Add an `inventory_directory` setting to the Ansible provisioner that
allows a user to specify a directory in which the Packer Ansible
provisioner would write the generated inventory file. If a value is
specified for this setting, then have the Packer Ansible provisioner
pass this directory as the -i arg when it calls ansible.
This would allow an Ansible playbook used by the Packer Ansible
provisioner to use variables specified in `host_vars` and `group_vars`
in this inventory directory.
I've spent 1 hour today debugging why packer does not want to work with
ansible. It turns out `ansible-playbook` command was returning non-zero
exit status because of the file system permission problem.
Output before change:
% packer build rabbitmq.json
amazon-ebs output will be in this color.
1 error(s) occurred:
* exit status 1
Output after change:
amazon-ebs output will be in this color.
1 error(s) occurred:
* Error running "ansible-playbook --version": exit status 1
If using a builder that has an http server set up for file transfer,
expose the connection info to the shell provisioner through the environment
variable PACKER_HTTP_ADDR.
Closes#2869
* Add puppet-masterless test for packer_build_name default fact
* Add puppet-masterless test for packer_builder_type default fact
* Add puppet-server test for puppet bin directory
Fix a bug in the size of string that was returned when decoding a base64 string
Added tests around encoding and decoding powershell scripts. Used [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes('powershell commands')) | clip to generate what base 64 strings should look like
Fix unit tests for not showing progress stream when using powershell
Ensure that progress stream does not get leaked into stdout
Using Write-Output instead of Write-Host since PS v5 now leaks the host stream to stderr
Assume the scp target is a file instead of a directory. Assuming the scp
target is a file instead of a directory allows uploading files to a node
being provisioned with the ssh communciator using sftp and with the
winrm communicator. It is fully compatible with ansible; ansible
communicators only allow for files (never directories) to be uploaded
(when the copy module is used to upload a directory, ansible walks the
directory and uploads files one at a time).
Update documentation to explain how to provision a Windows image.
Extend tests that use ssh to communicate with the node to include single
files, recursive copies, and content-only recursive copies.
Add test to verify support for the winrm communicator.
Remove the err argument from adapter.scpExec, because it was unused.
Fixes#3911
Updated winrm and winrmcp dependencies. Relevant unit and acceptance tests passed successfully.
shell.Execute didn't return a Command object.
See f1bcf36a69/winrmcp/cp.go (L167) and 54ea5d0147/winrm/shell.go (L10-L22) respectively.
Closes#3763
Original patch by: Philipp Kosel <philipp.kosel@gmail.com>
Add a new option, `use_sftp` to the ansible provisioner. It's default
value is false; ansible provisioner will use SCP by default.
Refactor to consistently set all configure options for ansible
provisioner in the Prepare step.
Remove incorrect information about `ANSIBLE_HOST_KEY_CHECKING=False`
being set when `ansible_env_vars` is not set in the packer template.
Update BATS tests for the ansible provisioner to actually check that the
fetched directory contains the contents expected. This revealed a
problem with the all_options template that required adding a host to the
hosts list in the test playbook.
Handle running `scp -t` and `scp -f` exec requests in the
ansible-provisioner's SSH
server to allow Ansible to use SCP so that SFTP doesn't have to be
installed on the node.
Update the BATS tests to test the ansible provisioner.
Resolves#3847
- Changes linux install url to new omnitruck.chef.io url.
- Changes powershell install to use omnitruck url instead of hard coded to 32bit msi install.
Commonly /tmp is set as noexec, as a result packer scripts
fail to run. In order to get around this one can set a
remote_path, whoever, remote path requires full filename
and path.
By making remote_path a combination of
remote_folder/remote_script we can change remote_folder
and keep the default script_nnn.sh
Signed-off-by: Ian Duffy <ian@ianduffy.ie>
Ansible may produce very long lines which Scanner can not handle. This
replaces the Scanner with a Reader and uses the ReadString method to
read an arbitrary large line from the ansible-playbook stdout pipe.
Ansible 2.0 deprecated ansible_ssh_user, ansible_ssh_port, ansible_ssh_host
instead use ansible_user, ansible_port, and ansible_host in the
inventory file.
Closes#3275
* Clearly separate host signer and user key generation into separate
functions and data structures.
* Remove inaccurate comment about needing to specify both files if
either one is specified.
* Rename parameters for clarity according to their meaning to the
callee.
* Style the code with gofmt.
Two windows-restart tests would timeout and fail due to the cancellation
thread firing before the cancel object was created. This change syncronizes
the start of the threads to prevent this from occurring.
- Add guest os type to change the default Chef-Solo and Chef-Client provisioner behavior. Paths, commands etc.
- Change Chef installation download location to chef.io domain
- Add encrypted data bag secret configuration
Provisioners often needs to perform command line operations on guests that may have different syntax and shells. The GuestCommands type abstracts these away so provisioners can avoid littering branching logic all over the place.
* It is possible to set remote salt tree through `remote_state_tree` argument.
* It is possible to set remote pillar root through `remote_pillar_roots` argument.
* Directories `remote_state_tree` and `remote_pillar_roots` are emptied before use.
When puppet is executed in masterless mode it didn't remove
staging directory, this can be a problem because it leaves all
the modules and manifests in the built image.
This is specially problematic when building docker images as they
can be left in the layers unless an specific cleanup is done after
running puppet.
This change adds a flag `clean_staging_directory` to puppet
masterless provisioner so it takes care of this cleanup.
Since the chef-client provisioner is cleaning the node and client at the chef-server from the provisioned node
it needs to have a flexible configuration
This is replacing the used knife flags: -s '<chef-server-url>' -k '/tmp/packer-chef-client/client.pem' -u '<client-name>'
and puts their values into a generated knife.rb
Additionally the knife.rb may include the optional ssl_verify_mode attribute to enable the verify mode verify_none
Background:
When deleting node and client to a self-hosted chef-server using self signed cerfiticates the usage of
knife node delete <node-name> -y -s '<chef-server-url>' -k '/tmp/packer-chef-client/client.pem' -u '<client-name>'
will lead into a ssl verification failure.
The error output of the knife call is somthing like:
2015/06/24 12:29:17 ui: docker: WARNING: No knife configuration file found
docker: WARNING: No knife configuration file found
2015/06/24 12:29:17 ui: docker: ERROR: SSL Validation failure connecting to host: 172.16.117.63 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B:
certificate verify failed
docker: ERROR: SSL Validation failure connecting to host: 172.16.117.63 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
2015/06/24 12:29:17 ui: docker: ERROR: Could not establish a secure connection to the server.
docker: ERROR: Could not establish a secure connection to the server.
2015/06/24 12:29:17 ui: docker: Use 'knife ssl check' to troubleshoot your SSL configuration.
docker: Use 'knife ssl check' to troubleshoot your SSL configuration.
2015/06/24 12:29:17 ui: docker: If your Chef Server uses a self-signed certificate, you can use
docker: If your Chef Server uses a self-signed certificate, you can use
2015/06/24 12:29:17 ui: docker: 'knife ssl fetch' to make knife trust the server's certificates.
docker: 'knife ssl fetch' to make knife trust the server's certificates.
2015/06/24 12:29:17 ui: docker:
docker:
2015/06/24 12:29:17 ui: docker: Original Exception: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
docker: Original Exception: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
2015/06/24 12:29:17 packer-builder-docker: 2015/06/24 12:29:17 Executed command exit status: 100
when file used with download direction we don't need
to check source on builder because it on machine.
Signed-off-by: Vasiliy Tolstov <v.tolstov@selfip.ru>