builderator 1.1.4 → 1.1.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +40 -35
- data/VERSION +1 -1
- data/docs/configuration/profile.md +50 -0
- data/lib/builderator/config/file.rb +3 -0
- data/lib/builderator/interface/packer.rb +3 -0
- data/lib/builderator/tasks.rb +2 -0
- data/lib/builderator/tasks/packer.rb +77 -0
- data/lib/builderator/util.rb +9 -2
- data/rvm.env +4 -4
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 21016d55b87697c9e9b45661275116259721d1f5
|
4
|
+
data.tar.gz: 6d0502c4f842812140c78fdd0c3294db60a04acc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 97eb7cb95957c03348fb2d7814b58ef1a1ceb58dfdc643c7aedf361882f499bd1df3eec3c06520ff3914fb1b470f50b9c1eeeee3de8749ee0ab7d2dc6002cc65
|
7
|
+
data.tar.gz: 75840ceb5c420cbfd64896c2cfcc91976a7b99cdb1c0bfd41ba1ac8223b68bddb4060da008c10b8ddfc36918e1d61c53ce3093799e374f85181cde9fd0cdd3ee
|
data/Gemfile.lock
CHANGED
@@ -15,13 +15,13 @@ GEM
|
|
15
15
|
specs:
|
16
16
|
addressable (2.4.0)
|
17
17
|
ast (2.2.0)
|
18
|
-
aws-sdk (2.
|
19
|
-
aws-sdk-resources (= 2.
|
20
|
-
aws-sdk-core (2.
|
18
|
+
aws-sdk (2.3.4)
|
19
|
+
aws-sdk-resources (= 2.3.4)
|
20
|
+
aws-sdk-core (2.3.4)
|
21
21
|
jmespath (~> 1.0)
|
22
|
-
aws-sdk-resources (2.
|
23
|
-
aws-sdk-core (= 2.
|
24
|
-
berkshelf (4.3.
|
22
|
+
aws-sdk-resources (2.3.4)
|
23
|
+
aws-sdk-core (= 2.3.4)
|
24
|
+
berkshelf (4.3.3)
|
25
25
|
addressable (~> 2.3, >= 2.3.4)
|
26
26
|
berkshelf-api-client (~> 2.0, >= 2.0.2)
|
27
27
|
buff-config (~> 1.0)
|
@@ -56,40 +56,40 @@ GEM
|
|
56
56
|
celluloid-io (0.16.2)
|
57
57
|
celluloid (>= 0.16.0)
|
58
58
|
nio4r (>= 1.1.0)
|
59
|
-
chef (12.
|
60
|
-
chef-config (= 12.
|
61
|
-
chef-zero (~> 4.
|
59
|
+
chef (12.5.1)
|
60
|
+
chef-config (= 12.5.1)
|
61
|
+
chef-zero (~> 4.2, >= 4.2.2)
|
62
62
|
diff-lcs (~> 1.2, >= 1.2.4)
|
63
63
|
erubis (~> 2.7)
|
64
64
|
ffi-yajl (~> 2.2)
|
65
65
|
highline (~> 1.6, >= 1.6.9)
|
66
|
-
mixlib-authentication (~> 1.
|
66
|
+
mixlib-authentication (~> 1.3)
|
67
67
|
mixlib-cli (~> 1.4)
|
68
68
|
mixlib-log (~> 1.3)
|
69
69
|
mixlib-shellout (~> 2.0)
|
70
|
-
net-ssh (
|
70
|
+
net-ssh (~> 2.6)
|
71
71
|
net-ssh-multi (~> 1.1)
|
72
72
|
ohai (>= 8.6.0.alpha.1, < 9)
|
73
73
|
plist (~> 3.1.0)
|
74
|
-
|
75
|
-
rspec-core (~> 3.
|
76
|
-
rspec-expectations (~> 3.
|
77
|
-
rspec-mocks (~> 3.
|
74
|
+
pry (~> 0.9)
|
75
|
+
rspec-core (~> 3.2)
|
76
|
+
rspec-expectations (~> 3.2)
|
77
|
+
rspec-mocks (~> 3.2)
|
78
78
|
rspec_junit_formatter (~> 0.2.0)
|
79
79
|
serverspec (~> 2.7)
|
80
80
|
specinfra (~> 2.10)
|
81
81
|
syslog-logger (~> 1.6)
|
82
|
-
|
83
|
-
chef-config (12.7.2)
|
82
|
+
chef-config (12.5.1)
|
84
83
|
mixlib-config (~> 2.0)
|
85
84
|
mixlib-shellout (~> 2.0)
|
86
|
-
chef-zero (4.6.
|
85
|
+
chef-zero (4.6.2)
|
87
86
|
ffi-yajl (~> 2.2)
|
88
87
|
hashie (>= 2.0, < 4.0)
|
89
88
|
mixlib-log (~> 1.3)
|
90
89
|
rack
|
91
90
|
uuidtools (~> 2.1)
|
92
91
|
cleanroom (1.0.0)
|
92
|
+
coderay (1.1.1)
|
93
93
|
dep-selector-libgecode (1.2.0)
|
94
94
|
dep_selector (1.0.3)
|
95
95
|
dep-selector-libgecode (~> 1.0)
|
@@ -103,10 +103,10 @@ GEM
|
|
103
103
|
ffi (1.9.10)
|
104
104
|
ffi-yajl (2.2.3)
|
105
105
|
libyajl2 (~> 1.2)
|
106
|
-
hashie (3.4.
|
106
|
+
hashie (3.4.4)
|
107
107
|
highline (1.7.8)
|
108
|
-
hitimes (1.2.
|
109
|
-
httpclient (2.7.
|
108
|
+
hitimes (1.2.4)
|
109
|
+
httpclient (2.7.2)
|
110
110
|
ignorefile (1.1.0)
|
111
111
|
ipaddress (0.8.3)
|
112
112
|
jmespath (1.2.4)
|
@@ -114,22 +114,23 @@ GEM
|
|
114
114
|
json (1.8.3)
|
115
115
|
json_pure (1.8.3)
|
116
116
|
libyajl2 (1.2.0)
|
117
|
+
method_source (0.8.2)
|
117
118
|
minitar (0.5.4)
|
118
119
|
mixlib-authentication (1.4.0)
|
119
120
|
mixlib-log
|
120
121
|
rspec-core (~> 3.2)
|
121
122
|
rspec-expectations (~> 3.2)
|
122
123
|
rspec-mocks (~> 3.2)
|
123
|
-
mixlib-cli (1.
|
124
|
+
mixlib-cli (1.6.0)
|
124
125
|
mixlib-config (2.2.1)
|
125
126
|
mixlib-log (1.6.0)
|
126
127
|
mixlib-shellout (2.2.6)
|
127
|
-
molinillo (0.4.
|
128
|
-
multi_json (1.
|
128
|
+
molinillo (0.4.5)
|
129
|
+
multi_json (1.12.0)
|
129
130
|
multipart-post (2.0.0)
|
130
131
|
net-scp (1.2.1)
|
131
132
|
net-ssh (>= 2.6.5)
|
132
|
-
net-ssh (
|
133
|
+
net-ssh (2.9.4)
|
133
134
|
net-ssh-gateway (1.2.0)
|
134
135
|
net-ssh (>= 2.6.5)
|
135
136
|
net-ssh-multi (1.2.1)
|
@@ -139,7 +140,7 @@ GEM
|
|
139
140
|
nio4r (1.2.1)
|
140
141
|
octokit (4.3.0)
|
141
142
|
sawyer (~> 0.7.0, >= 0.5.3)
|
142
|
-
ohai (8.
|
143
|
+
ohai (8.16.0)
|
143
144
|
chef-config (>= 12.5.0.alpha.1, < 13)
|
144
145
|
ffi (~> 1.9)
|
145
146
|
ffi-yajl (~> 2.2)
|
@@ -151,16 +152,19 @@ GEM
|
|
151
152
|
plist (~> 3.1)
|
152
153
|
systemu (~> 2.6.4)
|
153
154
|
wmi-lite (~> 1.0)
|
154
|
-
parser (2.3.0
|
155
|
+
parser (2.3.1.0)
|
155
156
|
ast (~> 2.2)
|
156
157
|
plist (3.1.0)
|
157
158
|
powerpack (0.1.1)
|
158
|
-
|
159
|
+
pry (0.10.3)
|
160
|
+
coderay (~> 1.1.0)
|
161
|
+
method_source (~> 0.8.1)
|
162
|
+
slop (~> 3.4)
|
159
163
|
rack (1.6.4)
|
160
164
|
rainbow (2.1.0)
|
161
165
|
rake (10.5.0)
|
162
166
|
retryable (2.0.3)
|
163
|
-
ridley (4.5.
