[英]What is the correct way to query Amazon AWS AMI from packer?
我正在尝试使用打包机为亚马逊ebs建立一个黄金形象。 我在AWS AMI控制台上创建了一个用户,以获取access_key和secret_key。 当我将这些值放入application-server.json并启动打包程序命令时:
打包程序build -only = amazon-ebs application-server.json
我说错了
查询AMI时出错:AuthFailure:凭据必须恰好有5个以斜杠分隔的元素,例如keyid / date / region / service / term,得到了' my_key '
状态码:401,请求ID:d8e8359a-dfa4-47da-bf05-81c957849a6c
我在这里用my_key替换了实键。
如何分割钥匙? 我应该在启动打包程序命令之前手动创建实例吗?
更新#1:application-server.json
{
"variables": {
"PACKER_OS_FLAVOUR": "ubuntu",
"PACKER_BOX_NAME": "ubuntu-14.04.4-server-amd64",
"AWS_ACCESS_KEY_ID": "{{env `AWS_ACCESS_KEY_ID`}}",
"AWS_SECRET_ACCESS_KEY": "{{env `AWS_SECRET_ACCESS_KEY`}}",
"DIGITALOCEAN_API_TOKEN": "{{env `DIGITALOCEAN_API_TOKEN`}}"
},
"builders": [
{
"type": "virtualbox-iso",
"boot_command": [
"<esc><wait>",
"<esc><wait>",
"<enter><wait>",
"/install/vmlinuz<wait>",
" auto<wait>",
" console-setup/ask_detect=false<wait>",
" console-setup/layoutcode=us<wait>",
" console-setup/modelcode=pc105<wait>",
" debconf/frontend=noninteractive<wait>",
" debian-installer=en_US<wait>",
" fb=false<wait>",
" initrd=/install/initrd.gz<wait>",
" kbd-chooser/method=us<wait>",
" keyboard-configuration/layout=USA<wait>",
" keyboard-configuration/variant=USA<wait>",
" locale=en_US<wait>",
" netcfg/get_domain=vm<wait>",
" netcfg/get_hostname=vagrant<wait>",
" noapic<wait>",
" preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg<wait>",
" -- <wait>",
"<enter><wait>"
],
"boot_wait": "10s",
"headless": false,
"disk_size": 10140,
"guest_additions_path": "VBoxGuestAdditions_{{.Version}}.iso",
"guest_os_type": "Ubuntu_64",
"http_directory": "http",
"iso_checksum": "07e4bb5569814eab41fafac882ba127893e3ff0bdb7ec931c9b2d040e3e94e7a",
"iso_checksum_type": "sha256",
"iso_url": "http://releases.ubuntu.com/trusty/{{ user `PACKER_BOX_NAME` }}.iso",
"shutdown_command": "echo 'vagrant'|sudo -S shutdown -P now",
"ssh_password": "vagrant",
"ssh_port": 22,
"ssh_username": "vagrant",
"ssh_wait_timeout": "10000s",
"type": "virtualbox-iso",
"vm_name": "{{ user `PACKER_BOX_NAME` }}",
"vboxmanage": [
["modifyvm", "{{.Name}}", "--memory", "1024"],
["modifyvm", "{{.Name}}", "--cpus", "2"]
],
"virtualbox_version_file": ".vbox_version"
},
{
"type": "amazon-ebs",
"access_key": "AKIAJEXAMPEXAMPEXAMP ",
"secret_key": "ExAMpleExAmpLEExAMPlEExAMPlEexAmpLEExaMPL",
"region": "us-east-1",
"source_ami": "ami-10b68a78",
"instance_type": "t2.micro",
"ssh_username": "ubuntu",
"ami_name": "packer-app-server {{timestamp}}"
},
{
"type": "googlecompute",
"account_file": "account.json",
"project_id": "devops-intro-project",
"source_image": "ubuntu-1404-trusty-v20150316",
"zone": "us-central1-a",
"image_name": "application-ubuntu-1404-{{timestamp}}",
"machine_type": "n1-standard-1",
"ssh_username": "ubuntu"
},
{
"type": "digitalocean",
"api_token": "{{ user `DIGITALOCEAN_API_TOKEN` }}",
"image": "ubuntu-14-04-x64",
"region": "tor1",
