wonderphil/packer.json

## packer.json
{
  "description": "Packer template for Base AMI",
  "variables": {
    "bbrole": "amicreate",
    "bbowners": null,
    "bblocation": "aws",
    "bbenvironment": null,
    "aws_access_key": null,
    "aws_secret_key": null,
    "domain": null,
    "vpc": null,
    "subnet": null,
    "region": null,
    "instance_size": null,
    "build_number": null,
    "ami": null,
    "ebs_kms_key_id": null,
    "ubuntu_version": null,
    "ubuntu_code": null
  },
  "builders": [
    {
      "name": "amazon",
      "type": "amazon-ebs",
      "access_key": "{{user `aws_access_key`}}",
      "secret_key": "{{user `aws_secret_key`}}",
      "region": "{{user `region`}}",
      "associate_public_ip_address": false,
      "subnet_id": "{{user `subnet`}}",
      "vpc_id": "{{user `vpc`}}",
      "source_ami": "{{user `ami`}}",
      "instance_type": "{{user `instance_size`}}",
      "ssh_username": "ubuntu",
      "ssh_timeout": "10000s",
      "ami_name": "encrypt-baseimage-ansible-{{user `bbenvironment`}}-u{{user `ubuntu_version`}}-{{user `build_number`}}",
      "ami_description": "Base AMI for {{user `bbenvironment`}} setup for ansible",
      "encrypt_boot": true,
      "kms_key_id": "{{user `ebs_kms_key_id`}}",
      "launch_block_device_mappings": [
          {
              "device_name": "/dev/sda1",
              "volume_size": 15,
              "volume_type": "gp2",
              "delete_on_termination": true
          }
      ],
      "tags": {
        "Name": "cis-encrypt-baseimage-ansible-{{user `bbenvironment`}}-u{{user `ubuntu_version`}}-{{user `build_number`}}",
        "Environment": "{{user `bbenvironment`}}",
        "bbowners": "{{user `bbowners`}}",
        "terraform": "packer",
        "consul_join": "false",
        "encrypted": "true",
        "ubunutu_version": "{{user `ubuntu_version`}}"
      },
      "run_tags": {
        "Name": "{{user `bbenvironment`}}-{{user `bblocation`}}-{{user `bbrole`}}-{{user `build_number`}}",
        "bbrole": "{{user `bbrole`}}",
        "bblocation": "{{user `bblocation`}}",
        "bbenvironment": "{{user `bbenvironment`}}",
        "bbowners": "{{user `bbowners`}}",
        "bbservice": "packer",
        "build": "{{user `build_number`}}",
        "terraform": "packer",
        "consul_join": "false"
      }
    }
  ],
  "provisioners": [
    {
      "type": "shell",
      "execute_command": "{{ .Vars }} sudo -n -E -s bash '{{ .Path }}'",
      "environment_vars": [
        "BBLOCATION={{user `bblocation`}}",
        "BBENVIRONMENT={{user `bbenvironment`}}",
        "BBROLE={{user `bbrole`}}",
        "DOMAIN={{user `domain`}}",
        "AWS_ACCESS_KEY_ID={{user `aws_access_key`}}",
        "AWS_SECRET_ACCESS_KEY={{user `aws_secret_key`}}",
        "AWS_DEFAULT_REGION={{user `region`}}",
        "BUILD_NUMBER={{user `build_number`}}"
      ],
      "inline": [
        "while [ ! -f /var/lib/cloud/instance/boot-finished ]; do echo 'Waiting for cloud-init...'; sleep 1; done",
        "BUILD_STATUS='good'",
        "echo '########## Checking SSHD Config ##########'",
        "whoami",
        "sed -i 's/ClientAliveInterval 300/ClientAliveInterval 120/' /etc/ssh/sshd_config",
        "sed -i 's/ClientAliveCountMax 0/ClientAliveCountMax 720/' /etc/ssh/sshd_config",
        "service ssh restart",
        "echo '########## Running System Update ##########'",
