instruqt · mvanholsteijn · May 23, 2019 · Sep 26, 2019 · Sep 26, 2019 · Sep 26, 2019
diff --git a/Makefile b/Makefile
@@ -7,6 +7,13 @@ endif
 
 build: check-variables
 	packer build -var 'project_id=${PROJECT}' packer.json
+	gcloud compute images add-iam-policy-binding ubuntu-1804-lts-docker \
+		--role  roles/compute.imageUser \
+		--member serviceAccount:[email protected]
 
 force-build: check-variables
 	packer build -force -var 'project_id=${PROJECT}' packer.json
+	gcloud compute images add-iam-policy-binding ubuntu-1804-lts-docker \
+		--role  roles/compute.imageUser \
+		--member serviceAccount:[email protected]
+
diff --git a/README.md b/README.md
@@ -1 +1,4 @@
 # Packer recipe for Docker image
+
+Includes AWS and Google Cloud Platform CLIs and k3s.
+
diff --git a/bootstrap.sh b/bootstrap.sh
@@ -4,7 +4,11 @@ set -e
 
 export DEBIAN_FRONTEND=noninteractive 
 
-apt-get update && apt-get -y upgrade
+
+/usr/bin/cloud-init -d init
+/usr/bin/cloud-init -d modules
+apt-get update 
+apt-get -y upgrade
 apt-get -y install \
     git curl wget \
     apt-transport-https \
@@ -13,7 +17,10 @@ apt-get -y install \
     sudo \
     vim \
     nano \
-    software-properties-common
+    python3 \
+    python3-pip \
+    software-properties-common \
+    jq
 
 # Install Docker
 curl -fsSL https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")/gpg | sudo apt-key add -
@@ -28,7 +35,20 @@ apt-get update && apt-get install -y docker-ce
 curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
 chmod +x /usr/local/bin/docker-compose
 
+# install cloud libraries
+pip3 install awscli google-cloud boto3 'docker[tls]'
+
+# install k3s
+curl -sfL https://get.k3s.io | sh -
+
+# install eksctl
+curl --silent --location "https://github.com/weaveworks/eksctl/releases/download/latest_release/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /usr/local/bin
 
