Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

adding remote folder to shell provisioners scripts #1922

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

adding remote folder to shell provisioners scripts #1922

wants to merge 1 commit into from

Conversation

maiconrocha
Copy link

Issue #, if available:
This is to fix an issue when applying EKS scripts on top of CIS_Amazon_Linux_2023_Benchmark_Level_1 AMI
Description of changes:

adding remote folder to shell provisioners scripts on template.json
When not having the option to add remote folder to shell provisioners scripts, scripts are created on /tmp
which is does not have required permissions on CIS_Amazon_Linux_2023_Benchmark_Level_1 AMI.
So you will face errors like:

2024-08-12T10:32:11+09:30: ==> amazon-ebs: Provisioning with shell script: /var/folders/2p/4n7c7gqs6xb23jgy_sq_3gsh0000gr/T/packer-shell2244599818
2024-08-12T10:32:12+09:30:     amazon-ebs: bash: line 1: /tmp/script_4590.sh: Permission denied

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Testing Done

I am able to build an AMI after the changes with the following command

make k8s=1.30 os_distro=al2023 aws_region=ap-southeast-2 source_ami_id=ami-XXXXXXXXX source_ami_owners=XXXXXXXXX source_ami_filter_name="CIS Amazon Linux 2023 Benchmark - Level 1 - v07 -prod-fvm47vekg24oc" subnet_id=subnet-XXXXXXXXX associate_public_ip_address=true remote_folder=/home/ec2-user working_dir=/home/ec2-user
...
==> Builds finished. The artifacts of successful builds are:
--> amazon-ebs: AMIs were created:
ap-southeast-2: ami-XXXXXXXXXXXXXXXXXX

See this guide for recommended testing for PRs. Some tests may not apply. Completing tests and providing additional validation steps are not required, but it is recommended and may reduce review time and time to merge.

cartermckinnon
cartermckinnon reviewed Aug 13, 2024
View reviewed changes
templates/al2023/template.json
@@ -115,6 +115,7 @@
"provisioners": [
{
"type": "shell",
"remote_folder": "{{ user `remote_folder`}}",
Copy link
Member

@cartermckinnon cartermckinnon Aug 13, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does Packer leave behind all the scripts it uploads to the remote_folder? It'd be nice to clean them up if /home/ec2-user is going to be used as remote_folder

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I basically replicated what we have on AL2
https://github.com/awslabs/amazon-eks-ami/blob/main/templates/al2/template.json
you can see remote_folder option is on all shell provisioners.
I will launch an instance using the generated AMI and check /home/ec2-user content to see if it was cleanup by packer.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I confirmed that /home/ec2-user/ is clean when connecting to the Instance using the generated AMI:


sh-5.2$ sudo su -
[root@ip-10-0-9-125 ~]# cd /home/ec2-user/
[root@ip-10-0-9-125 ec2-user]# ls -ltrh
total 0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cartermckinnon cartermckinnon cartermckinnon left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@maiconrocha @cartermckinnon