        "DEBIAN_FRONTEND='noninteractive' apt update",
        "DEBIAN_FRONTEND='noninteractive' apt-get -y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' upgrade",
        "if [ $? -eq 0 ]; then BUILD_STATUS='good'; else BUILD_STATUS='failed' && rm -f /var/lib/apt/lists/lock && rm -f /var/cache/apt/archives/lock && rm -f /var/lib/dpkg/lock && DEBIAN_FRONTEND='noninteractive' apt-get -y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' upgrade; fi",
        "echo '########## Setting Hostname ##########'",
        "SHORTNAME=$BBENVIRONMENT-$BBLOCATION-$BBROLE",
        "FQDN=$SHORTNAME.$DOMAIN",
        "sudo echo $SHORTNAME > /etc/hostname",
        "hostname $SHORTNAME",
        "hostname",
        "echo '########## Install Ansible ##########'",
        "DEBIAN_FRONTEND=noninteractive apt-add-repository ppa:ansible/ansible -y",
        "DEBIAN_FRONTEND=noninteractive apt-get update",
        "DEBIAN_FRONTEND=noninteractive apt-get install ansible -y",
        "if [ $? -eq 0 ]; then BUILD_STATUS='good'; else BUILD_STATUS='failed' && rm -f /var/lib/apt/lists/lock && rm -f /var/cache/apt/archives/lock && rm -f /var/lib/dpkg/lock && DEBIAN_FRONTEND=noninteractive apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install ansible -y; fi",
        "echo '########## Install AWS CLI ##########'",
        "curl -O https://bootstrap.pypa.io/get-pip.py",
        "python3 get-pip.py --user",
        "export PATH=~/.local/bin:$PATH",
        "pip install awscli --upgrade --user",
        "echo '########## Running Ansible Pull ##########'",
        "if [  \"$BBENVIRONMENT\" == \"bbstage\" ]; then BRANCH='stage'; else BRANCH='master'; fi",
        "echo $BRANCH",
        "whoami",
        "ansible-pull -U git@bitbucket.org:broadbean/ansible.git --accept-host-key -d /srv/ansible --full -C master --private-key /root/.ssh/ansible_bitbucket -i /srv/ansible/inventories/$BBENVIRONMENT/inventory --vault-password-file /home/ubuntu/.ssh/.ansible_vault.key playbooks/base.yml -vvvv"
      ]
    }
  ]
}
	{
	"description": "Packer template for Base AMI",
	"variables": {
	"bbrole": "amicreate",
	"bbowners": null,
	"bblocation": "aws",
	"bbenvironment": null,
	"aws_access_key": null,
	"aws_secret_key": null,
	"domain": null,
	"vpc": null,
	"subnet": null,
	"region": null,
	"instance_size": null,
	"build_number": null,
	"ami": null,
	"ebs_kms_key_id": null,
	"ubuntu_version": null,
	"ubuntu_code": null
	},
	"builders": [
	{
	"name": "amazon",
	"type": "amazon-ebs",
	"access_key": "{{user `aws_access_key`}}",
	"secret_key": "{{user `aws_secret_key`}}",
	"region": "{{user `region`}}",
	"associate_public_ip_address": false,
	"subnet_id": "{{user `subnet`}}",
	"vpc_id": "{{user `vpc`}}",
	"source_ami": "{{user `ami`}}",
	"instance_type": "{{user `instance_size`}}",
	"ssh_username": "ubuntu",
	"ssh_timeout": "10000s",
	"ami_name": "encrypt-baseimage-ansible-{{user `bbenvironment`}}-u{{user `ubuntu_version`}}-{{user `build_number`}}",
	"ami_description": "Base AMI for {{user `bbenvironment`}} setup for ansible",
	"encrypt_boot": true,
	"kms_key_id": "{{user `ebs_kms_key_id`}}",
	"launch_block_device_mappings": [
	{
	"device_name": "/dev/sda1",
	"volume_size": 15,
	"volume_type": "gp2",
	"delete_on_termination": true
	}
	],
	"tags": {
	"Name": "cis-encrypt-baseimage-ansible-{{user `bbenvironment`}}-u{{user `ubuntu_version`}}-{{user `build_number`}}",
