—— 作者：李明(email: mli@apache.org)

本文是工作中的日志：如何用packer创建Amazon AWS上的AMI。

Using packer to generate a Amazon AWS AMI

1. Install packer on mac:

   • Using command “brew install packer”
   • Or download packer from https://www.packer.io/

2. Install awscli on mac:

   • “pip install –upgrade –user awscli”
   • add aws path into $PATH : “export PATH=~/Library/Python/2.7/bin:$PATH”

3. login aws web site: https://console.aws.amazon.com/console/home

   • create key-pair @ “Service => Compute => EC2 => Key Pairs => Create Key Pair”, and download the generated file ‘user.pem’ into ~/.aws, and chmod 400 user.pem.
   • Add user access key @ “Service => Security, Identity & Compliance => IAM => User => click your username => Security credentials => Create access key” and download the generated info file ‘accessKeys.csv’

4. Set up awscli config:

vi ~/.aws/credentials (Below info is generated by step 3(b))

 [default]
 aws_access_key_id=XXXXXXXXXXXXXXXXX
 aws_secret_access_key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

vi ~/.aws/config

 [default]
 region=us-west-2
 output=json

1. check awscli credential info setup correctly: aws ec2 describe-instances

2. Search source_ami for packer

   • go to https://aws.amazon.com/mp/, click Continue to AWS marketplace.
   • ” Porpular Categories => Operating Systems => Search OS keyword”
   • select one item, and click the “continue” button => Manual Launch => select your region ami id. e.g. centos7.2 is US West (Oregon) ami-775e4f16.

3. Set credentials.json (which is same as step 4) for passing “–var-file credentials.json” to packer, or you can directly pass these value as shell param “-var ‘aws_access_key=xxxxxx’” to packer command.

vi ~/.aws/credentials.json

{
	"aws_access_key_id":"XXXXXXXXXXXXXXXXX",
	"aws_secret_access_key":"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
}

1. set “source_ami” below to the ID fetched at step 6©. vi /Users/gpadmin/workspace/hawq2ci/GPDB-HAWQ-DynamicProvisioning/packer/ami_test.json

   {
   "variables": {
   "aws_access_key": "",
   "aws_secret_key": "",
   "name": "HAWQ_RHEL7.2_HVM"
   },
   "builders": [{
   "type": "amazon-ebs",
   "access_key": "{{user `aws_access_key`}}",
   "secret_key": "{{user `aws_secret_key`}}",
   "region": "us-west-2",
   "source_ami": "ami-775e4f16",
   "instance_type": "t2.micro",
   "ssh_username": "ec2-user",
   "ami_name": "{{user `name`}} {{timestamp}}"
   }],
   "provisioners": [{
   "type": "shell",
   "inline": [
     "sleep 30",
     "echo 'for test'"
   ]
   }]
   }
   

   1. Run the command to validate the json file shell cd /Users/gpadmin/workspace/hawq2ci/GPDB-HAWQ-DynamicProvisioning/packer packer validate ami_test.json

2. Build AMI.

   packer build --var-file ~/.aws/credentials.json ami_test.json
   

   Run EC2 Instance from a AMI

   We use pre-exists vpc and subnet.

   1. Create security group shell aws ec2 create-security-group --group-name mli_sg --description "My security group for testing" --vpc-id vpc-4ef3972a aws ec2 describe-security-groups --group-ids sg-7c143b04

3. Add Inbound SSH access

   aws ec2 authorize-security-group-ingress --group-id sg-7c143b04 --protocol tcp --port 22 --cidr 10.34.0.0/16
   

   1. Run EC2 Instance shell aws ec2 run-instances --image-id ami-d9e26eb9 --count 1 --instance-type t2.micro --key-name mli --security-group-ids sg-a398b7db --subnet-id subnet-a65cc3c2