iSharkFly-Docs
/
packer-cn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

amazon: update docs & links

This commit is contained in:
Adrien Delorme 2019-06-03 17:55:09 +02:00
parent e6cbb013ba
commit e09f3fbd02
5 changed files with 472 additions and 382 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

192
builder/amazon/chroot/builder.go
View File

@ -31,99 +31,139 @@ type Config struct {
awscommon.AMIConfig `mapstructure:",squash"`
awscommon.AccessConfig `mapstructure:",squash"`
// This is a list of devices to
// mount into the chroot environment. This configuration parameter requires
// some additional documentation which is in the Chroot
// Mounts section. Please read that section for more
// information on how to use this.
ChrootMounts [][]string `mapstructure:"chroot_mounts" required:"false"`
// mount into the chroot environment. This configuration parameter requires
// some additional documentation which is in the Chroot
// Mounts section. Please read that section for more
// information on how to use this.
ChrootMounts [][]string `mapstructure:"chroot_mounts" required:"false"`
// How to run shell commands. This defaults to
// {{.Command}}. This may be useful to set if you want to set environmental
// variables or perhaps run it with sudo or so on. This is a configuration
// template where the .Command variable is replaced with the command to be
// run. Defaults to {{.Command}}.
CommandWrapper string `mapstructure:"command_wrapper" required:"false"`
// {{.Command}}. This may be useful to set if you want to set environmental
// variables or perhaps run it with sudo or so on. This is a configuration
// template where the .Command variable is replaced with the command to be
// run. Defaults to {{.Command}}.
CommandWrapper string `mapstructure:"command_wrapper" required:"false"`
// Paths to files on the running EC2
// instance that will be copied into the chroot environment prior to
// provisioning. Defaults to /etc/resolv.conf so that DNS lookups work. Pass
// an empty list to skip copying /etc/resolv.conf. You may need to do this
// if you're building an image that uses systemd.
CopyFiles []string `mapstructure:"copy_files" required:"false"`
// instance that will be copied into the chroot environment prior to
// provisioning. Defaults to /etc/resolv.conf so that DNS lookups work. Pass
// an empty list to skip copying /etc/resolv.conf. You may need to do this
// if you're building an image that uses systemd.
CopyFiles []string `mapstructure:"copy_files" required:"false"`
// The path to the device where the root volume of
// the source AMI will be attached. This defaults to "" (empty string), which
// forces Packer to find an open device automatically.
DevicePath string `mapstructure:"device_path" required:"false"`
// the source AMI will be attached. This defaults to "" (empty string), which
// forces Packer to find an open device automatically.
DevicePath string `mapstructure:"device_path" required:"false"`
// When we call the mount command (by default
// mount -o device dir), the string provided in nvme_mount_path will
// replace device in that command. When this option is not set, device in
// that command will be something like /dev/sdf1, mirroring the attached
// device name. This assumption works for most instances but will fail with c5
// and m5 instances. In order to use the chroot builder with c5 and m5
// instances, you must manually set nvme_device_path and device_path.
NVMEDevicePath string `mapstructure:"nvme_device_path" required:"false"`
// mount -o device dir), the string provided in nvme_mount_path will
// replace device in that command. When this option is not set, device in
// that command will be something like /dev/sdf1, mirroring the attached
// device name. This assumption works for most instances but will fail with c5
// and m5 instances. In order to use the chroot builder with c5 and m5
// instances, you must manually set nvme_device_path and device_path.
NVMEDevicePath string `mapstructure:"nvme_device_path" required:"false"`
// Build a new volume instead of starting from an
// existing AMI root volume snapshot. Default false. If true, source_ami
// is no longer used and the following options become required:
// ami_virtualization_type, pre_mount_commands and root_volume_size. The
// below options are also required in this mode only:
FromScratch bool `mapstructure:"from_scratch" required:"false"`
// existing AMI root volume snapshot. Default false. If true, source_ami
// is no longer used and the following options become required:
// ami_virtualization_type, pre_mount_commands and root_volume_size. The
// below options are also required in this mode only:
FromScratch bool `mapstructure:"from_scratch" required:"false"`
// Options to supply the mount command
// when mounting devices. Each option will be prefixed with -o and supplied
// to the mount command ran by Packer. Because this command is ran in a
// shell, user discretion is advised. See this manual page for the mount
// command for valid file
// system specific options.
MountOptions []string `mapstructure:"mount_options" required:"false"`
// when mounting devices. Each option will be prefixed with -o and supplied
// to the mount command ran by Packer. Because this command is ran in a
// shell, user discretion is advised. See this manual page for the mount
// command for valid file
// system specific options.
MountOptions []string `mapstructure:"mount_options" required:"false"`
// The partition number containing the /
// partition. By default this is the first partition of the volume, (for
// example, xvda1) but you can designate the entire block device by setting
// "mount_partition": "0" in your config, which will mount xvda instead.
MountPartition string `mapstructure:"mount_partition" required:"false"`
// partition. By default this is the first partition of the volume, (for
// example, xvda1) but you can designate the entire block device by setting
// "mount_partition": "0" in your config, which will mount xvda instead.
MountPartition string `mapstructure:"mount_partition" required:"false"`
// The path where the volume will be mounted. This is
// where the chroot environment will be. This defaults to
// /mnt/packer-amazon-chroot-volumes/{{.Device}}. This is a configuration
// template where the .Device variable is replaced with the name of the
// device where the volume is attached.
MountPath string `mapstructure:"mount_path" required:"false"`
// where the chroot environment will be. This defaults to
// /mnt/packer-amazon-chroot-volumes/{{.Device}}. This is a configuration
// template where the .Device variable is replaced with the name of the
// device where the volume is attached.
MountPath string `mapstructure:"mount_path" required:"false"`
// As pre_mount_commands, but the
// commands are executed after mounting the root device and before the extra
// mount and copy steps. The device and mount path are provided by
// {{.Device}} and {{.MountPath}}.
PostMountCommands []string `mapstructure:"post_mount_commands" required:"false"`
// commands are executed after mounting the root device and before the extra
// mount and copy steps. The device and mount path are provided by
// {{.Device}} and {{.MountPath}}.