	"Environment": "{{user `bbenvironment`}}",
	"bbowners": "{{user `bbowners`}}",
	"terraform": "packer",
	"consul_join": "false",
	"encrypted": "true",
	"ubunutu_version": "{{user `ubuntu_version`}}"
	},
	"run_tags": {
	"Name": "{{user `bbenvironment`}}-{{user `bblocation`}}-{{user `bbrole`}}-{{user `build_number`}}",
	"bbrole": "{{user `bbrole`}}",
	"bblocation": "{{user `bblocation`}}",
	"bbenvironment": "{{user `bbenvironment`}}",
	"bbowners": "{{user `bbowners`}}",
	"bbservice": "packer",
	"build": "{{user `build_number`}}",
	"terraform": "packer",
	"consul_join": "false"
	}
	}
	],
	"provisioners": [
	{
	"type": "shell",
	"execute_command": "{{ .Vars }} sudo -n -E -s bash '{{ .Path }}'",
	"environment_vars": [
	"BBLOCATION={{user `bblocation`}}",
	"BBENVIRONMENT={{user `bbenvironment`}}",
	"BBROLE={{user `bbrole`}}",
	"DOMAIN={{user `domain`}}",
	"AWS_ACCESS_KEY_ID={{user `aws_access_key`}}",
	"AWS_SECRET_ACCESS_KEY={{user `aws_secret_key`}}",
	"AWS_DEFAULT_REGION={{user `region`}}",
	"BUILD_NUMBER={{user `build_number`}}"
	],
	"inline": [
	"while [ ! -f /var/lib/cloud/instance/boot-finished ]; do echo 'Waiting for cloud-init...'; sleep 1; done",
	"BUILD_STATUS='good'",
	"echo '########## Checking SSHD Config ##########'",
	"whoami",
	"sed -i 's/ClientAliveInterval 300/ClientAliveInterval 120/' /etc/ssh/sshd_config",
	"sed -i 's/ClientAliveCountMax 0/ClientAliveCountMax 720/' /etc/ssh/sshd_config",
	"service ssh restart",
	"echo '########## Running System Update ##########'",
	"DEBIAN_FRONTEND='noninteractive' apt update",
	"DEBIAN_FRONTEND='noninteractive' apt-get -y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' upgrade",
	"if [ $? -eq 0 ]; then BUILD_STATUS='good'; else BUILD_STATUS='failed' && rm -f /var/lib/apt/lists/lock && rm -f /var/cache/apt/archives/lock && rm -f /var/lib/dpkg/lock && DEBIAN_FRONTEND='noninteractive' apt-get -y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' upgrade; fi",
	"echo '########## Setting Hostname ##########'",
	"SHORTNAME=$BBENVIRONMENT-$BBLOCATION-$BBROLE",
	"FQDN=$SHORTNAME.$DOMAIN",
	"sudo echo $SHORTNAME > /etc/hostname",
	"hostname $SHORTNAME",
	"hostname",
	"echo '########## Install Ansible ##########'",
	"DEBIAN_FRONTEND=noninteractive apt-add-repository ppa:ansible/ansible -y",
	"DEBIAN_FRONTEND=noninteractive apt-get update",
	"DEBIAN_FRONTEND=noninteractive apt-get install ansible -y",
	"if [ $? -eq 0 ]; then BUILD_STATUS='good'; else BUILD_STATUS='failed' && rm -f /var/lib/apt/lists/lock && rm -f /var/cache/apt/archives/lock && rm -f /var/lib/dpkg/lock && DEBIAN_FRONTEND=noninteractive apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install ansible -y; fi",
	"echo '########## Install AWS CLI ##########'",
	"curl -O https://bootstrap.pypa.io/get-pip.py",
	"python3 get-pip.py --user",
	"export PATH=~/.local/bin:$PATH",
	"pip install awscli --upgrade --user",
	"echo '########## Running Ansible Pull ##########'",
	"if [ \"$BBENVIRONMENT\" == \"bbstage\" ]; then BRANCH='stage'; else BRANCH='master'; fi",
	"echo $BRANCH",
	"whoami",
	"ansible-pull -U git@bitbucket.org:broadbean/ansible.git --accept-host-key -d /srv/ansible --full -C master --private-key /root/.ssh/ansible_bitbucket -i /srv/ansible/inventories/$BBENVIRONMENT/inventory --vault-password-file /home/ubuntu/.ssh/.ansible_vault.key playbooks/base.yml -vvvv"
	]
	}
	]
	}