 # Improve the startup sequence
-cp /tmp/resources/google-startup-scripts.service /etc/systemd/system/multi-user.target.wants/google-startup-scripts.service
+echo "INFO: copying ./resources to /"
+(cd /tmp/resources ; cp -r ./ /)
+for cloud in aws gcloud; do
+	systemctl enable instruqt-configure-$cloud.path
+	systemctl start  instruqt-configure-$cloud.path
+done
 systemctl daemon-reload
diff --git a/packer.json b/packer.json
@@ -6,10 +6,11 @@
     {
       "type": "googlecompute",
       "project_id": "{{user `project_id`}}",
-      "source_image_family": "ubuntu-1710",
-      "zone": "europe-west1-b",
+      "source_image_family": "ubuntu-1804-lts",
+      "zone": "europe-west4-c",
       "ssh_username" : "root",
-      "image_name": "docker-17",
+      "image_name": "ubuntu-1804-lts-docker",
+      "image_family": "ubuntu-1804",
       "image_labels": {
         "track": "docker",
         "created": "{{ timestamp }}"
@@ -27,5 +28,4 @@
       "script": "bootstrap.sh"
     }
   ]
-
 }
diff --git a/resources/etc/systemd/system/instruqt-configure-aws.path b/resources/etc/systemd/system/instruqt-configure-aws.path
@@ -0,0 +1,7 @@
+[Unit] 
+Description = instruqt environment settings
+Wants = instruqt-configure-aws.service
+[Path]
+PathChanged = /etc/profile.d/instruqt-env.sh
+[Install]
+WantedBy = multi-user.target
diff --git a/resources/etc/systemd/system/instruqt-configure-aws.service b/resources/etc/systemd/system/instruqt-configure-aws.service
@@ -0,0 +1,7 @@
+[Unit]
+Description=Instruqt AWS credentials configuration
+
+[Service]
+ExecStart=/usr/local/bin/instruqt-configure-aws
+Type=simple
+
diff --git a/resources/etc/systemd/system/instruqt-configure-gcloud.path b/resources/etc/systemd/system/instruqt-configure-gcloud.path
@@ -0,0 +1,7 @@
+[Unit] 
+Description = instruqt environment settings
+Wants = instruqt-configure-gcloud.service
+[Path]
+PathChanged = /etc/profile.d/instruqt-env.sh
+[Install]
+WantedBy = multi-user.target
diff --git a/resources/etc/systemd/system/instruqt-configure-gcloud.service b/resources/etc/systemd/system/instruqt-configure-gcloud.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Instruqt GCloud credentials configuration
+
+[Service]
+ExecStart=/usr/local/bin/instruqt-configure-gcloud
+Type=simple
diff --git a/resources/google-startup-scripts.service b/resources/google-startup-scripts.service
diff --git a/resources/usr/local/bin/instruqt-configure-aws b/resources/usr/local/bin/instruqt-configure-aws
@@ -0,0 +1,32 @@
+#!/bin/bash -l
+
+# Available env vars:
+# INSTRUQT_AWS_ACCOUNTS
+# INSTRUQT_AWS_ACCOUNT_%s_ACCOUNT_NAME
+# INSTRUQT_AWS_ACCOUNT_%s_ACCOUNT_ID
+# INSTRUQT_AWS_ACCOUNT_%s_USERNAME
+# INSTRUQT_AWS_ACCOUNT_%s_PASSWORD
+# INSTRUQT_AWS_ACCOUNT_%s_AWS_ACCESS_KEY_ID
+# INSTRUQT_AWS_ACCOUNT_%s_AWS_SECRET_ACCESS_KEY
+
+aws_init() {
+    if [[ -n ${INSTRUQT_AWS_ACCOUNTS} ]]; then
+        PROJECTS=("${INSTRUQT_AWS_ACCOUNTS//,/ }")
+
+        # load all credentials into aws configure
+        for PROJECT in ${PROJECTS[@]}; do
+		aws configure --profile $PROJECT  set region eu-west-1
+		[[ $PROJECT == ${PROJECTS[0]} ]] && aws configure --profile default set region eu-west-1
+		VAR="INSTRUQT_AWS_ACCOUNT_${PROJECT}_AWS_ACCESS_KEY_ID"
+		aws configure --profile $PROJECT  set aws_access_key_id "${!VAR}"
+		[[ $PROJECT == ${PROJECTS[0]} ]] && aws configure --profile default set aws_access_key_id "${!VAR}"
+		VAR="INSTRUQT_AWS_ACCOUNT_${PROJECT}_AWS_SECRET_ACCESS_KEY"
+		aws configure --profile $PROJECT  set aws_secret_access_key "${!VAR}"
+		[[ $PROJECT == ${PROJECTS[0]} ]] && aws configure --profile default set aws_secret_access_key "${!VAR}"
+		VAR="INSTRUQT_AWS_ACCOUNT_${PROJECT}_USERNAME"
+		USERNAME="${!VAR}"
+        done
+    fi
+}
+
+aws_init
diff --git a/resources/usr/local/bin/instruqt-configure-gcloud b/resources/usr/local/bin/instruqt-configure-gcloud
@@ -0,0 +1,34 @@
+#!/bin/bash -l
+
+# INSTRUQT_GCP_PROJECTS
+# INSTRUQT_GCP_PROJECT_%s_PROJECT_NAME
+# INSTRUQT_GCP_PROJECT_%s_PROJECT_ID
+# INSTRUQT_GCP_PROJECT_%s_USER_EMAIL
+# INSTRUQT_GCP_PROJECT_%s_USER_PASSWORD
+# INSTRUQT_GCP_PROJECT_%s_SERVICE_ACCOUNT_EMAIL
+# INSTRUQT_GCP_PROJECT_%s_SERVICE_ACCOUNT_KEY
+
+gcloud_init() {
+    if [ -n "${INSTRUQT_GCP_PROJECTS}" ]; then
+        PROJECTS=("${INSTRUQT_GCP_PROJECTS//,/ }")
+
+        # load all credentials into gcloud
+        for PROJECT in ${PROJECTS[@]}; do
+            TMP_FILE=$(mktemp)
+            SERVICE_ACCOUNT_KEY="INSTRUQT_GCP_PROJECT_${PROJECT}_SERVICE_ACCOUNT_KEY"
+            base64 -d <(echo ${!SERVICE_ACCOUNT_KEY}) > "$TMP_FILE"
+            gcloud auth activate-service-account --key-file="$TMP_FILE"
+            rm "$TMP_FILE"
+        done
+
+        # activate service account for first project
+        SERVICE_ACCOUNT_EMAIL="INSTRUQT_GCP_PROJECT_${PROJECTS[0]}_SERVICE_ACCOUNT_EMAIL"
+        gcloud config set account "${!SERVICE_ACCOUNT_EMAIL}"
+
+        # configure project
+        PROJECT_ID="INSTRUQT_GCP_PROJECT_${PROJECTS[0]}_PROJECT_ID"
+        gcloud config set project "${!PROJECT_ID}"
+    fi
+}
+
+gcloud_init
Original file line number	Diff line number	Diff line change
		@@ -1 +1,4 @@
		# Packer recipe for Docker image

		Includes AWS and Google Cloud Platform CLIs and k3s.