堆栈内存溢出
  简体   繁体   English

如何允许打包程序在AMI构建期间访问CodeCommit?

[英]How to allow packer to access CodeCommit during AMI build?

 原文  2016-05-07 03:12:19       packer/ aws-codecommit

问题描述

I'd like to clone my FreeTier git repos from CodeCommit when using packer to build an AMI. 使用包装程序构建AMI时,我想从CodeCommit克隆我的FreeTier git存储库。 This is incredibly challenging and poorly documented. 这是难以置信的挑战,而且记录不充分。

1 个解决方案

解决方案1
 1 已采纳  2016-05-07 03:12:19

This is what finally worked for me. 这终于对我有用。 This is Ubuntu 16.04 hvm:ebs as the base image, as it will install a modern and functioning git and awscli. 这是Ubuntu 16.04 hvm:ebs作为基础映像,因为它将安装现代且有效的git和awscli。 14.04 had many issues, that in the end weren't worth sorting out. 14.04有很多问题,最后不值得理清。 

{                                                                                                         
  "variables": {                                                                                          
    "aws_access_key": "",                                                                                 
    "aws_secret_key": ""                                                                                  
  },                                                                                                      
  "builders": [{                                                                                          
    "type": "amazon-ebs",                                                                                 
    "name": "aws",                                                                                        
    "access_key": "{{user `aws_access_key`}}",                                                            
    "secret_key": "{{user `aws_secret_key`}}",                                                            
    "iam_instance_profile": "packer",                                                                
    "region": "us-east-1",                                                                                
    "source_ami": "ami-840910ee",                                                                         
    "instance_type": "t2.micro",                                                                          
    "ssh_username": "ubuntu",                                                                             
    "ami_name": "myproject {{timestamp}}"                                                                
  }],                                                                                                     
  "provisioners": [{                                                                                      
    "type": "shell",                                                                                      
    "inline": [                                                                                           
      "sleep 30",                                                                                         
      "sudo apt-get update",                                                                              
      "sudo apt-get upgrade -y",                                                                          
      "sudo apt-get install -y git awscli python-virtualenv",                                             
      "sudo install -o ubuntu -g ubuntu -m 755 -d /opt/scratch",                                             
      "virtualenv /opt/scratch/venv",                                                                        
      "git config --global credential.helper '!aws codecommit credential-helper $@'",                     
      "git config --global credential.UseHttpPath true",                                                  
      "git clone https://git-codecommit.us-east-1.amazonaws.com/v1/repos/myproject /opt/scratch/venv/src/myproject", 
      "/opt/scratch/venv/bin/pip install -r /opt/scratch/venv/src/myproject/requirements.txt"                  
    ]                                                                                                     
  }]                                                                                                      
}

In the IAM console, the user that packer will use needs the iam:PassRole policy to be able to use the iam_instance_profile directive. 在IAM控制台中, iam:PassRole将使用的用户需要iam:PassRole策略才能使用iam_instance_profile指令。

Also in the IAM console, you'll need to create a role for EC2, and give it the AWSCodeCommitReadOnly policy. 同样在IAM控制台中,您将需要为EC2创建角色,并为其AWSCodeCommitReadOnly策略。

Note that --profile default is missing from the credential.helper, this is intentional. 请注意, --profile default中缺少--profile default ,这是有意的。 Using the role there is no ~/.aws/credential file to hold the default profile. 使用该角色时,没有~/.aws/credential文件~/.aws/credential默认配置文件。 Instead aws-cli will use the role assigned to the instance, which allows it to clone from CodeCommit 相反, aws-cli将使用分配给实例的角色,从而允许其从CodeCommit克隆

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用打包程序在没有SSH的情况下构建AMI - How to use packer to build AMI without SSH 如何有条件地使用打包器构建 aws ami? - how to build aws ami with packer conditionally? 在构建期间如何通过Ansible访问打包机(IP /主机) - How to access packer machine (IP/host) through ansible during build 在Packer中构建AMI,包括使用Packer修改的快照 - Build AMI in packer including modified snapshot with packer 如何在使用打包程序创建 AMI 期间调整根文件系统的大小? - How to resize the root filesystem during AMI creation with packer? 如何使用打包程序创建新的Windows AMI - How to create new windows AMI with packer 如何将 AMI 名称放入打包程序清单中 - how to put AMI name in packer manifest 如何在packer ami数据源中添加区域 - How to add region in packer ami data source Packer 可以在本地构建 AMI(即,不连接到 AWS)吗? - Can Packer build an AMI locally (that is, without connecting to AWS)? 在打包程序构建期间无法将VNC连接到ESX - Unable to connect VNC to ESX during packer build
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM