AMI with Nomad and Consul binaries installed. DNSmasq is also configured to use the local Consul agent as its DNS server.
This is based on this example.
In addition to Ansible and Packer, you will need to install the following on your machine:
See this page for more information.
ami_base_name: Base name for the AMI image. The timestamp will be appendedaws_region: AWS Regionsubnet_id: ID of subnet to run the builder instance intemporary_security_group_source_cidr: Temporary CIDR to allow SSH access fromassociate_public_ip_address: Associate totrueif the machine provisioned is to be connected via the internetssh_interface: One ofpublic_ip,private_ip,public_dnsorprivate_dns. If set, either the public IP address, private IP address, public DNS name or private DNS name will used as the host for SSH. The default behaviour if inside a VPC is to use the public IP address if available, otherwise the private IP address will be used. If not in a VPC the public DNS name will be used.nomad_version: Version of Nomad to installconsul_module_version: Version of the Terraform Consul repository to usenomad_module_version: Version of the Nomad Module to use.consul_version: Version of Consul to installvault_version: Version of Vault to installvault_module_version: Version of the Vault Module to use.td_agent_config_file: Path totd-agentconfig file to template copy from. Installtd-agentif path is non-empty.td_agent_config_vars_file: Path to variables file to include for value interpolation fortd-agentconfig file. Only included if the value is not empty.include_varsincludes the variables intoconfig_varsvariable, i.e. ifxxxvalue is defined in the variables file, you will need to do{{ config_vars.xxx }}to get the interpolation working.ca_certificate: Path to the CA certificate you have generated to install on the machine. Set to empty to not install anything.extra_vars: Additional variables to pass to Ansible via the-eflag. This is useful for additional variables that are available in the Ansible playbooks used to provision the packer images.
After the initial bootstrap, if you have applied one of the following post bootstrap modules, you should set the following options to install whatever pre-requisite is required in the AMI:
- Vault PKI
The following options are common to all of the integrations:
consul_host: The host for which Consul is accessible. Defaults to empty. If set to empty, all post bootstrap integration will be disabled.consul_port: Port where Consul is accessible. Defaults to 443consul_scheme: Scheme to access Consul. Defaults to "https"consul_token: ACL token to access Consulconsul_integration_prefix: Prefix to look for Consul integration values. Do not change this unless you have also modified the values in the appropriate modules. Defaults to "terraform/"
If you have a vars.json variables file containing changes to the above variables, you may run:
packer build \
-var-file=vars.json \
packer.jsonOtherwise if you wish to use the default variable values, simply run:
packer build packer.jsonIf you have enabled the post-bootstrap integration, you can use terraform output to get the URL
of your Consul servers. In this way, you can use the same command for pre and post bootstrap builds
of your AMI.
packer build \
-var-file=vars.json \
-var consul_host="$(terraform output consul_api_address || echo -n '')" \
packer.jsonThis Packer image will the following:
- Consul:
/opt/consul - Nomad:
/opt/nomad - Vault:
/opt/vault td-agent: As a Debian packagetelegrafAs a Debian packageconsul-template:/opt/consul-template
You can use consul-template to template files using data from Consul and Vault. Simply define
the template using a new configuration file (in HCL, with the template stanza) and write the
configuration file to /opt/consul-template/config. You can send the SIGHUP signal using
systemctl kill -s signal SIGHUP consul-template to ask consul-template to reload its configuration.