PostMountCommands []string `mapstructure:"post_mount_commands" required:"false"`
// A series of commands to execute
// after attaching the root volume and before mounting the chroot. This is not
// required unless using from_scratch. If so, this should include any
// partitioning and filesystem creation commands. The path to the device is
// provided by {{.Device}}.
PreMountCommands []string `mapstructure:"pre_mount_commands" required:"false"`
// after attaching the root volume and before mounting the chroot. This is not
// required unless using from_scratch. If so, this should include any
// partitioning and filesystem creation commands. The path to the device is
// provided by {{.Device}}.
PreMountCommands []string `mapstructure:"pre_mount_commands" required:"false"`
// The root device name. For example, xvda.
RootDeviceName string `mapstructure:"root_device_name" required:"false"`
RootDeviceName string `mapstructure:"root_device_name" required:"false"`
// The size of the root volume in GB for the
// chroot environment and the resulting AMI. Default size is the snapshot size
// of the source_ami unless from_scratch is true, in which case this
// field must be defined.
RootVolumeSize int64 `mapstructure:"root_volume_size" required:"false"`
// chroot environment and the resulting AMI. Default size is the snapshot size
// of the source_ami unless from_scratch is true, in which case this
// field must be defined.
RootVolumeSize int64 `mapstructure:"root_volume_size" required:"false"`
// The type of EBS volume for the chroot
// environment and resulting AMI. The default value is the type of the
// source_ami, unless from_scratch is true, in which case the default
// value is gp2. You can only specify io1 if building based on top of a
// source_ami which is also io1.
RootVolumeType string `mapstructure:"root_volume_type" required:"false"`
// environment and resulting AMI. The default value is the type of the
// source_ami, unless from_scratch is true, in which case the default
// value is gp2. You can only specify io1 if building based on top of a
// source_ami which is also io1.
RootVolumeType string `mapstructure:"root_volume_type" required:"false"`
// The source AMI whose root volume will be copied and
// provisioned on the currently running instance. This must be an EBS-backed
// AMI with a root volume snapshot that you have access to. Note: this is not
// used when from_scratch is set to true.
SourceAmi string `mapstructure:"source_ami" required:"true"`
// provisioned on the currently running instance. This must be an EBS-backed
// AMI with a root volume snapshot that you have access to. Note: this is not
// used when from_scratch is set to true.
SourceAmi string `mapstructure:"source_ami" required:"true"`
// Filters used to populate the source_ami
// field. Example:
SourceAmiFilter awscommon.AmiFilterOptions `mapstructure:"source_ami_filter" required:"false"`
// field. Example:
//
//
// ``` json
// {
// "source_ami_filter": {
// "filters": {
// "virtualization-type": "hvm",
// "name": "ubuntu/images/*ubuntu-xenial-16.04-amd64-server-*",
// "root-device-type": "ebs"
// },
// "owners": ["099720109477"],
// "most_recent": true
// }
// }
// ```
//
// This selects the most recent Ubuntu 16.04 HVM EBS AMI from Canonical. NOTE:
// This will fail unless *exactly* one AMI is returned. In the above example,
// `most_recent` will cause this to succeed by selecting the newest image.
//
// - `filters` (map of strings) - filters used to select a `source_ami`.
// NOTE: This will fail unless *exactly* one AMI is returned. Any filter
// described in the docs for
// [DescribeImages](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeImages.html)
// is valid.
//
// - `owners` (array of strings) - Filters the images by their owner. You
// may specify one or more AWS account IDs, "self" (which will use the
// account whose credentials you are using to run Packer), or an AWS owner
// alias: for example, "amazon", "aws-marketplace", or "microsoft". This
// option is required for security reasons.
//
// - `most_recent` (boolean) - Selects the newest created image when true.
// This is most useful for selecting a daily distro build.
//
// You may set this in place of `source_ami` or in conjunction with it. If you
// set this in conjunction with `source_ami`, the `source_ami` will be added
// to the filter. The provided `source_ami` must meet all of the filtering
// criteria provided in `source_ami_filter`; this pins the AMI returned by the
// filter, but will cause Packer to fail if the `source_ami` does not exist.
SourceAmiFilter awscommon.AmiFilterOptions `mapstructure:"source_ami_filter" required:"false"`
// Tags to apply to the
// volumes that are launched. This is a template
// engine, see Build template
// data for more information.
RootVolumeTags awscommon.TagMap `mapstructure:"root_volume_tags" required:"false"`
// volumes that are *launched*. This is a [template
// engine](/docs/templates/engine.html), see [Build template
// data](#build-template-data) for more information.
RootVolumeTags awscommon.TagMap `mapstructure:"root_volume_tags" required:"false"`
// what architecture to use when registering the
// final AMI; valid options are "x86_64" or "arm64". Defaults to "x86_64".
Architecture string `mapstructure:"ami_architecture" required:"false"`
// final AMI; valid options are "x86_64" or "arm64". Defaults to "x86_64".
Architecture string `mapstructure:"ami_architecture" required:"false"`
ctx interpolate.Context
}

128
builder/amazon/common/access_config.go
View File

@ -21,17 +21,17 @@ import (
)
type VaultAWSEngineOptions struct {
Name string `mapstructure:"name"`
RoleARN string `mapstructure:"role_arn"`
Name string `mapstructure:"name"`
RoleARN string `mapstructure:"role_arn"`
// Specifies the TTL for the use of the STS token. This
// is specified as a string with a duration suffix. Valid only when
// credential_type is assumed_role or federation_token. When not
// specified, the default_sts_ttl set for the role will be used. If that
// is also not set, then the default value of 3600s will be used. AWS
// places limits on the maximum TTL allowed. See the AWS documentation on
// the DurationSeconds parameter for AssumeRole (for assumed_role
// credential types) and GetFederationToken (for federation_token
// credential types) for more details.
// is specified as a string with a duration suffix. Valid only when
// credential_type is assumed_role or federation_token. When not
// specified, the default_sts_ttl set for the role will be used. If that
// is also not set, then the default value of 3600s will be used. AWS
// places limits on the maximum TTL allowed. See the AWS documentation on
// the DurationSeconds parameter for AssumeRole (for assumed_role
// credential types) and GetFederationToken (for federation_token
// credential types) for more details.