|
167
|
+
ridley (4.5.1)
|
164
168
|
addressable
|
165
169
|
buff-config (~> 1.0)
|
166
170
|
buff-extensions (~> 1.0)
|
@@ -197,27 +201,28 @@ GEM
|
|
197
201
|
rspec_junit_formatter (0.2.3)
|
198
202
|
builder (< 4)
|
199
203
|
rspec-core (>= 2, < 4, != 2.12.0)
|
200
|
-
rubocop (0.
|
201
|
-
parser (>= 2.3.0
|
204
|
+
rubocop (0.40.0)
|
205
|
+
parser (>= 2.3.1.0, < 3.0)
|
202
206
|
powerpack (~> 0.1)
|
203
207
|
rainbow (>= 1.99.1, < 3.0)
|
204
208
|
ruby-progressbar (~> 1.7)
|
205
209
|
unicode-display_width (~> 1.0, >= 1.0.1)
|
206
|
-
ruby-progressbar (1.
|
210
|
+
ruby-progressbar (1.8.0)
|
207
211
|
sawyer (0.7.0)
|
208
212
|
addressable (>= 2.3.5, < 2.5)
|
209
213
|
faraday (~> 0.8, < 0.10)
|
210
214
|
semverse (1.2.1)
|
211
|
-
serverspec (2.
|
215
|
+
serverspec (2.34.0)
|
212
216
|
multi_json
|
213
217
|
rspec (~> 3.0)
|
214
218
|
rspec-its
|
215
219
|
specinfra (~> 2.53)
|
216
220
|
sfl (2.2)
|
221
|
+
slop (3.6.0)
|
217
222
|
solve (2.0.3)
|
218
223
|
molinillo (~> 0.4.2)
|
219
224
|
semverse (~> 1.1)
|
220
|
-
specinfra (2.
|
225
|
+
specinfra (2.57.2)
|
221
226
|
net-scp
|
222
227
|
net-ssh (>= 2.7, < 4.0)
|
223
228
|
net-telnet
|
@@ -230,7 +235,7 @@ GEM
|
|
230
235
|
thor
|
231
236
|
timers (4.0.4)
|
232
237
|
hitimes
|
233
|
-
unicode-display_width (1.0.
|
238
|
+
unicode-display_width (1.0.5)
|
234
239
|
uuidtools (2.1.5)
|
235
240
|
varia_model (0.4.1)
|
236
241
|
buff-extensions (~> 1.0)
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.1.
|
1
|
+
1.1.5
|
@@ -32,6 +32,56 @@ Add a packer build
|
|
32
32
|
* `source_ami` The source AMI ID for an `amazon-ebs`
|
33
33
|
* `ssh_username` Default `ubuntu`
|
34
34
|
* `ami_virtualization_type` Default `hvm`
|
35
|
+
* `tagging_role` the name of an IAM role that exists in each remote account that allows the AMI to be retagged
|
36
|
+
|
37
|
+
Example usage:
|
38
|
+
|
39
|
+
<pre>
|
40
|
+
profile bake: Config.profile(:default) do |bake|
|
41
|
+
bake.packer do |packer|
|
42
|
+
packer.build :default do |build|
|
43
|
+
build.tagging_role 'CreateTagsOnAllImages'
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
</pre>
|
48
|
+
|
49
|
+
Example IAM policy in remote account:
|
50
|
+
|
51
|
+
<pre>
|
52
|
+
{
|
53
|
+
"Version": "2012-10-17",
|
54
|
+
"Statement": [
|
55
|
+
{
|
56
|
+
"Sid": "StmtId",
|
57
|
+
"Effect": "Allow",
|
58
|
+
"Action": [
|
59
|
+
"ec2:CreateTags"
|
60
|
+
],
|
61
|
+
"Resource": [
|
62
|
+
"*"
|
63
|
+
]
|
64
|
+
}
|
65
|
+
]
|
66
|
+
}
|
67
|
+
</pre>
|
68
|
+
|
69
|
+
|
70
|
+
The above policy needs to be assigned to a role that enables a trust relationship with the account that builds the AMI:
|
71
|
+
|
72
|
+
<pre>
|
73
|
+
{
|
74
|
+
"Version": "2012-10-17",
|
75
|
+
"Statement": [
|
76
|
+
{
|
77
|
+
"Effect": "Allow",
|
78
|
+
"Principal": {
|
79
|
+
"AWS": "arn:aws:iam::[ami_builder_account]:user/[ami_builder_user]"
|
80
|
+
},
|
81
|
+
"Action": "sts:AssumeRole"
|
82
|
+
}
|
83
|
+
}
|
84
|
+
</pre>
|
35
85
|
|
36
86
|
## TODO: Share accounts
|
37
87
|
|
data/lib/builderator/tasks.rb
CHANGED
@@ -68,11 +68,13 @@ module Builderator
|
|
68
68
|
|
69
69
|
desc 'image [PROFILE = default]', 'Build an AMI of PROFILE'
|
70
70
|
method_option :debug, :type => :boolean
|
71
|
+
method_option :remote_tag, :type => :boolean, :default => true
|
71
72
|
method_option :copy, :type => :boolean, :default => true
|
72
73
|
def image(profile = :default)
|
73
74
|
prepare
|
74
75
|
|
75
76
|
invoke Tasks::Packer, :build, [profile], options
|
77
|
+
invoke Tasks::Packer, :remote_tag, [profile], options if options['remote_tag']
|
76
78
|
invoke Tasks::Packer, :copy, [profile], options if options['copy']
|
77
79
|
end
|
78
80
|
|
@@ -53,6 +53,7 @@ module Builderator
|
|
53
53
|
|
54
54
|
invoke :wait, [profile], options
|
55
55
|
invoke :tag, [profile], options
|
56
|
+
invoke :share, [profile], options
|
56
57
|
end
|
57
58
|
|
58
59
|
desc 'tag PROFILE', 'Tag AMIs in other regions'
|
@@ -128,6 +129,82 @@ module Builderator
|
|
128
129
|
say_status :complete, 'All copied images are available'
|
129
130
|
end
|
130
131
|
|
132
|
+
desc 'remote_tag PROFILE', 'Apply existing tags to the AMI in remote AWS accounts'
|
133
|
+
def remote_tag(profile)
|
134
|
+
invoke :configure, [profile], options
|
135
|
+
|
136
|
+
sts_client = Aws::STS::Client.new(region: Config.aws.region)
|
137
|
+
allowed_cred_keys = %w(access_key_id secret_access_key session_token)
|
138
|
+
|
139
|
+
images.each do |image_name, (image, build)|
|
140
|
+
filters = [{
|
141
|
+
:name => 'name',
|
142
|
+
:values => [image_name]
|
143
|
+
}]
|
144
|
+
|
145
|
+
if build.tagging_role.nil?
|
146
|
+
say_status :complete, 'No remote tagging to be performed as no IAM role is defined'
|
147
|
+
return
|
148
|
+
end
|
149
|
+
|
150
|
+
build.ami_users.each do |account|
|
151
|
+
role_arn = "arn:aws:iam::#{account}:role/#{build.tagging_role}"
|
152
|
+
begin
|
153
|
+
response = sts_client.assume_role( :role_arn => role_arn, :role_session_name => "tag-new-ami")
|
154
|
+
raise "Could not assume role [#{role_arn}]. Perhaps it does not exist?" unless response.successful?
|
155
|
+
rescue => e
|
156
|
+
say_status :skip, "Got error when trying to assume role: #{e.message} - continuing."
