There were 5 different formats for the Packer useragent string. This
fixes that and unifies it into a helper package.
I did not touch oracle's user-agent, because it looked kinda special.
This change requires 'disable_default_service_account=false' in order to
set 'service_account_email'.
This is a guard against an incorrect assumption
that disabling the default service account would mean that no service
account would be used.
The ability to use a service account other than the default was
introduced in #5928. This change adds to that by introducing the
'disable_default_service_account' config option. If true - and
'service_account_email' is not set - Packer will create a GCE VM
with no service account.
This commit allows user to specify the service account they want
to associate with the virtual machine provisionned by setting
the service_account_email field in the config.
It allows to manage permissions of the instantiated VM properly,
using a service account that can be tied up to IAM roles and
permissions.
Run now takes a context as well as a statebag. We'll assign the context
to the blank identifier to prevent namespace collisions. We'll let the
step authors opt-in to using the context.
`find . -iname "step_*.go" -exec gsed -i'' 's/func \(.*\)Run(/func \1Run(_ context.Context, /' {} \;`
This change constructs partial URLs for networks and subnetworks if they
are not already partial or full URLs (i.e., they do not contain a '/' in
their name). Network and subnetwork self-links are no longer retrieved
from the API.
Previously, if a user did not provide the network or subnetwork as a
fully-qualified URL (i.e., self-link), the builder would make
compute.(sub)networks.get API calls with the provided identifier to
discover the self-link. This requires the user or service account Packer
is using to have permission to describe those network resources, which
is becoming less common as IAM is used more. Specifically, a user may
have permission to launch a VM into a network/subnetwork, but will not
have permission to call APIs to describe network resources.
If full server URL's is used in subnetwork we can skip reading from the network
API. This is usefull when you can launch instances in a shared network but don't
have access to do GET on the network resources.
Closes: #5018
This seemed to be missing from the googlecompute provider. Now if the
ssh_private_key_file is provided, that will be used in place of a temporary
key. I didn't update the googlecompute specific docs under `./website/`, since
this parameter is already documented under the communicators templates page.
- startup scripts don't run for Windows since it is isn't implemented yet.
- startup scripts use instance metadata instead of serial port output to flag when they are done.
- added licenses to Image data type (to check if an Image is a Windows Image).
- added GetImage and GetImageFromProject to googlecompute Drivers.
- changed some of the builder/googlecompute tests to use github.com/stretchr/testify/assert.
Tests:
- (in the Packer directory) `go test .`, `go test ./builder/googlecompute`, and `go test ./post-processor/googlecompute-export`
- manual run of `packer build packer_template.json` with the following files
--packer_template.json--
{
"builders": [
{
"type": "googlecompute",
"account_file": "creds.json",
"project_id": "google.com:packer-test",
"source_image": "debian-8-jessie-v20160629",
"zone": "us-central1-a",
"startup_script_file": "startup_script.sh",
"metadata": {
"startup-script": "#!/bin/sh\necho \"This should be overwritten.\"",
"startup-script-log-dest": "gs://packer-test.google.com.a.appspot.com/startup-script.log"
},
"image_name": "test-packer-modifications",
"ssh_username": "foo"
}
],
"post-processors": [
{
"type": "googlecompute-export",
"paths": [
"gs://packer-test.google.com.a.appspot.com/foo.tar.gz",
"gs://packer-test.google.com.a.appspot.com/bar.tar.gz"
],
"keep_input_artifact": true
}
]
}
--startup_script.sh--
\#!/bin/sh
echo "Hi, my name is Scott. I'm waiting 60 seconds!" >> /scott
sleep 60
echo "I'm done waiting!" >> /scott
* GCE builder: Switch to google.DefaultClient
This enables authentication through an authenticated gcloud tool.
* GCE builder: Add docs about auth mech precedence
This change adds an `omit_external_ip` configuration property that, when true,
will cause no external IP address to be associated with the Google Compute
Engine VM provisioned to create an image. When using `omit_external_ip`, you
must also set the `use_internal_ip` configuration property to true.
Addresses #3296
- Startup scripts can be provided through the instance creation metadata field 'startup-script'.
- Script log can be copied to a GCS location by setting the metadata field 'startup-script-log-dest'.
Added Retry method to googlecompute package.
Added GetSerialPortOutput to googlecompute Drivers.
Added StepWaitInstanceStartup (and associated test) which waits for an
instance startup-script to finish.
Changed the instance service account to use the same service account as the one provided in the Packer config template. It was the project default service account.
Tested googlecompute package with 'go test' and also performed builds
with a startup script and without a startup script.
the following error
==> googlecompute: Creating image...
==> googlecompute: Error waiting for image: googleapi: Error 400: Invalid value for field 'resource.name': 'packer-{{timestamp}}'. Must be a match of regex '(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?)', invalid
Fixes the following vet reports:
builder/googlecompute/step_create_instance_test.go:42: possible formatting directive in Fatal call
builder/googlecompute/step_teardown_instance_test.go:29: possible formatting directive in Fatal call
builder/googlecompute/step_teardown_instance_test.go:39: possible formatting directive in Fatal call
The new flow:
1) Provision the instance
2) Tear down the instance, but keep the boot disk
3) Create an image from the disk
4) Tear down the disk
The step to update gcloud is no longer needed, since gceimagebundle isn't used anymore.
Fixes#1507 and addresses https://github.com/mitchellh/packer/issues/1447#issuecomment-61610235.
Previously, any per instance metadata supplied via the GCE builder
was ignored.
Test plan:
- make test
- Manual testing via:
-- Created a packer config that contained a GCE builder with custom
metadata set.
-- Ran `packer build`.
-- Verified the instance had the correct metadata in the GCE console.
In order that something consuming an artifact can have access to extra
builder specific data add the State method which allows the caller to
ask for arbitary values by name.
Within GCE, images may be shared across projects. Prior to this
commit, there was no way to inform the GCE builder that a source
image belonged to a specific project. This adds an optional
'source_image_project_id' key to the GCE builder config.
Also fixed the error message to be clear that the image was not found in any of
the projects that we attempted to search, rather than keep the error message
from the last project, which may be confusing to users.
googlecompute: It looks like you are trying to run "/usr/local/bin/../share/google/google-cloud-sdk/bin/bootstrapping/gsutil.py update".
googlecompute: The "update" command is no longer needed with the Cloud SDK.
googlecompute: To update, run: gcloud components update
Retain the current default of an instance name generated by UUID, but allow
users to choose a specific one. Useful for provisioning with Puppet when a
node name is used to select the right manifest.