TTL string `mapstructure:"ttl" required:"false"`
EngineName string `mapstructure:"engine_name"`
}
@ -43,55 +43,77 @@ func (v *VaultAWSEngineOptions) Empty() bool {
// AccessConfig is for common configuration related to AWS access
type AccessConfig struct {
// The access key used to communicate with AWS. Learn
// how to set this
AccessKey string `mapstructure:"access_key" required:"true"`
// The access key used to communicate with AWS. [Learn how to set this]
// (/docs/builders/amazon.html#specifying-amazon-credentials). On EBS, this
// is not required if you are using `use_vault_aws_engine` for
// authentication instead.
AccessKey string `mapstructure:"access_key" required:"true"`
// This option is useful if you use a cloud
// provider whose API is compatible with aws EC2. Specify another endpoint
// like this https://ec2.custom.endpoint.com.
CustomEndpointEc2 string `mapstructure:"custom_endpoint_ec2" required:"false"`
// Enable automatic decoding of
// any encoded authorization (error) messages using the
// sts:DecodeAuthorizationMessage API. Note: requires that the effective
// user/role have permissions to sts:DecodeAuthorizationMessage on resource
// *. Default false.
DecodeAuthZMessages bool `mapstructure:"decode_authorization_messages" required:"false"`
// provider whose API is compatible with aws EC2. Specify another endpoint
// like this https://ec2.custom.endpoint.com.
CustomEndpointEc2 string `mapstructure:"custom_endpoint_ec2" required:"false"`
// Enable automatic decoding of any encoded authorization (error) messages
// using the `sts:DecodeAuthorizationMessage` API. Note: requires that the
// effective user/role have permissions to `sts:DecodeAuthorizationMessage`
// on resource `*`. Default `false`.
DecodeAuthZMessages bool `mapstructure:"decode_authorization_messages" required:"false"`
// This allows skipping TLS
// verification of the AWS EC2 endpoint. The default is false.
InsecureSkipTLSVerify bool `mapstructure:"insecure_skip_tls_verify" required:"false"`
// The MFA
// TOTP
// code. This should probably be a user variable since it changes all the
// time.
MFACode string `mapstructure:"mfa_code" required:"false"`
// verification of the AWS EC2 endpoint. The default is false.
InsecureSkipTLSVerify bool `mapstructure:"insecure_skip_tls_verify" required:"false"`
// The MFA TOTP code. This should probably be a user variable since it
// changes all the time.
MFACode string `mapstructure:"mfa_code" required:"false"`
// The profile to use in the shared credentials file for
// AWS. See Amazon's documentation on specifying
// profiles
// for more details.
ProfileName string `mapstructure:"profile" required:"false"`
// The name of the region, such as us-east-1, in which
// to launch the EC2 instance to create the AMI.
RawRegion string `mapstructure:"region" required:"true"`
// The secret key used to communicate with AWS. Learn
// how to set this
SecretKey string `mapstructure:"secret_key" required:"true"`
// AWS. See Amazon's documentation on [specifying
// profiles](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-profiles)
// for more details.
ProfileName string `mapstructure:"profile" required:"false"`
// The name of the region, such as `us-east-1`, in which
// to launch the EC2 instance to create the AMI.
// When chroot building, this value is guessed from environment.
RawRegion string `mapstructure:"region" required:"true"`
// The secret key used to communicate with AWS. [Learn how to set
// this](amazon.html#specifying-amazon-credentials). This is not required
// if you are using `use_vault_aws_engine` for authentication instead.
SecretKey string `mapstructure:"secret_key" required:"true"`
// Set to true if you want to skip
// validation of the ami_regions configuration option. Default false.
SkipValidation bool `mapstructure:"skip_region_validation" required:"false"`
SkipMetadataApiCheck bool `mapstructure:"skip_metadata_api_check"`
// validation of the ami_regions configuration option. Default false.
SkipValidation bool `mapstructure:"skip_region_validation" required:"false"`
SkipMetadataApiCheck bool `mapstructure:"skip_metadata_api_check"`
// The access token to use. This is different from the
// access key and secret key. If you're not sure what this is, then you
// probably don't need it. This will also be read from the AWS_SESSION_TOKEN
// environmental variable.
Token string `mapstructure:"token" required:"false"`
session *session.Session
// access key and secret key. If you're not sure what this is, then you
// probably don't need it. This will also be read from the AWS_SESSION_TOKEN
// environmental variable.
Token string `mapstructure:"token" required:"false"`
session *session.Session
// Get credentials from Hashicorp Vault's aws
// secrets engine. You must already have created a role to use. For more
// information about generating credentials via the Vault engine, see the
// Vault
// docs.
// If you set this flag, you must also set the below options:
VaultAWSEngine VaultAWSEngineOptions `mapstructure:"vault_aws_engine" required:"false"`
// secrets engine. You must already have created a role to use. For more
// information about generating credentials via the Vault engine, see the
// Vault
// docs.
// If you set this flag, you must also set the below options:
// - `name` (string) - Required. Specifies the name of the role to generate
// credentials against. This is part of the request URL.
// - `engine_name` (string) - The name of the aws secrets engine. In the
// Vault docs, this is normally referred to as "aws", and Packer will
// default to "aws" if `engine_name` is not set.
// - `role_arn` (string)- The ARN of the role to assume if credential\_type
// on the Vault role is assumed\_role. Must match one of the allowed role
// ARNs in the Vault role. Optional if the Vault role only allows a single
// AWS role ARN; required otherwise.
// - `ttl` (string) - Specifies the TTL for the use of the STS token. This
// is specified as a string with a duration suffix. Valid only when
// credential\_type is assumed\_role or federation\_token. When not
// specified, the default\_sts\_ttl set for the role will be used. If that
// is also not set, then the default value of 3600s will be used. AWS
// places limits on the maximum TTL allowed. See the AWS documentation on
// the DurationSeconds parameter for AssumeRole (for assumed\_role
// credential types) and GetFederationToken (for federation\_token
// credential types) for more details.
//
// Example:
// `json { "vault_aws_engine": { "name": "myrole", "role_arn": "myarn",
VaultAWSEngine VaultAWSEngineOptions `mapstructure:"vault_aws_engine" required:"false"`
getEC2Connection func() ec2iface.EC2API
}

169
builder/amazon/common/ami_config.go
View File

@ -13,106 +13,105 @@ import (
// AMIConfig is for common configuration related to creating AMIs.
type AMIConfig struct {
// The name of the resulting AMI that will appear when
// managing AMIs in the AWS console or via APIs. This must be unique. To help
// make this unique, use a function like timestamp (see template
// engine for more info).
