}}",
"AWS_SECRET_ACCESS_KEY={{user `script_aws_secret_access`}}"
],
"pause_before": "10s"
}
On Wednesday, March 13, 2019 at 2:01:29 PM UTC+1, Deking wrote:
>
> Hi,
>
> I have another problem with this example.
> Seems that line: aws s3 cp --recursive
> s3://<s3-url>/azure_vpn_server_primary/quagga/ /etc/quagga/
> is not executed as ROOT user so i have permission denied. Command is tryin
> to copy file to /etc/ which requires SUDO.
>
> How can i achieve this?
>
> On Wednesday, March 13, 2019 at 12:52:04 PM UTC+1, Rickard von Essen wrote:
>>
>> In your example.sh script you overwrite AWS_ACCESS_KEY and
>> AWS_SECRET_ACCESS_KEY with argument 1 and 2 respectively, but you don't
>> pass any arguments so that clears them.
>>
>> It should work if you remove the 2nd and 3rd line from your script.
>>
>> On Wed, Mar 13, 2019 at 12:14 PM Deking <[email protected]> wrote:
>>
>>> I want to achive following:
>>>
>>> 1. Create Linux VPN server image with Packer
>>> 2. Pull config files from S3 bucket and configure StrongSwan, BGPD,
>>> keepalive etc
>>>
>>> The troubles starts with pulling files from S3 bucket, where i need to
>>> set variable in order for bash script to connect to AWS and transfer the
>>> mentioned files.
>>>
>>> Here is packer code:
>>>
>>> {
>>> "variables": {
>>> "aws_access_key": "{{env `AWS_ACCESS_KEY_ID`}}",
>>> "aws_secret_key": "{{env `AWS_SECRET_ACCESS_KEY`}}",
>>> "aws_default_region": "{{env `AWS_DEFAULT_REGION`}}",
>>> "aws_source_ami": "{{env `AWS_SOURCE_AMI`}}",
>>> "aws_ssh_user": "{{env `AWS_SSH_USER`}}",
>>> "script_aws_access": "{{env `SCRIPT_AWS_ACCESS_KEY`}}",
>>> "script_aws_secret_access": "{{env
>>> `SCRIPT_AWS_SECRET_ACCESS_KEY`}}"
>>> },
>>> "builders": [
>>> {
>>> "type": "amazon-ebs",
>>> "access_key": "{{user `aws_access_key`}}",
>>> "secret_key": "{{user `aws_secret_key`}}",
>>> "region": "eu-west-1",
>>> "vpc_id": "vpc-0816d88cdecb1438a",
>>> "subnet_id": "subnet-07e30b1ad80f0c4a8",
>>> "security_group_id": "sg-098ff42f1bdaf7183",
>>> "associate_public_ip_address": "true",
>>> "instance_type": "t2.micro",
>>> "ami_name": "myLinuxPackerImage",
>>> "source_ami": "ami-0ff760d16d9497662",
>>> "ssh_username": "{{user `aws_ssh_user`}}"
>>> }
>>> ],
>>>
>>> "provisioners": [
>>> {
>>> "type": "file",
>>> "source": "./welcome.txt",
>>> "destination": "/home/centos/"
>>> },
>>> {
>>> "type": "shell",
>>> "inline":[
>>> "ls -al /home/centos",
>>> "cat /home/centos/welcome.txt",
>>> "sleep 30",
>>> "sudo yum update -y"
>>> ]
>>> },
>>> {
>>> "type": "shell",
>>> "script": "./example.sh",
>>> "environment_vars": [
>>> "AWS_ACCESS_KEY={{user `script_aws_access`}}",
>>> "AWS_SECRET_ACCESS_KEY={{user `script_aws_secret_access`}}"
>>> ],
>>> "pause_before": "10s"
>>> }
>>> ]
>>> }
>>>
>>>
>>> Environment variables:
>>>
>>> export AWS_ACCESS_KEY_ID="mykey"
>>> export AWS_SECRET_ACCESS_KEY="mysecret"
>>> export AWS_DEFAULT_REGION="eu-west-1"
>>> export AWS_SOURCE_AMI="ami-0ff760d16d9497662"
>>> export AWS_SSH_USER="centos"
>>> export SCRIPT_AWS_ACCESS_KEY="my-SCRIPT-key"
>>> export SCRIPT_AWS_SECRET_ACCESS_KEY="my-secret-SCRIPT-key"
>>>
>>> Actual bash script (example.sh) for provisioner:
>>>
>>> #!/bin/bash
