Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- packer {
- required_plugins {
- amazon = {
- version = ">= 1.2.2"
- source = "github.com/hashicorp/amazon"
- }
- ansible = {
- version = "~> 1"
- source = "github.com/hashicorp/ansible"
- }
- }
- }
- locals {
- timestamp_date = "${formatdate("YYYY-MM-DD", local.timestamp)}"
- timestamp_full = "${formatdate("YYYY-MM-DD_HH:mm:ss", local.timestamp)}"
- # Template the description string
- ami_description = format(
- "STIG-partitioned [HARDENED], LVM-enabled, \"minimal\", with updates through %s. Default username `%s`",
- formatdate("YYYY-MM-DD", local.timestamp), "ec2-user
- )
- # Calculate AWS AMI deprecate_at timestamp
- aws_ami_deprecate_at = var.deprecation_lifetime != null ? timeadd(local.timestamp, var.deprecation_lifetime) : null
- timestamp = timestamp()
- }
- source "amazon-ebssurrogate" "base" {
- ami_root_device {
- source_device_name = "/dev/sdf"
- device_name = "/dev/sda1"
- delete_on_termination = true
- volume_size = var.root_volume_size
- volume_type = "gp3"
- }
- ami_name = var.ami_name
- ami_description = local.ami_description
- ami_virtualization_type = "hvm"
- associate_public_ip_address = false
- communicator = "ssh"
- ena_support = true
- deprecate_at = local.aws_ami_deprecate_at
- force_deregister = var.aws_force_deregister
- force_delete_snapshot = var.aws_force_delete_snapshot
- instance_type = var.aws_instance_type
- iam_instance_profile = var.aws_instance_role
- launch_block_device_mappings {
- delete_on_termination = true
- device_name = "/dev/sda1"
- volume_size = var.root_volume_size
- volume_type = "gp3"
- }
- launch_block_device_mappings {
- delete_on_termination = true
- device_name = "/dev/sdf"
- volume_size = var.root_volume_size
- volume_type = "gp3"
- }
- ami_block_device_mappings {
- device_name = "/dev/sda1"
- delete_on_termination = true
- volume_size = var.root_volume_size
- volume_type = "gp3"
- }
- max_retries = 30
- region = var.aws_region
- sriov_support = true
- ssh_interface = var.aws_ssh_interface
- ssh_port = 22
- ssh_pty = true
- ssh_timeout = "15m"
- ssh_username = var.ssh_username
- ssh_key_exchange_algorithms = [
- "ecdh-sha2-nistp521",
- "ecdh-sha2-nistp256",
- "ecdh-sha2-nistp384",
- "ecdh-sha2-nistp521",
- "diffie-hellman-group14-sha1",
- "diffie-hellman-group1-sha1"
- ]
- temporary_security_group_source_cidrs = var.aws_temporary_security_group_source_cidrs
- user_data_file = "${path.root}/userdata/userdata.cloud"
- vpc_id = var.aws_vpc_id
- subnet_id = var.aws_subnet_id
- # enforces imdsv2 support on the running instance being provisioned by Packer
- metadata_options {
- http_endpoint = "enabled"
- http_tokens = "required"
- http_put_response_hop_limit = 1
- }
- ##
- ## Tags applied to the Runtime Instance
- ##
- run_tags = {
- Name = "Packer_Builder_${var.ami_name}-${local.timestamp_full}"
- Base_AMI_ID = "{{ .SourceAMI }}"
- Base_AMI_Name = "{{ .SourceAMIName }}"
- OS = "RHEL 8"
- }
- ##
- ## Tags applied to the AMI
- ##
- tags = {
- Name = "${var.ami_name}"
- Base_AMI_ID = "{{ .SourceAMI }}"
- Base_AMI_Name = "{{ .SourceAMIName }}"
- OS = "RHEL 8"
- }
- ##
- ## Search for AMI based on AMI Name
- ##
- source_ami_filter {
- filters = {
- name = var.aws_ami_search_name
- virtualization-type = "hvm"
- root-device-type = "ebs"
- }
- owners = [var.aws_ami_search_owner]
- most_recent = true
- }
- }
- build {
- sources = ["source.amazon-ebssurrogate.base"]
- provisioner "shell" {
- execute_command = "{{ .Vars }} sudo -E /bin/bash '{{ .Path }}'"
- inline = [
- "sudo yum install -y lvm2 nvme-cli"
- ]
- }
- provisioner "shell" {
- execute_command = "{{ .Vars }} sudo -E /bin/bash '{{ .Path }}'"
- script = "${path.root}/scripts/volume.sh"
- timeout = "5m"
- expect_disconnect = true
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