AMIName string `mapstructure:"ami_name" required:"true"`
// managing AMIs in the AWS console or via APIs. This must be unique. To help
// make this unique, use a function like timestamp (see [template
// engine](../templates/engine.html) for more info).
AMIName string `mapstructure:"ami_name" required:"true"`
// The description to set for the resulting
// AMI(s). By default this description is empty. This is a template
// engine, see Build template
// data for more information.
AMIDescription string `mapstructure:"ami_description" required:"false"`
// The type of virtualization for the AMI
// you are building. This option is required to register HVM images. Can be
// paravirtual (default) or hvm.
AMIVirtType string `mapstructure:"ami_virtualization_type" required:"false"`
// AMI(s). By default this description is empty. This is a template
// engine, see Build template
// data for more information.
AMIDescription string `mapstructure:"ami_description" required:"false"`
// The description to set for the resulting AMI(s). By default this
// description is empty. This is a [template
// engine](../templates/engine.html), see [Build template
// data](#build-template-data) for more information.
AMIVirtType string `mapstructure:"ami_virtualization_type" required:"false"`
// A list of account IDs that have access to
// launch the resulting AMI(s). By default no additional users other than the
// user creating the AMI has permissions to launch it.
AMIUsers []string `mapstructure:"ami_users" required:"false"`
// launch the resulting AMI(s). By default no additional users other than the
// user creating the AMI has permissions to launch it.
AMIUsers []string `mapstructure:"ami_users" required:"false"`
// A list of groups that have access to
// launch the resulting AMI(s). By default no groups have permission to launch
// the AMI. all will make the AMI publicly accessible.
AMIGroups []string `mapstructure:"ami_groups" required:"false"`
// launch the resulting AMI(s). By default no groups have permission to launch
// the AMI. all will make the AMI publicly accessible.
AMIGroups []string `mapstructure:"ami_groups" required:"false"`
// A list of product codes to
// associate with the AMI. By default no product codes are associated with the
// AMI.
AMIProductCodes []string `mapstructure:"ami_product_codes" required:"false"`
// associate with the AMI. By default no product codes are associated with the
// AMI.
AMIProductCodes []string `mapstructure:"ami_product_codes" required:"false"`
// A list of regions to copy the AMI to.
// Tags and attributes are copied along with the AMI. AMI copying takes time
// depending on the size of the AMI, but will generally take many minutes.
AMIRegions []string `mapstructure:"ami_regions" required:"false"`
// Tags and attributes are copied along with the AMI. AMI copying takes time
// depending on the size of the AMI, but will generally take many minutes.
AMIRegions []string `mapstructure:"ami_regions" required:"false"`
// Set to true if you want to skip
// validation of the ami_regions configuration option. Default false.
AMISkipRegionValidation bool `mapstructure:"skip_region_validation" required:"false"`
// validation of the ami_regions configuration option. Default false.
AMISkipRegionValidation bool `mapstructure:"skip_region_validation" required:"false"`
// Tags applied to the AMI. This is a
// template engine, see Build template
// data for more information.
AMITags TagMap `mapstructure:"tags" required:"false"`
// [template engine](/docs/templates/engine.html), see [Build template
// data](#build-template-data) for more information.
AMITags TagMap `mapstructure:"tags" required:"false"`
// Enable enhanced networking (ENA but not
// SriovNetSupport) on HVM-compatible AMIs. If set, add
// ec2:ModifyInstanceAttribute to your AWS IAM policy. If false, this will
// disable enhanced networking in the final AMI as opposed to passing the
// setting through unchanged from the source. Note: you must make sure
// enhanced networking is enabled on your instance. See Amazon's
// documentation on enabling enhanced
// networking.
AMIENASupport *bool `mapstructure:"ena_support" required:"false"`
// SriovNetSupport) on HVM-compatible AMIs. If set, add
// ec2:ModifyInstanceAttribute to your AWS IAM policy. If false, this will
// disable enhanced networking in the final AMI as opposed to passing the
// setting through unchanged from the source. Note: you must make sure
// enhanced networking is enabled on your instance. [Amazon's
// documentation on enabling enhanced
// networking](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking.html#enabling_enhanced_networking).
AMIENASupport *bool `mapstructure:"ena_support" required:"false"`
// Enable enhanced networking (SriovNetSupport but
// not ENA) on HVM-compatible AMIs. If true, add
// ec2:ModifyInstanceAttribute to your AWS IAM policy. Note: you must make
// sure enhanced networking is enabled on your instance. See Amazon's
// documentation on enabling enhanced
// networking.
// Default false.
AMISriovNetSupport bool `mapstructure:"sriov_support" required:"false"`
// not ENA) on HVM-compatible AMIs. If true, add
// ec2:ModifyInstanceAttribute to your AWS IAM policy. Note: you must make
// sure enhanced networking is enabled on your instance. See Amazon's
// documentation on enabling enhanced
// networking.
// Default false.
AMISriovNetSupport bool `mapstructure:"sriov_support" required:"false"`
// Force Packer to first deregister an existing
// AMI if one with the same name already exists. Default false.
AMIForceDeregister bool `mapstructure:"force_deregister" required:"false"`
// AMI if one with the same name already exists. Default false.
AMIForceDeregister bool `mapstructure:"force_deregister" required:"false"`
// Force Packer to delete snapshots
// associated with AMIs, which have been deregistered by force_deregister.
// Default false.
AMIForceDeleteSnapshot bool `mapstructure:"force_delete_snapshot" required:"false"`
// associated with AMIs, which have been deregistered by force_deregister.
// Default false.
AMIForceDeleteSnapshot bool `mapstructure:"force_delete_snapshot" required:"false"`
// Whether or not to encrypt the resulting AMI when
// copying a provisioned instance to an AMI. By default, Packer will keep the
// encryption setting to what it was in the source image. Setting false will
// result in an unencrypted image, and true will result in an encrypted one.
AMIEncryptBootVolume *bool `mapstructure:"encrypt_boot" required:"false"`
// ID, alias or ARN of the KMS key to use for boot
// volume encryption. This only applies to the main region, other regions
// where the AMI will be copied will be encrypted by the default EBS KMS key.