>>> AWS_ACCESS_KEY=${1}
>>> AWS_SECRET_ACCESS_KEY=${2}
>>> sudo yum install epel-release -y
>>> sudo yum install nano wget htop telnet strongswan quagga
>>> iptables-services iptables python-pip -y
>>> sudo systemctl stop firewalld && systemctl disable firewalld
>>> sudo systemctl enable iptables && systemctl start iptables
>>> sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc
>>> sh -c 'echo -e "[azure-cli]\nname=Azure CLI\nbaseurl=
>>> https://packages.microsoft.com/yumrepos/azure-cli\nenabled=1\ngpgcheck=1\ngpgkey=https://packages.microsoft.com/keys/microsoft.asc";
>>>
>>> > /etc/yum.repos.d/azure-cli.repo'
>>> sudo yum install azure-cli -y
>>> sudo yum update -y && easy_install pip
>>> sudo pip install awscli
>>> sudo yum install keepalived -y && sudo systemctl enable keepalived
>>> sudo useradd keepalived_script
>>> export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY
>>> export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
>>> export AWS_DEFAULT_REGION=eu-west-1
>>>
>>> # Copy BGPD files
>>>
>>> aws s3 cp --recursive
>>> s3://<s3-url>/azure_vpn_server_primary/quagga/ /etc/quagga/
>>>
>>> #Copy StrongSwan files
>>>
>>> aws s3 cp --recursive
>>> s3://<s3-url>/azure_vpn_server_primary/strongswan/ /etc/strongswan/
>>>
>>> # In Azure, the instance should have IP Forwarding enabled on its
>>> network interface
>>>
>>> # Copy keepalived files
>>>
>>> aws s3 cp --recursive
>>> s3://<s3-url>/azure_vpn_server_primary/keepalived/ /etc/keepalived/
>>>
>>> ERROR:
>>>
>>> amazon-ebs: Created symlink from
>>> /etc/systemd/system/multi-user.target.wants/keepalived.service to
>>> /usr/lib/systemd/system/keepalived.service.
>>> amazon-ebs: fatal error: An error occurred
>>> (AuthorizationHeaderMalformed) when calling the ListObjectsV2 operation:
>>> The authorization header is malformed; a non-empty Access Key (AKID) must
>>> be provided in the credential.
>>> amazon-ebs: fatal error: An error occurred
>>> (AuthorizationHeaderMalformed) when calling the ListObjectsV2 operation:
>>> The authorization header is malformed; a non-empty Access Key (AKID) must
>>> be provided in the credential.
>>>
>>> --
>>> This mailing list is governed under the HashiCorp Community Guidelines -
>>> https://www.hashicorp.com/community-guidelines.html. Behavior in
>>> violation of those guidelines may result in your removal from this mailing
>>> list.
>>>
>>> GitHub Issues: https://github.com/mitchellh/packer/issues
>>> IRC: #packer-tool on Freenode
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "Packer" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/packer-tool/3dc4d12a-4988-49e3-9e10-dcad5bac6f29%40googlegroups.com
>>>
>>> <https://groups.google.com/d/msgid/packer-tool/3dc4d12a-4988-49e3-9e10-dcad5bac6f29%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
--
This mailing list is governed under the HashiCorp Community Guidelines -
https://www.hashicorp.com/community-guidelines.html. Behavior in violation of
those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups
"Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/packer-tool/7c893fc7-2354-40c3-bf35-4d43eb6a9f3d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
