Reputation: 606
Packer - Shell Script Provisioner to Clone Private Repo - Auto-Launch EC2 Instances
I've looked around trying to figure out a way to get a Packer build to download a private repository for an ec2 ami build that will be used for spinning up new instances under an auto-launch configuration, having a newly created ec2 instance grab a private repo.
It seems the most secure way to grab a private repo is to use a deploy key, but I believe I would have to manually add each deploy key to the repo for each instance… which defeats the automation purpose, unless I'm doing something wrong.
I'm wondering how to clone a private repository through packer, be it through a shell script or other wise. I understand I can use Chef, but I don't think I should have to install another dependency when the only thing I'm trying to do is clone a github repository.
Do I have to write a send/expect type of script that uses the https github clone url?
Any and all help appreciated.
Upvotes: 2
Views: 3673
Answers (2)
Reputation: 1
I've been using this for Windows but in theory should be similar to this
{
"type": "powershell",
"inline": [
"Set-Location C:\\{{ user `LAB_ENVIRONMENT` }}; git clone https://{{ user `GITLAB_USERNAME` }}:{{ user `GITLAB_ACCESS_TOKEN` }}@gitlab.com/{{ user `REPOSITORY` }}"
]},
Upvotes: 0
Reputation:
There's a "workaround" using ssh-agent. I say workaround because it's not particularly elegant. It would be better to have this part of a Puppet module (maybe there's one already).
The idea is that you need to generate a pair of Public/Private key for each of your private Github repository. Then you add the public key as a Deploy key in the Github project settings (Settings/Deploy Keys). Where you store the key pair is up to you.
Now in Packer, you could use a Shell provisioner and execute something along these lines:
#!/usr/bin/env bash
ssh-keyscan github.com >> /home/ec2-user/.ssh/known_hosts
eval `ssh-agent`
ssh-agent bash -c \
'ssh-add /home/ec2-user/.ssh/[privateKey]; git clone [email protected]:[account]/project.git'
The advantage with this approach is that you can clone multiple private repositories easily.
There are a few ways to upload your key pair on the EC2 box, either by using a file provisioner , Chef or Puppet.
Upvotes: 2
Related Questions
- Clone (private) Github repo to EC2
- How can I write a script to create EC2 instance
- Using Packer, how does one build an Amazon ECR Instance remotely
- Creating an AMI from AWS Lambda
- How to automate cloning private GitHub with Chef
- How to automate a docker run from a private Dockerhub repo?
- How to clone a private git repository using a initialization shell script
- Startup script on EC2
- How do I clone Github data to Amazon EC2?
- Scripted GitHub setup for private repos on new EC2 instance?