// For valid formats see KmsKeyId in the AWS API docs -
// CopyImage.
// This field is validated by Packer, when using an alias, you will have to
// prefix kms_key_id with alias/.
AMIKmsKeyId string `mapstructure:"kms_key_id" required:"false"`
// a map of regions to copy the ami
// to, along with the custom kms key id (alias or arn) to use for encryption
// for that region. Keys must match the regions provided in ami_regions. If
// you just want to encrypt using a default ID, you can stick with
// kms_key_id and ami_regions. If you want a region to be encrypted with
// that region's default key ID, you can use an empty string "" instead of a
// key id in this map. (e.g. "us-east-1": "") However, you cannot use
// default key IDs if you are using this in conjunction with snapshot_users
// -- in that situation you must use custom keys. For valid formats see
// KmsKeyId in the AWS API docs -
// CopyImage.
AMIRegionKMSKeyIDs map[string]string `mapstructure:"region_kms_key_ids" required:"false"`
// copying a provisioned instance to an AMI. By default, Packer will keep the
// encryption setting to what it was in the source image. Setting false will
// result in an unencrypted image, and true will result in an encrypted one.
AMIEncryptBootVolume *bool `mapstructure:"encrypt_boot" required:"false"`
// ID, alias or ARN of the KMS key to use for boot volume encryption. This
// only applies to the main `region`, other regions where the AMI will be
// copied will be encrypted by the default EBS KMS key. For valid formats
// see *KmsKeyId* in the [AWS API docs -
// CopyImage](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html).
// This field is validated by Packer, when using an alias, you will have to
// prefix `kms_key_id` with `alias/`.
AMIKmsKeyId string `mapstructure:"kms_key_id" required:"false"`
// a map of regions to copy the ami to, along with the custom kms key id
// (alias or arn) to use for encryption for that region. Keys must match
// the regions provided in ami_regions. If you just want to encrypt using a
// default ID, you can stick with kms_key_id and ami_regions. If you want a
// region to be encrypted with that region's default key ID, you can use an
// empty string "" instead of a key id in this map. (e.g. "us-east-1": "")
// However, you cannot use default key IDs if you are using this in
// conjunction with snapshot_users -- in that situation you must use custom
// keys. For valid formats see KmsKeyId in the AWS API docs - CopyImage.
AMIRegionKMSKeyIDs map[string]string `mapstructure:"region_kms_key_ids" required:"false"`
// Tags to apply to snapshot.
// They will override AMI tags if already applied to snapshot. This is a
// template engine, see Build template
// data for more information.
SnapshotTags TagMap `mapstructure:"snapshot_tags" required:"false"`
// They will override AMI tags if already applied to snapshot. This is a
// template engine, see Build template
// data for more information.
SnapshotTags TagMap `mapstructure:"snapshot_tags" required:"false"`
// A list of account IDs that have
// access to create volumes from the snapshot(s). By default no additional
// users other than the user creating the AMI has permissions to create
// volumes from the backing snapshot(s).
SnapshotUsers []string `mapstructure:"snapshot_users" required:"false"`
// access to create volumes from the snapshot(s). By default no additional
// users other than the user creating the AMI has permissions to create
// volumes from the backing snapshot(s).
SnapshotUsers []string `mapstructure:"snapshot_users" required:"false"`
// A list of groups that have access to
// create volumes from the snapshot(s). By default no groups have permission
// to create volumes from the snapshot(s). all will make the snapshot
// publicly accessible.
SnapshotGroups []string `mapstructure:"snapshot_groups" required:"false"`
// create volumes from the snapshot(s). By default no groups have permission
// to create volumes from the snapshot(s). all will make the snapshot
// publicly accessible.
SnapshotGroups []string `mapstructure:"snapshot_groups" required:"false"`
}
func stringInSlice(s []string, searchstr string) bool {

102
builder/amazon/common/block_device.go
View File

@ -14,51 +14,51 @@ import (
// BlockDevice
type BlockDevice struct {
// Indicates whether the EBS volume is
// deleted on instance termination. Default false. NOTE: If this
// value is not explicitly set to true and volumes are not cleaned up by
// an alternative method, additional volumes will accumulate after every
// build.
DeleteOnTermination bool `mapstructure:"delete_on_termination" required:"false"`
// deleted on instance termination. Default false. NOTE: If this
// value is not explicitly set to true and volumes are not cleaned up by
// an alternative method, additional volumes will accumulate after every
// build.
DeleteOnTermination bool `mapstructure:"delete_on_termination" required:"false"`
// The device name exposed to the instance (for
// example, /dev/sdh or xvdh). Required for every device in the block
// device mapping.
DeviceName string `mapstructure:"device_name" required:"false"`
// example, /dev/sdh or xvdh). Required for every device in the block
// device mapping.
DeviceName string `mapstructure:"device_name" required:"false"`
// Indicates whether or not to encrypt the volume.
// By default, Packer will keep the encryption setting to what it was in
// the source image. Setting false will result in an unencrypted device,
// and true will result in an encrypted one.
Encrypted *bool `mapstructure:"encrypted" required:"false"`
// By default, Packer will keep the encryption setting to what it was in
// the source image. Setting false will result in an unencrypted device,
// and true will result in an encrypted one.
Encrypted *bool `mapstructure:"encrypted" required:"false"`
// The number of I/O operations per second (IOPS) that
// the volume supports. See the documentation on
// IOPs
// for more information
IOPS int64 `mapstructure:"iops" required:"false"`
// the volume supports. See the documentation on
// IOPs
// for more information
IOPS int64 `mapstructure:"iops" required:"false"`
// Suppresses the specified device included in the
// block device mapping of the AMI.
NoDevice bool `mapstructure:"no_device" required:"false"`
// block device mapping of the AMI.
NoDevice bool `mapstructure:"no_device" required:"false"`
// The ID of the snapshot.
SnapshotId string `mapstructure:"snapshot_id" required:"false"`
SnapshotId string `mapstructure:"snapshot_id" required:"false"`
// The virtual device name. See the
// documentation on Block Device
// Mapping
// for more information.
VirtualName string `mapstructure:"virtual_name" required:"false"`
// documentation on Block Device
// Mapping
// for more information.
