Commonly /tmp is set as noexec, as a result packer scripts
fail to run. In order to get around this one can set a
remote_path, whoever, remote path requires full filename
and path.
By making remote_path a combination of
remote_folder/remote_script we can change remote_folder
and keep the default script_nnn.sh
Signed-off-by: Ian Duffy <ian@ianduffy.ie>
Ansible may produce very long lines which Scanner can not handle. This
replaces the Scanner with a Reader and uses the ReadString method to
read an arbitrary large line from the ansible-playbook stdout pipe.
Ansible 2.0 deprecated ansible_ssh_user, ansible_ssh_port, ansible_ssh_host
instead use ansible_user, ansible_port, and ansible_host in the
inventory file.
Closes#3275
* Clearly separate host signer and user key generation into separate
functions and data structures.
* Remove inaccurate comment about needing to specify both files if
either one is specified.
* Rename parameters for clarity according to their meaning to the
callee.
* Style the code with gofmt.
Two windows-restart tests would timeout and fail due to the cancellation
thread firing before the cancel object was created. This change syncronizes
the start of the threads to prevent this from occurring.
- Add guest os type to change the default Chef-Solo and Chef-Client provisioner behavior. Paths, commands etc.
- Change Chef installation download location to chef.io domain
- Add encrypted data bag secret configuration
Provisioners often needs to perform command line operations on guests that may have different syntax and shells. The GuestCommands type abstracts these away so provisioners can avoid littering branching logic all over the place.
* It is possible to set remote salt tree through `remote_state_tree` argument.
* It is possible to set remote pillar root through `remote_pillar_roots` argument.
* Directories `remote_state_tree` and `remote_pillar_roots` are emptied before use.
When puppet is executed in masterless mode it didn't remove
staging directory, this can be a problem because it leaves all
the modules and manifests in the built image.
This is specially problematic when building docker images as they
can be left in the layers unless an specific cleanup is done after
running puppet.
This change adds a flag `clean_staging_directory` to puppet
masterless provisioner so it takes care of this cleanup.
Since the chef-client provisioner is cleaning the node and client at the chef-server from the provisioned node
it needs to have a flexible configuration
This is replacing the used knife flags: -s '<chef-server-url>' -k '/tmp/packer-chef-client/client.pem' -u '<client-name>'
and puts their values into a generated knife.rb
Additionally the knife.rb may include the optional ssl_verify_mode attribute to enable the verify mode verify_none
Background:
When deleting node and client to a self-hosted chef-server using self signed cerfiticates the usage of
knife node delete <node-name> -y -s '<chef-server-url>' -k '/tmp/packer-chef-client/client.pem' -u '<client-name>'
will lead into a ssl verification failure.
The error output of the knife call is somthing like:
2015/06/24 12:29:17 ui: docker: WARNING: No knife configuration file found
docker: WARNING: No knife configuration file found
2015/06/24 12:29:17 ui: docker: ERROR: SSL Validation failure connecting to host: 172.16.117.63 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B:
certificate verify failed
docker: ERROR: SSL Validation failure connecting to host: 172.16.117.63 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
2015/06/24 12:29:17 ui: docker: ERROR: Could not establish a secure connection to the server.
docker: ERROR: Could not establish a secure connection to the server.
2015/06/24 12:29:17 ui: docker: Use 'knife ssl check' to troubleshoot your SSL configuration.
docker: Use 'knife ssl check' to troubleshoot your SSL configuration.
2015/06/24 12:29:17 ui: docker: If your Chef Server uses a self-signed certificate, you can use
docker: If your Chef Server uses a self-signed certificate, you can use
2015/06/24 12:29:17 ui: docker: 'knife ssl fetch' to make knife trust the server's certificates.
docker: 'knife ssl fetch' to make knife trust the server's certificates.
2015/06/24 12:29:17 ui: docker:
docker:
2015/06/24 12:29:17 ui: docker: Original Exception: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
docker: Original Exception: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
2015/06/24 12:29:17 packer-builder-docker: 2015/06/24 12:29:17 Executed command exit status: 100
when file used with download direction we don't need
to check source on builder because it on machine.
Signed-off-by: Vasiliy Tolstov <v.tolstov@selfip.ru>