AMI with Nomad and Consul binaries installed. DNSmasq is also configured to use the local Consul agent as its DNS server.
This is based on this example.
In addition to Ansible and Packer, you will need to install the following on your machine:
See this page for more information.
ami_base_name
: Base name for the AMI image. The timestamp will be appendedaws_region
: AWS Regionsubnet_id
: ID of subnet to run the builder instance intemporary_security_group_source_cidr
: Temporary CIDR to allow SSH access fromassociate_public_ip_address
: Associate totrue
if the machine provisioned is to be connected via the internetssh_interface
: One ofpublic_ip
,private_ip
,public_dns
orprivate_dns
. If set, either the public IP address, private IP address, public DNS name or private DNS name will used as the host for SSH. The default behaviour if inside a VPC is to use the public IP address if available, otherwise the private IP address will be used. If not in a VPC the public DNS name will be used.nomad_version
: Version of Nomad to installconsul_module_version
: Version of the Terraform Consul repository to usenomad_module_version
: Version of the Nomad Module to use.consul_version
: Version of Consul to installvault_version
: Version of Vault to installvault_module_version
: Version of the Vault Module to use.td_agent_config_file
: Path totd-agent
config file to template copy from. Installtd-agent
if path is non-empty.td_agent_config_vars_file
: Path to variables file to include for value interpolation fortd-agent
config file. Only included if the value is not empty.include_vars
includes the variables intoconfig_vars
variable, i.e. ifxxx
value is defined in the variables file, you will need to do{{ config_vars.xxx }}
to get the interpolation working.ca_certificate
: Path to the CA certificate you have generated to install on the machine. Set to empty to not install anything.extra_vars
: Additional variables to pass to Ansible via the-e
flag. This is useful for additional variables that are available in the Ansible playbooks used to provision the packer images.
After the initial bootstrap, if you have applied one of the following post bootstrap modules, you should set the following options to install whatever pre-requisite is required in the AMI:
- Vault PKI
The following options are common to all of the integrations:
consul_host
: The host for which Consul is accessible. Defaults to empty. If set to empty, all post bootstrap integration will be disabled.consul_port
: Port where Consul is accessible. Defaults to 443consul_scheme
: Scheme to access Consul. Defaults to "https"consul_token
: ACL token to access Consulconsul_integration_prefix
: Prefix to look for Consul integration values. Do not change this unless you have also modified the values in the appropriate modules. Defaults to "terraform/"
If you have a vars.json
variables file containing changes to the above variables, you may run:
packer build \
-var-file=vars.json \
packer.json
Otherwise if you wish to use the default variable values, simply run:
packer build packer.json
If you have enabled the post-bootstrap integration, you can use terraform output
to get the URL
of your Consul servers. In this way, you can use the same command for pre and post bootstrap builds
of your AMI.
packer build \
-var-file=vars.json \
-var consul_host="$(terraform output consul_api_address || echo -n '')" \
packer.json
This Packer image will the following:
- Consul:
/opt/consul
- Nomad:
/opt/nomad
- Vault:
/opt/vault
td-agent
: As a Debian packagetelegraf
As a Debian packageconsul-template
:/opt/consul-template
You can use consul-template
to template files using data from Consul and Vault. Simply define
the template using a new configuration file (in HCL, with the template
stanza) and write the
configuration file to /opt/consul-template/config
. You can send the SIGHUP
signal using
systemctl kill -s signal SIGHUP consul-template
to ask consul-template
to reload its configuration.