我想实现以下目标:
- 使用 Packer 创建 Linux VPN 服务器镜像
- 从 S3 存储桶中提取配置文件并配置 StrongSwan、BGPD、keepalive 等
问题始于从 S3 存储桶中提取文件,我需要在其中设置变量以便 bash 脚本连接到 AWS 并传输提到的文件。
这是加壳代码:
{
"variables": {
"aws_access_key": "{{env `AWS_ACCESS_KEY_ID`}}",
"aws_secret_key": "{{env `AWS_SECRET_ACCESS_KEY`}}",
"aws_default_region": "{{env `AWS_DEFAULT_REGION`}}",
"aws_source_ami": "{{env `AWS_SOURCE_AMI`}}",
"aws_ssh_user": "{{env `AWS_SSH_USER`}}",
"script_aws_access": "{{env `SCRIPT_AWS_ACCESS_KEY`}}",
"script_aws_secret_access": "{{env `SCRIPT_AWS_SECRET_ACCESS_KEY`}}"
},
"builders": [
{
"type": "amazon-ebs",
"access_key": "{{user `aws_access_key`}}",
"secret_key": "{{user `aws_secret_key`}}",
"region": "eu-west-1",
"vpc_id": "vpc-0816d88cdecb1438a",
"subnet_id": "subnet-07e30b1ad80f0c4a8",
"security_group_id": "sg-098ff42f1bdaf7183",
"associate_public_ip_address": "true",
"instance_type": "t2.micro",
"ami_name": "myLinuxPackerImage",
"source_ami": "ami-0ff760d16d9497662",
"ssh_username": "{{user `aws_ssh_user`}}"
}
],
"provisioners": [
{
"type": "file",
"source": "./welcome.txt",
"destination": "/home/centos/"
},
{
"type": "shell",
"inline":[
"ls -al /home/centos",
"cat /home/centos/welcome.txt",
"sleep 30",
"sudo yum update -y"
]
},
{
"type": "shell",
"script": "./example.sh",
"environment_vars": [
"AWS_ACCESS_KEY={{user `script_aws_access`}}",
"AWS_SECRET_ACCESS_KEY={{user `script_aws_secret_access`}}"
],
"pause_before": "10s"
}
]
}
环境变量:
export AWS_ACCESS_KEY_ID="mykey"
export AWS_SECRET_ACCESS_KEY="mysecret"
export AWS_DEFAULT_REGION="eu-west-1"
export AWS_SOURCE_AMI="ami-0ff760d16d9497662"
export AWS_SSH_USER="centos"
export SCRIPT_AWS_ACCESS_KEY="my-SCRIPT-key"
export SCRIPT_AWS_SECRET_ACCESS_KEY="my-secret-SCRIPT-key"
配置程序的实际 bash 脚本(example.sh):
#!/bin/bash
AWS_ACCESS_KEY=${1}
AWS_SECRET_ACCESS_KEY=${2}
sudo yum install epel-release -y
sudo yum install nano wget htop telnet strongswan quagga iptables-services iptables python-pip -y
sudo systemctl stop firewalld && systemctl disable firewalld
sudo systemctl enable iptables && systemctl start iptables
sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc
sh -c 'echo -e "[azure-cli]\nname=Azure CLI\nbaseurl=https://packages.microsoft.com/yumrepos/azure-cli\nenabled=1\ngpgcheck=1\ngpgkey=https://packages.microsoft.com/keys/microsoft.asc" > /etc/yum.repos.d/azure-cli.repo'
sudo yum install azure-cli -y
sudo yum update -y && easy_install pip
sudo pip install awscli
sudo yum install keepalived -y && sudo systemctl enable keepalived
sudo useradd keepalived_script
export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY
export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
export AWS_DEFAULT_REGION=eu-west-1
# Copy BGPD files
aws s3 cp --recursive s3://<s3-url>/azure_vpn_server_primary/quagga/ /etc/quagga/
#Copy StrongSwan files
aws s3 cp --recursive s3://<s3-url>/azure_vpn_server_primary/strongswan/ /etc/strongswan/
# In Azure, the instance should have IP Forwarding enabled on its network interface
# Copy keepalived files
aws s3 cp --recursive s3://<s3-url>/azure_vpn_server_primary/keepalived/ /etc/keepalived/
错误:
amazon-ebs: Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
amazon-ebs: fatal error: An error occurred (AuthorizationHeaderMalformed) when calling the ListObjectsV2 operation: The authorization header is malformed; a non-empty Access Key (AKID) must be provided in the credential.
amazon-ebs: fatal error: An error occurred (AuthorizationHeaderMalformed) when calling the ListObjectsV2 operation: The authorization header is malformed; a non-empty Access Key (AKID) must be provided in the credential.
最佳答案
找到解决方案。
必须删除>
AWS_ACCESS_KEY=${1} AWS_SECRET_ACCESS_KEY=${2}
来自 bash 脚本。 现在可以工作了!
关于bash - 如何使用packer为bash脚本设置变量?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/55140176/