"size": "512mb",
"droplet_name": "udacity-devops",
"private_networking": true
}
],
"provisioners": [
{
"type": "shell",
"execute_command": "echo 'vagrant'|{{.Vars}} sudo -S -E bash '{{.Path}}'",
"scripts": [
"scripts/update.sh"
]
},
{
"type": "shell",
"only": ["virtualbox-iso"],
"execute_command": "echo 'vagrant'|sudo -S -E bash '{{.Path}}'",
"scripts": [
"scripts/virtualbox.sh",
"scripts/vagrant.sh"
]
},
{
"type": "shell",
"execute_command": "echo 'vagrant'|sudo -S -E bash '{{.Path}}'",
"scripts": [
"scripts/application.sh",
"scripts/cleanup.sh"
]
}
],
"post-processors": [
[
{
"type": "vagrant",
"except": ["googlecompute", "digitalocean"],
"compression_level": "9",
"output": "{{.Provider}}/{{ user `PACKER_BOX_NAME` }}-appserver_{{.Provider}}.box"
}
]
]
}
更新#2:最后一个问题是access_key中的空白。 难以置信的。
现在我明白了
amazon-ebs:清理密钥对时出错。 请手动删除密钥:构建'amazon-ebs'错误:创建临时密钥对时出错:UnauthorizedOperation:您无权执行此操作。 状态码:403,请求ID:ee8cd02a-bdd8-4987-a798-00dc1f94e8e7
您可以在模板中指定访问密钥ID和秘密密钥,例如:
{
"access_key": "AKIAIOSFODNN7EXAMPLE",
"secret_key": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
}
请参阅AWS文档-访问密钥和Packer文档-Amazon Builders 。
如果您共享模板,我可以指出出什么问题了。
更改access_key并删除字符串的最后一个空格后; 解决有关密钥对的错误:
我已将用户添加到Amazon AWS IAM中的组,并添加了在Packer文档中找到的策略:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action" : [
"ec2:AttachVolume",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CopyImage",
"ec2:CreateImage",
"ec2:CreateKeypair",
"ec2:CreateSecurityGroup",
"ec2:CreateSnapshot",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:DeleteKeypair",
"ec2:DeleteSecurityGroup",
"ec2:DeleteSnapshot",
"ec2:DeleteVolume",
"ec2:DeregisterImage",
"ec2:DescribeImageAttribute",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeRegions",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSnapshots",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DetachVolume",
"ec2:GetPasswordData",
"ec2:ModifyImageAttribute",
"ec2:ModifyInstanceAttribute",
"ec2:ModifySnapshotAttribute",
"ec2:RegisterImage",
"ec2:RunInstances",
"ec2:StopInstances",
"ec2:TerminateInstances"
],
"Resource" : "*"
}]
}
有效。
使用 Packer 构建 AWS AMI 时遇到问题。 失败:amazon-ebs:等待 SSH 可用
[英]Trouble building an AWS AMI using Packer. Fails with: amazon-ebs: Waiting for SSH to become available
在AWS上,为什么需要Packer生成AMI,因为ami_from_instance存在于terraform中
[英]On AWS, why should Packer be required to generate AMIs, since ami_from_instance exist in terraform
Packer错误:“ amazon-ebs:查询AMI:AuthFailure错误”
[英]Packer Error: “amazon-ebs: Error querying AMI: AuthFailure”
Packer 可以在本地构建 AMI(即,不连接到 AWS)吗?
[英]Can Packer build an AMI locally (that is, without connecting to AWS)?
亚马逊系统映像 (AMI) 的主要原因是什么,即 AWS 中的 AMI ID 因地区而异?
[英]What is the main reason Amazon Machine Image (AMI)'s i.e. AMI IDs in AWS are different on region to region basis?
打包程序“source_ami_filter”中的“所有者”字段有何作用?
[英]what does "Owner" field in packer "source_ami_filter" work on?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.