diff --git a/Makefile b/Makefile index dc17830..52ce2bf 100644 --- a/Makefile +++ b/Makefile @@ -7,6 +7,13 @@ endif build: check-variables packer build -var 'project_id=${PROJECT}' packer.json + gcloud compute images add-iam-policy-binding ubuntu-1804-lts-docker \ + --role roles/compute.imageUser \ + --member serviceAccount:instruqt-track@instruqt-prod.iam.gserviceaccount.com force-build: check-variables packer build -force -var 'project_id=${PROJECT}' packer.json + gcloud compute images add-iam-policy-binding ubuntu-1804-lts-docker \ + --role roles/compute.imageUser \ + --member serviceAccount:instruqt-track@instruqt-prod.iam.gserviceaccount.com + diff --git a/README.md b/README.md index b7a84bf..088a4d3 100644 --- a/README.md +++ b/README.md @@ -1 +1,4 @@ # Packer recipe for Docker image + +Includes AWS and Google Cloud Platform CLIs and k3s. + diff --git a/bootstrap.sh b/bootstrap.sh index b233279..b4259dc 100644 --- a/bootstrap.sh +++ b/bootstrap.sh @@ -4,7 +4,11 @@ set -e export DEBIAN_FRONTEND=noninteractive -apt-get update && apt-get -y upgrade + +/usr/bin/cloud-init -d init +/usr/bin/cloud-init -d modules +apt-get update +apt-get -y upgrade apt-get -y install \ git curl wget \ apt-transport-https \ @@ -13,7 +17,10 @@ apt-get -y install \ sudo \ vim \ nano \ - software-properties-common + python3 \ + python3-pip \ + software-properties-common \ + jq # Install Docker curl -fsSL https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")/gpg | sudo apt-key add - @@ -28,7 +35,20 @@ apt-get update && apt-get install -y docker-ce curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose +# install cloud libraries +pip3 install awscli google-cloud boto3 'docker[tls]' + +# install k3s +curl -sfL https://get.k3s.io | sh - + +# install eksctl +curl --silent --location "https://github.com/weaveworks/eksctl/releases/download/latest_release/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /usr/local/bin # Improve the startup sequence -cp /tmp/resources/google-startup-scripts.service /etc/systemd/system/multi-user.target.wants/google-startup-scripts.service +echo "INFO: copying ./resources to /" +(cd /tmp/resources ; cp -r ./ /) +for cloud in aws gcloud; do + systemctl enable instruqt-configure-$cloud.path + systemctl start instruqt-configure-$cloud.path +done systemctl daemon-reload diff --git a/packer.json b/packer.json index f6df7bf..17f4ff8 100644 --- a/packer.json +++ b/packer.json @@ -6,10 +6,11 @@ { "type": "googlecompute", "project_id": "{{user `project_id`}}", - "source_image_family": "ubuntu-1710", - "zone": "europe-west1-b", + "source_image_family": "ubuntu-1804-lts", + "zone": "europe-west4-c", "ssh_username" : "root", - "image_name": "docker-17", + "image_name": "ubuntu-1804-lts-docker", + "image_family": "ubuntu-1804", "image_labels": { "track": "docker", "created": "{{ timestamp }}" @@ -27,5 +28,4 @@ "script": "bootstrap.sh" } ] - } diff --git a/resources/etc/systemd/system/instruqt-configure-aws.path b/resources/etc/systemd/system/instruqt-configure-aws.path new file mode 100644 index 0000000..61a6e15 --- /dev/null +++ b/resources/etc/systemd/system/instruqt-configure-aws.path @@ -0,0 +1,7 @@ +[Unit] +Description = instruqt environment settings +Wants = instruqt-configure-aws.service +[Path] +PathChanged = /etc/profile.d/instruqt-env.sh +[Install] +WantedBy = multi-user.target diff --git a/resources/etc/systemd/system/instruqt-configure-aws.service b/resources/etc/systemd/system/instruqt-configure-aws.service new file mode 100644 index 0000000..c03bb3a --- /dev/null +++ b/resources/etc/systemd/system/instruqt-configure-aws.service @@ -0,0 +1,7 @@ +[Unit] +Description=Instruqt AWS credentials configuration + +[Service] +ExecStart=/usr/local/bin/instruqt-configure-aws +Type=simple + diff --git a/resources/etc/systemd/system/instruqt-configure-gcloud.path b/resources/etc/systemd/system/instruqt-configure-gcloud.path new file mode 100644 index 0000000..b0235a1 --- /dev/null +++ b/resources/etc/systemd/system/instruqt-configure-gcloud.path @@ -0,0 +1,7 @@ +[Unit] +Description = instruqt environment settings +Wants = instruqt-configure-gcloud.service +[Path] +PathChanged = /etc/profile.d/instruqt-env.sh +[Install] +WantedBy = multi-user.target diff --git a/resources/etc/systemd/system/instruqt-configure-gcloud.service b/resources/etc/systemd/system/instruqt-configure-gcloud.service new file mode 100644 index 0000000..e0b7688 --- /dev/null +++ b/resources/etc/systemd/system/instruqt-configure-gcloud.service @@ -0,0 +1,6 @@ +[Unit] +Description=Instruqt GCloud credentials configuration + +[Service] +ExecStart=/usr/local/bin/instruqt-configure-gcloud +Type=simple diff --git a/resources/google-startup-scripts.service b/resources/google-startup-scripts.service deleted file mode 100644 index e578371..0000000 --- a/resources/google-startup-scripts.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Google Compute Engine Startup Scripts -After=local-fs.target network-online.target network.target rsyslog.service -After=google-instance-setup.service google-network-setup.service -Wants=local-fs.target network-online.target network.target - -[Service] -ExecStart=/usr/bin/google_metadata_script_runner --script-type startup -KillMode=process -Type=simple - -[Install] -WantedBy=multi-user.target diff --git a/resources/usr/local/bin/instruqt-configure-aws b/resources/usr/local/bin/instruqt-configure-aws new file mode 100755 index 0000000..f11884c --- /dev/null +++ b/resources/usr/local/bin/instruqt-configure-aws @@ -0,0 +1,32 @@ +#!/bin/bash -l + +# Available env vars: +# INSTRUQT_AWS_ACCOUNTS +# INSTRUQT_AWS_ACCOUNT_%s_ACCOUNT_NAME +# INSTRUQT_AWS_ACCOUNT_%s_ACCOUNT_ID +# INSTRUQT_AWS_ACCOUNT_%s_USERNAME +# INSTRUQT_AWS_ACCOUNT_%s_PASSWORD +# INSTRUQT_AWS_ACCOUNT_%s_AWS_ACCESS_KEY_ID +# INSTRUQT_AWS_ACCOUNT_%s_AWS_SECRET_ACCESS_KEY + +aws_init() { + if [[ -n ${INSTRUQT_AWS_ACCOUNTS} ]]; then + PROJECTS=("${INSTRUQT_AWS_ACCOUNTS//,/ }") + + # load all credentials into aws configure + for PROJECT in ${PROJECTS[@]}; do + aws configure --profile $PROJECT set region eu-west-1 + [[ $PROJECT == ${PROJECTS[0]} ]] && aws configure --profile default set region eu-west-1 + VAR="INSTRUQT_AWS_ACCOUNT_${PROJECT}_AWS_ACCESS_KEY_ID" + aws configure --profile $PROJECT set aws_access_key_id "${!VAR}" + [[ $PROJECT == ${PROJECTS[0]} ]] && aws configure --profile default set aws_access_key_id "${!VAR}" + VAR="INSTRUQT_AWS_ACCOUNT_${PROJECT}_AWS_SECRET_ACCESS_KEY" + aws configure --profile $PROJECT set aws_secret_access_key "${!VAR}" + [[ $PROJECT == ${PROJECTS[0]} ]] && aws configure --profile default set aws_secret_access_key "${!VAR}" + VAR="INSTRUQT_AWS_ACCOUNT_${PROJECT}_USERNAME" + USERNAME="${!VAR}" + done + fi +} + +aws_init diff --git a/resources/usr/local/bin/instruqt-configure-gcloud b/resources/usr/local/bin/instruqt-configure-gcloud new file mode 100755 index 0000000..08dc965 --- /dev/null +++ b/resources/usr/local/bin/instruqt-configure-gcloud @@ -0,0 +1,34 @@ +#!/bin/bash -l + +# INSTRUQT_GCP_PROJECTS +# INSTRUQT_GCP_PROJECT_%s_PROJECT_NAME +# INSTRUQT_GCP_PROJECT_%s_PROJECT_ID +# INSTRUQT_GCP_PROJECT_%s_USER_EMAIL +# INSTRUQT_GCP_PROJECT_%s_USER_PASSWORD +# INSTRUQT_GCP_PROJECT_%s_SERVICE_ACCOUNT_EMAIL +# INSTRUQT_GCP_PROJECT_%s_SERVICE_ACCOUNT_KEY + +gcloud_init() { + if [ -n "${INSTRUQT_GCP_PROJECTS}" ]; then + PROJECTS=("${INSTRUQT_GCP_PROJECTS//,/ }") + + # load all credentials into gcloud + for PROJECT in ${PROJECTS[@]}; do + TMP_FILE=$(mktemp) + SERVICE_ACCOUNT_KEY="INSTRUQT_GCP_PROJECT_${PROJECT}_SERVICE_ACCOUNT_KEY" + base64 -d <(echo ${!SERVICE_ACCOUNT_KEY}) > "$TMP_FILE" + gcloud auth activate-service-account --key-file="$TMP_FILE" + rm "$TMP_FILE" + done + + # activate service account for first project + SERVICE_ACCOUNT_EMAIL="INSTRUQT_GCP_PROJECT_${PROJECTS[0]}_SERVICE_ACCOUNT_EMAIL" + gcloud config set account "${!SERVICE_ACCOUNT_EMAIL}" + + # configure project + PROJECT_ID="INSTRUQT_GCP_PROJECT_${PROJECTS[0]}_PROJECT_ID" + gcloud config set project "${!PROJECT_ID}" + fi +} + +gcloud_init