gulp>> packer-consul>> 返回
项目作者: daveshepherd

项目描述 :
A packer definition for building private consul AMIs
高级语言: Shell
项目地址: git://github.com/daveshepherd/packer-consul.git
创建时间: 2018-03-12T21:26:13Z
项目社区:https://github.com/daveshepherd/packer-consul
开源协议:MIT License
下载


Packer - Consul

circleci build status

Builds AWS AMI images for consul using Packer based on the official
Ubuntu AMI image in the eu-west-1 and eu-west-2 regions.

This is unconfigured, to configure it place the
consul configuration file into /etc/consul.d, you may choose to do
this as user data in an autoscaling group.

This image is private and is based off a private Ubuntu image which is also built with Packer. The base Ubuntu image
is built to include configuration and components required across all servers, which makes it unsuitable for public
consumption. However, feel free to use this as an example of how to do build consul AMIs.

The reason for this is for implementing the idea of immutable infrastructure, where updates and upgrade a baked into the
AMI and the updated version is deployed to replace the existing servers. In the case of Consul, this is done as a
rolling update, where a new server is brought into service, checked that it has joined the cluster successfully, then an
old one is terminated. This is repeated until all servers in the cluster is running the latest AMI.

Configuration

The following environment variables are required to build this image

  • AWS_ACCESS_KEY_ID
  • AWS_SECRET_ACCESS_KEY
  • VPC_ID - The ID of a VPC to use for the build, e.g. vpc-abcd1234
  • SUBNET_ID - The ID of the subnet to use for the build, e.g. subnet-efgh5678
  • DESTINATION_REGIONS - A list of regions to replicate this AMI to, e.g. eu-west-2,us-west-1

AWS IAM policy

The AWS access key id and secret access key should have the following permissions, for each region:

  1. {
  2.     "Version": "2012-10-17",
  3.     "Statement": [
  4.         {
  5.             "Sid": "NonResourceLevelPermissions",
  6.             "Action": [
  7.                 "ec2:Describe*",
  8.                 "ec2:CreateVolume",
  9.                 "ec2:CreateKeypair",
  10.                 "ec2:DeleteKeypair",
  11.                 "ec2:CreateSecurityGroup",
  12.                 "ec2:AuthorizeSecurityGroupIngress",
  13.                 "ec2:CreateImage",
  14.                 "ec2:CopyImage",
  15.                 "ec2:CreateSnapshot",
  16.                 "ec2:DeleteSnapshot",
  17.                 "ec2:RegisterImage",
  18.                 "ec2:CreateTags",
  19.                 "ec2:ModifyImageAttribute",
  20.                 "ec2:RequestSpotInstances",
  21.                 "ec2:CancelSpotInstanceRequests"
  22.             ],
  23.             "Effect": "Allow",
  24.             "Resource": "*"
  25.         },
  26.         {
  27.             "Sid": "AllowInstanceActions",
  28.             "Effect": "Allow",
  29.             "Action": [
  30.                 "ec2:StopInstances",
  31.                 "ec2:TerminateInstances",
  32.                 "ec2:AttachVolume",
  33.                 "ec2:DetachVolume",
  34.                 "ec2:DeleteVolume"
  35.             ],
  36.             "Resource": [
  37.                 "arn:aws:ec2:eu-west-1:123456789012:instance/*",
  38.                 "arn:aws:ec2:eu-west-1:123456789012:volume/*",
  39.                 "arn:aws:ec2:eu-west-1:123456789012:security-group/*"
  40.             ],
  41.             "Condition": {
  42.                 "StringEquals": {
  43.                     "ec2:ResourceTag/Name": "Packer Builder"
  44.                 }
  45.             }
  46.         },
  47.         {
  48.             "Sid": "EC2RunInstancesSubnet",
  49.             "Effect": "Allow",
  50.             "Action": [
  51.                 "ec2:RunInstances"
  52.             ],
  53.             "Resource": [
  54.                 "arn:aws:ec2:eu-west-1::image/*",
  55.                 "arn:aws:ec2:eu-west-1:123456789012:key-pair/*",
  56.                 "arn:aws:ec2:eu-west-1:123456789012:network-interface/*",
  57.                 "arn:aws:ec2:eu-west-1:123456789012:security-group/*",
  58.                 "arn:aws:ec2:eu-west-1:123456789012:volume/*",
  59.                 "arn:aws:ec2:eu-west-1:123456789012:instance/*",
  60.                 "arn:aws:ec2:eu-west-1:123456789012:subnet/subnet-efgh5678",
  61.                 "arn:aws:ec2:eu-west-1:123456789012:vpc/vpc-*"
  62.             ]
  63.         },
  64.         {
  65.             "Sid": "SGVPCDelete",
  66.             "Effect": "Allow",
  67.             "Action": [
  68.                 "ec2:DeleteSecurityGroup"
  69.             ],
  70.             "Resource": [
  71.                 "*"
  72.             ],
  73.             "Condition": {
  74.                 "StringEquals": {
  75.                     "ec2:vpc": [
  76.                         "arn:aws:ec2:eu-west-1:123456789012:vpc/vpc-abcd1234"
  77.                     ]
  78.                 }
  79.             }
  80.         }
  81.     ]
  82. }