|
157
|
+
next
|
158
|
+
end
|
159
|
+
|
160
|
+
creds_hash = response.credentials.to_h.keep_if { |k,v| allowed_cred_keys.include?(k.to_s) }
|
161
|
+
|
162
|
+
say_status :remote_tag, "Tag AMI #{image_name} (#{image.image_id}) in account #{account}"
|
163
|
+
Util.ec2(Config.aws.region, creds_hash)
|
164
|
+
.create_tags(:dry_run => false, :resources => [image.image_id], :tags => image.tags)
|
165
|
+
end
|
166
|
+
end
|
167
|
+
say_status :complete, 'Remote tagging complete'
|
168
|
+
end
|
169
|
+
|
170
|
+
desc 'share PROFILE', 'Share copied AMIs in other accounts'
|
171
|
+
def share(profile)
|
172
|
+
invoke :configure, [profile], options
|
173
|
+
|
174
|
+
shared = false
|
175
|
+
|
176
|
+
images.each do |image_name, (image, build)|
|
177
|
+
build.ami_regions.each do |region|
|
178
|
+
build.ami_users.each do |user|
|
179
|
+
shared = true
|
180
|
+
|
181
|
+
filters = [{
|
182
|
+
:name => 'name',
|
183
|
+
:values => [image_name]
|
184
|
+
}]
|
185
|
+
|
186
|
+
regional_image = Util.ec2(region).describe_images(:filters => filters).images.first
|
187
|
+
|
188
|
+
say_status :share, "image #{image_name} (#{regional_image.image_id}) with #{user}"
|
189
|
+
|
190
|
+
share_image_parameters = {
|
191
|
+
:image_id => regional_image.image_id,
|
192
|
+
:launch_permission => {
|
193
|
+
:add => [
|
194
|
+
{
|
195
|
+
:user_id => user
|
196
|
+
}
|
197
|
+
]
|
198
|
+
}
|
199
|
+
}
|
200
|
+
|
201
|
+
Util.ec2(region).modify_image_attribute(share_image_parameters)
|
202
|
+
end
|
203
|
+
end
|
204
|
+
end
|
205
|
+
say_status :complete, 'All images are shared' if shared
|
206
|
+
end
|
207
|
+
|
131
208
|
private
|
132
209
|
|
133
210
|
## Find details for generated images in current region
|
data/lib/builderator/util.rb
CHANGED
@@ -60,8 +60,15 @@ module Builderator
|
|
60
60
|
##
|
61
61
|
# AWS Clients
|
62
62
|
##
|
63
|
-
def ec2(region = Config.aws.region)
|
64
|
-
|
63
|
+
def ec2(region = Config.aws.region, credentials=nil)
|
64
|
+
options = { :region => region }
|
65
|
+
|
66
|
+
# Don't memoize if supplying explicit credentials as it could be an assumed role for a remote account
|
67
|
+
if credentials.nil?
|
68
|
+
clients["ec2-#{region}"] ||= Aws::EC2::Client.new(options)
|
69
|
+
else
|
70
|
+
Aws::EC2::Client.new options.merge(credentials)
|
71
|
+
end
|
65
72
|
end
|
66
73
|
|
67
74
|
def asg(region = Config.aws.region)
|
data/rvm.env
CHANGED
@@ -1,14 +1,14 @@
|
|
1
|
-
declare -x GEM_HOME="/home/jenkins/.rvm/gems/ruby-2.1.5@bakery-
|
2
|
-
declare -x GEM_PATH="/home/jenkins/.rvm/gems/ruby-2.1.5@bakery-
|
1
|
+
declare -x GEM_HOME="/home/jenkins/.rvm/gems/ruby-2.1.5@bakery-1"
|
2
|
+
declare -x GEM_PATH="/home/jenkins/.rvm/gems/ruby-2.1.5@bakery-1:/home/jenkins/.rvm/gems/ruby-2.1.5@global"
|
3
3
|
declare -x HOME="/home/jenkins"
|
4
|
-
declare -x HUDSON_COOKIE="
|
4
|
+
declare -x HUDSON_COOKIE="84805bab-9ad6-4496-9036-833e511db870"
|
5
5
|
declare -x IRBRC="/home/jenkins/.rvm/rubies/ruby-2.1.5/.irbrc"
|
6
6
|
declare -x LANG="en_US.UTF-8"
|
7
7
|
declare -x LC_ALL="en_US.UTF-8"
|
8
8
|
declare -x MY_RUBY_HOME="/home/jenkins/.rvm/rubies/ruby-2.1.5"
|
9
9
|
declare -x NLSPATH="/usr/dt/lib/nls/msg/%L/%N.cat"
|
10
10
|
declare -x OLDPWD
|
11
|
-
declare -x PATH="/home/jenkins/.rvm/gems/ruby-2.1.5@bakery-
|
11
|
+
declare -x PATH="/home/jenkins/.rvm/gems/ruby-2.1.5@bakery-1/bin:/home/jenkins/.rvm/gems/ruby-2.1.5@global/bin:/home/jenkins/.rvm/rubies/ruby-2.1.5/bin:/home/jenkins/.rvm/bin:/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin"
|
12
12
|
declare -x PWD="/home/jenkins/workspace/gem-public-builderator-master"
|
13
13
|
declare -x RUBY_VERSION="ruby-2.1.5"
|
14
14
|
declare -x SHLVL="1"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: builderator
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.1.
|
4
|
+
version: 1.1.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- John Manero
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-
|
11
|
+
date: 2016-05-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rake
|