VirtualName string `mapstructure:"virtual_name" required:"false"`
// The volume type. gp2 for General Purpose
// (SSD) volumes, io1 for Provisioned IOPS (SSD) volumes, st1 for
// Throughput Optimized HDD, sc1 for Cold HDD, and standard for
// Magnetic volumes.
VolumeType string `mapstructure:"volume_type" required:"false"`
// (SSD) volumes, io1 for Provisioned IOPS (SSD) volumes, st1 for
// Throughput Optimized HDD, sc1 for Cold HDD, and standard for
// Magnetic volumes.
VolumeType string `mapstructure:"volume_type" required:"false"`
// The size of the volume, in GiB. Required if
// not specifying a snapshot_id.
VolumeSize int64 `mapstructure:"volume_size" required:"false"`
// not specifying a snapshot_id.
VolumeSize int64 `mapstructure:"volume_size" required:"false"`
// ID, alias or ARN of the KMS key to use for boot
// volume encryption. This only applies to the main region, other regions
// where the AMI will be copied will be encrypted by the default EBS KMS key.
// For valid formats see KmsKeyId in the AWS API docs -
// CopyImage.
// This field is validated by Packer, when using an alias, you will have to
// prefix kms_key_id with alias/.
KmsKeyId string `mapstructure:"kms_key_id" required:"false"`
// volume encryption. This only applies to the main region, other regions
// where the AMI will be copied will be encrypted by the default EBS KMS key.
// For valid formats see KmsKeyId in the [AWS API docs -
// CopyImage](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html)
// This field is validated by Packer, when using an alias, you will have to
// prefix kms_key_id with alias/.
KmsKeyId string `mapstructure:"kms_key_id" required:"false"`
// ebssurrogate only
OmitFromArtifact bool `mapstructure:"omit_from_artifact"`
}
@ -70,26 +70,26 @@ type BlockDevices struct {
type AMIBlockDevices struct {
// Add one or
// more block device
// mappings
// to the AMI. These will be attached when booting a new instance from your
// AMI. If this field is populated, and you are building from an existing source image,
// the block device mappings in the source image will be overwritten. This means you
// must have a block device mapping entry for your root volume, root_volume_size,
// and root_device_name. `Your options here may vary depending on the type of VM
// you use. The block device mappings allow for the following configuration:
// more block device
// mappings
// to the AMI. These will be attached when booting a new instance from your
// AMI. If this field is populated, and you are building from an existing source image,
// the block device mappings in the source image will be overwritten. This means you
// must have a block device mapping entry for your root volume, root_volume_size,
// and root_device_name. `Your options here may vary depending on the type of VM
// you use. The block device mappings allow for the following configuration:
AMIMappings []BlockDevice `mapstructure:"ami_block_device_mappings" required:"false"`
}
type LaunchBlockDevices struct {
// Add one
// or more block devices before the Packer build starts. If you add instance
// store volumes or EBS volumes in addition to the root device volume, the
// created AMI will contain block device mapping information for those
// volumes. Amazon creates snapshots of the source instance's root volume and
// any other EBS volumes described here. When you launch an instance from this
// new AMI, the instance automatically launches with these additional volumes,
// and will restore them from snapshots taken from the source instance.
// or more block devices before the Packer build starts. If you add instance
// store volumes or EBS volumes in addition to the root device volume, the
// created AMI will contain block device mapping information for those
// volumes. Amazon creates snapshots of the source instance's root volume and
// any other EBS volumes described here. When you launch an instance from this
// new AMI, the instance automatically launches with these additional volumes,
// and will restore them from snapshots taken from the source instance.
LaunchMappings []BlockDevice `mapstructure:"launch_block_device_mappings" required:"false"`
}

263
builder/amazon/common/run_config.go
View File

@ -61,147 +61,176 @@ func (d *SecurityGroupFilterOptions) Empty() bool {
// AMI and details on how to access that launched image.
type RunConfig struct {
// If using a non-default VPC,
// public IP addresses are not provided by default. If this is true, your
// new instance will get a Public IP. default: false
AssociatePublicIpAddress bool `mapstructure:"associate_public_ip_address" required:"false"`
// public IP addresses are not provided by default. If this is true, your
// new instance will get a Public IP. default: false
AssociatePublicIpAddress bool `mapstructure:"associate_public_ip_address" required:"false"`
// Destination availability zone to launch
// instance in. Leave this empty to allow Amazon to auto-assign.
AvailabilityZone string `mapstructure:"availability_zone" required:"false"`
// instance in. Leave this empty to allow Amazon to auto-assign.
AvailabilityZone string `mapstructure:"availability_zone" required:"false"`
// Requires spot_price to be set. The
// required duration for the Spot Instances (also known as Spot blocks). This
// value must be a multiple of 60 (60, 120, 180, 240, 300, or 360). You can't
// specify an Availability Zone group or a launch group if you specify a
// duration.
BlockDurationMinutes int64 `mapstructure:"block_duration_minutes" required:"false"`
// Packer normally stops the build
// instance after all provisioners have run. For Windows instances, it is
// sometimes desirable to run
// Sysprep
// which will stop the instance for you. If this is set to true, Packer
// will not stop the instance but will assume that you will send the stop
// signal yourself through your final provisioner. You can do this with a
// windows-shell
// provisioner.
DisableStopInstance bool `mapstructure:"disable_stop_instance" required:"false"`
// Mark instance as EBS
// Optimized.
// Default false.
EbsOptimized bool `mapstructure:"ebs_optimized" required:"false"`
// Enabling T2 Unlimited allows the source
// instance to burst additional CPU beyond its available CPU
// Credits
// for as long as the demand exists. This is in contrast to the standard
// configuration that only allows an instance to consume up to its available
// CPU Credits. See the AWS documentation for T2
// Unlimited
// and the T2 Unlimited Pricing section of the Amazon EC2 On-Demand
// Pricing document for more
// information. By default this option is disabled and Packer will set up a
// T2
// Standard
// instance instead.
EnableT2Unlimited bool `mapstructure:"enable_t2_unlimited" required:"false"`
// required duration for the Spot Instances (also known as Spot blocks). This
// value must be a multiple of 60 (60, 120, 180, 240, 300, or 360). You can't
// specify an Availability Zone group or a launch group if you specify a
// duration.
BlockDurationMinutes int64 `mapstructure:"block_duration_minutes" required:"false"`
// Packer normally stops the build instance after all provisioners have
// run. For Windows instances, it is sometimes desirable to [run
// Sysprep](http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ami-create-standard.html)
// which will stop the instance for you. If this is set to `true`, Packer
// *will not* stop the instance but will assume that you will send the stop
// signal yourself through your final provisioner. You can do this with a
// [windows-shell
// provisioner](https://www.packer.io/docs/provisioners/windows-shell.html).
// Note that Packer will still wait for the instance to be stopped, and
// failing to send the stop signal yourself, when you have set this flag to
// `true`, will cause a timeout.
// Example of a valid shutdown command:
//
// ``` json
// {
// "type": "windows-shell",
// "inline": ["\"c:\\Program Files\\Amazon\\Ec2ConfigService\\ec2config.exe\" -sysprep"]
// }
// ```
DisableStopInstance bool `mapstructure:"disable_stop_instance" required:"false"`
// Mark instance as [EBS
// Optimized](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSOptimized.html).
// Default `false`.
EbsOptimized bool `mapstructure:"ebs_optimized" required:"false"`
// Enabling T2 Unlimited allows the source instance to burst additional CPU
// beyond its available [CPU
// Credits](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/t2-credits-baseline-concepts.html)
// for as long as the demand exists. This is in contrast to the standard
// configuration that only allows an instance to consume up to its
// available CPU Credits. See the AWS documentation for [T2
// Unlimited](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/t2-unlimited.html)
// and the **T2 Unlimited Pricing** section of the [Amazon EC2 On-Demand
// Pricing](https://aws.amazon.com/ec2/pricing/on-demand/) document for
// more information. By default this option is disabled and Packer will set
// up a [T2
// Standard](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/t2-std.html)
// instance instead.
//
// To use T2 Unlimited you must use a T2 instance type, e.g. `t2.micro`.
// Additionally, T2 Unlimited cannot be used in conjunction with Spot
// Instances, e.g. when the `spot_price` option has been configured.
// Attempting to do so will cause an error.
//
// !> **Warning!** Additional costs may be incurred by enabling T2
// Unlimited - even for instances that would usually qualify for the
// [AWS Free Tier](https://aws.amazon.com/free/).
EnableT2Unlimited bool `mapstructure:"enable_t2_unlimited" required:"false"`
// The name of an IAM instance
// profile
// to launch the EC2 instance with.
IamInstanceProfile string `mapstructure:"iam_instance_profile" required:"false"`
// profile
// to launch the EC2 instance with.
IamInstanceProfile string `mapstructure:"iam_instance_profile" required:"false"`
// Automatically terminate instances on
// shutdown in case Packer exits ungracefully. Possible values are stop and
// terminate. Defaults to stop.
InstanceInitiatedShutdownBehavior string `mapstructure:"shutdown_behavior" required:"false"`
// shutdown in case Packer exits ungracefully. Possible values are stop and
// terminate. Defaults to stop.
InstanceInitiatedShutdownBehavior string `mapstructure:"shutdown_behavior" required:"false"`
// The EC2 instance type to use while building the
// AMI, such as t2.small.
InstanceType string `mapstructure:"instance_type" required:"true"`
// AMI, such as t2.small.
InstanceType string `mapstructure:"instance_type" required:"true"`
// Filters used to populate the
// security_group_ids field. Example:
SecurityGroupFilter SecurityGroupFilterOptions `mapstructure:"security_group_filter" required:"false"`
// `security_group_ids` field. Example:
//
// ``` json
// {
// "security_group_filter": {
// "filters": {
// "tag:Class": "packer"
// }
// }
// }
// ```
SecurityGroupFilter SecurityGroupFilterOptions `mapstructure:"security_group_filter" required:"false"`
// Tags to apply to the instance
// that is launched to create the AMI. These tags are not applied to the
// resulting AMI unless they're duplicated in tags. This is a template
// engine, see Build template
// data for more information.
RunTags map[string]string `mapstructure:"run_tags" required:"false"`
// that is launched to create the AMI. These tags are not applied to the
// resulting AMI unless they're duplicated in tags. This is a template
// engine, see Build template
// data for more information.
RunTags map[string]string `mapstructure:"run_tags" required:"false"`
// The ID (not the name) of the security
// group to assign to the instance. By default this is not set and Packer will
// automatically create a new temporary security group to allow SSH access.
// Note that if this is specified, you must be sure the security group allows
// access to the ssh_port given below.
SecurityGroupId string `mapstructure:"security_group_id" required:"false"`
// group to assign to the instance. By default this is not set and Packer will
// automatically create a new temporary security group to allow SSH access.
// Note that if this is specified, you must be sure the security group allows
// access to the ssh_port given below.
SecurityGroupId string `mapstructure:"security_group_id" required:"false"`
// A list of security groups as
// described above. Note that if this is specified, you must omit the
// security_group_id.
SecurityGroupIds []string `mapstructure:"security_group_ids" required:"false"`
// described above. Note that if this is specified, you must omit the
// security_group_id.
SecurityGroupIds []string `mapstructure:"security_group_ids" required:"false"`
// The source AMI whose root volume will be copied and
// provisioned on the currently running instance. This must be an EBS-backed
// AMI with a root volume snapshot that you have access to. Note: this is not
// used when from_scratch is set to true.
SourceAmi string `mapstructure:"source_ami" required:"true"`
// provisioned on the currently running instance. This must be an EBS-backed
// AMI with a root volume snapshot that you have access to. Note: this is not
// used when from_scratch is set to true.
SourceAmi string `mapstructure:"source_ami" required:"true"`
// Filters used to populate the source_ami
// field. Example:
SourceAmiFilter AmiFilterOptions `mapstructure:"source_ami_filter" required:"false"`
// field. Example:
SourceAmiFilter AmiFilterOptions `mapstructure:"source_ami_filter" required:"false"`
// a list of acceptable instance
// types to run your build on. We will request a spot instance using the max
// price of spot_price and the allocation strategy of "lowest price".
// Your instance will be launched on an instance type of the lowest available
// price that you have in your list. This is used in place of instance_type.
// You may only set either spot_instance_types or instance_type, not both.
// This feature exists to help prevent situations where a Packer build fails
// because a particular availability zone does not have capacity for the
// specific instance_type requested in instance_type.
SpotInstanceTypes []string `mapstructure:"spot_instance_types" required:"false"`
// types to run your build on. We will request a spot instance using the max
// price of spot_price and the allocation strategy of "lowest price".
// Your instance will be launched on an instance type of the lowest available
// price that you have in your list. This is used in place of instance_type.
// You may only set either spot_instance_types or instance_type, not both.
// This feature exists to help prevent situations where a Packer build fails
// because a particular availability zone does not have capacity for the
// specific instance_type requested in instance_type.
SpotInstanceTypes []string `mapstructure:"spot_instance_types" required:"false"`
// The maximum hourly price to pay for a spot instance
// to create the AMI. Spot instances are a type of instance that EC2 starts
// when the current spot price is less than the maximum price you specify.
// Spot price will be updated based on available spot instance capacity and
// current spot instance requests. It may save you some costs. You can set
// this to auto for Packer to automatically discover the best spot price or
// to "0" to use an on demand instance (default).
SpotPrice string `mapstructure:"spot_price" required:"false"`
// to create the AMI. Spot instances are a type of instance that EC2 starts
// when the current spot price is less than the maximum price you specify.
// Spot price will be updated based on available spot instance capacity and
// current spot instance requests. It may save you some costs. You can set
// this to auto for Packer to automatically discover the best spot price or
// to "0" to use an on demand instance (default).
SpotPrice string `mapstructure:"spot_price" required:"false"`
// Required if spot_price is set to
// auto. This tells Packer what sort of AMI you're launching to find the
// best spot price. This must be one of: Linux/UNIX, SUSE Linux,
// Windows, Linux/UNIX (Amazon VPC), SUSE Linux (Amazon VPC),
// Windows (Amazon VPC)
SpotPriceAutoProduct string `mapstructure:"spot_price_auto_product" required:"false"`
// auto. This tells Packer what sort of AMI you're launching to find the
// best spot price. This must be one of: Linux/UNIX, SUSE Linux,
// Windows, Linux/UNIX (Amazon VPC), SUSE Linux (Amazon VPC),
// Windows (Amazon VPC)
SpotPriceAutoProduct string `mapstructure:"spot_price_auto_product" required:"false"`
// Requires spot_price to be
// set. This tells Packer to apply tags to the spot request that is issued.
SpotTags map[string]string `mapstructure:"spot_tags" required:"false"`
// set. This tells Packer to apply tags to the spot request that is issued.
SpotTags map[string]string `mapstructure:"spot_tags" required:"false"`
// Filters used to populate the subnet_id field.
// Example:
SubnetFilter SubnetFilterOptions `mapstructure:"subnet_filter" required:"false"`
// Example:
SubnetFilter SubnetFilterOptions `mapstructure:"subnet_filter" required:"false"`
// If using VPC, the ID of the subnet, such as
// subnet-12345def, where Packer will launch the EC2 instance. This field is
// required if you are using an non-default VPC.
SubnetId string `mapstructure:"subnet_id" required:"false"`
// subnet-12345def, where Packer will launch the EC2 instance. This field is
// required if you are using an non-default VPC.
SubnetId string `mapstructure:"subnet_id" required:"false"`
// The name of the temporary key pair to
// generate. By default, Packer generates a name that looks like
// packer_<UUID>, where <UUID> is a 36 character unique identifier.
TemporaryKeyPairName string `mapstructure:"temporary_key_pair_name" required:"false"`
// generate. By default, Packer generates a name that looks like
// packer_<UUID>, where <UUID> is a 36 character unique identifier.
TemporaryKeyPairName string `mapstructure:"temporary_key_pair_name" required:"false"`
// A list of IPv4
// CIDR blocks to be authorized access to the instance, when packer is creating a temporary security group.
TemporarySGSourceCidrs []string `mapstructure:"temporary_security_group_source_cidrs" required:"false"`
// CIDR blocks to be authorized access to the instance, when packer is creating a temporary security group.
TemporarySGSourceCidrs []string `mapstructure:"temporary_security_group_source_cidrs" required:"false"`
// User data to apply when launching the instance. Note
// that you need to be careful about escaping characters due to the templates
// being JSON. It is often more convenient to use user_data_file, instead.
// Packer will not automatically wait for a user script to finish before
// shutting down the instance this must be handled in a provisioner.
UserData string `mapstructure:"user_data" required:"false"`
// that you need to be careful about escaping characters due to the templates
// being JSON. It is often more convenient to use user_data_file, instead.
// Packer will not automatically wait for a user script to finish before
// shutting down the instance this must be handled in a provisioner.
UserData string `mapstructure:"user_data" required:"false"`
// Path to a file that will be used for the user
// data when launching the instance.
UserDataFile string `mapstructure:"user_data_file" required:"false"`
// data when launching the instance.
UserDataFile string `mapstructure:"user_data_file" required:"false"`
// Filters used to populate the vpc_id field.
// vpc_id take precedence over this.
// Example:
VpcFilter VpcFilterOptions `mapstructure:"vpc_filter" required:"false"`
// vpc_id take precedence over this.
// Example:
VpcFilter VpcFilterOptions `mapstructure:"vpc_filter" required:"false"`
// If launching into a VPC subnet, Packer needs the VPC ID
// in order to create a temporary security group within the VPC. Requires
// subnet_id to be set. If this field is left blank, Packer will try to get
// the VPC ID from the subnet_id.
VpcId string `mapstructure:"vpc_id" required:"false"`
// in order to create a temporary security group within the VPC. Requires
// subnet_id to be set. If this field is left blank, Packer will try to get
// the VPC ID from the subnet_id.
VpcId string `mapstructure:"vpc_id" required:"false"`
// The timeout for waiting for a Windows
// password for Windows instances. Defaults to 20 minutes. Example value:
// 10m
WindowsPasswordTimeout time.Duration `mapstructure:"windows_password_timeout" required:"false"`
// password for Windows instances. Defaults to 20 minutes. Example value:
// 10m
WindowsPasswordTimeout time.Duration `mapstructure:"windows_password_timeout" required:"false"`
// Communicator settings
Comm communicator.Config `mapstructure:",squash"`