• Stars
    star
    102
  • Rank 335,584 (Top 7 %)
  • Language
    Ruby
  • License
    MIT License
  • Created over 9 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Templates for Packer!

packer-templates Build Status

Collection of Packer templates used for various infrastructure layers.

How to build stuff

To build a given template, one may use the make implicit builder, like the following for ci-stevonnie:

make ci-stevonnie

or, with a specific builder:

make ci-stevonnie BUILDER=docker

or forget about the Makefile and run with packer directly:

packer build -only=docker <(bin/yml2json < ci-stevonnie.yml)

env config bits

Most of the templates in here require some env vars. Take a look at .example.env for an example. Use of autoenv is encouraged but not required.

packer template types

There are two primary types of templates present at the top level: those intended for use as execution environment for jobs flowing through Travis CI, and those used for various backend fun in the Travis CI infrastructure. The former type all have the prefix ci-, described in more detail below:

stacks

There are two primary types of stacks: those targeting Ubuntu 14.04 (trusty), and those targeting Ubuntu 16.04 (xenial) that run on GCE and Docker.

Take a peek at what's what:

make stacks-trusty
make stacks-xenial

There may be some subtle variations, but for the most part each stack is built via the following steps.

git metadata file input

The generated files in ./tmp/git-meta/ are copied onto the provisioned machine at /var/tmp/git-meta/ for later use by the ./packer-scripts/packer-env-dump script.

purge file input

A git-tracked file in ./packer-assets is copied onto the provisioned machine at /var/tmp/purge.txt for later use by the ./packer-scripts/purge script.

packages file input

A git-tracked file in ./packer-assets is copied onto the provisioned machine at /var/tmp/packages.txt for later use by both the travis_packer_templates::default recipe and the serverspec suites via ./cookbooks/lib/support.rb.

write packer and travis env vars

The script at ./packer-scripts/packer-env-dump creates a directory on the provisioned machine at /.packer-env which is intended to be in the envdir format. Any environment variables that match ^(PACKER|TRAVIS), and (if present) the files previously written to /var/tmp/git-meta/ are copied or written into /.packer-env/.

remove default users

The script at ./packer-scripts/remove-default-users will perform a best-effort removal of users defined in ${DEFAULT_USERS} (default vagrant ubuntu). The primary reasons for this are general tidyness and to try to free up uid 2000.

pre-chef bootstrapping

The script at ./packer-scripts/pre-chef-bootstrap is responsible for ensuring the provisioned machine has all necessary packages and users for the Chef provisioning process. The steps executed include:

  • remove the "partner" APT source list file
  • remove all cached APT list files
  • install APT packages needed by Chef
  • ensure /var/run/sshd dir exists
  • ensure sshd: ALL: ALLOW exists in /etc/hosts.allow
  • ensure there is a travis user
  • change the travis user password to travis
  • ensure #includedir /etc/sudoers.d exists in /etc/sudoers
  • ensure the /etc/sudoers.d dir exists
  • ensure the /etc/sudoers.d/travis file exists with specific permissions
  • ensure the /home/travis/.ssh dir exists
  • ensure the /home/travis/.ssh/authorized_keys file exists
  • add /var/tmp/*_rsa.pub to /home/travis/.ssh/authorized_keys
  • ensure /home/travis/.ssh/authorized_keys perms are 0600
  • ensure the /home/travis/bin dir exists

cloning travis-cookbooks

The script at ./packer-scripts/clone-travis-cookbooks is responsible for git clone'ing travis-cookbooks into /tmp/chef-stuff on the provisioned machine. Optional env vars supported by this script are:

  • TRAVIS_COOKBOOKS_BRANCH - the branch specified during git clone
  • TRAVIS_COOKBOOKS_EDGE_BRANCH - the default branch used if TRAVIS_COOKBOOKS_BRANCH is not defined
  • TRAVIS_COOKBOOKS_URL - the git clone remote (default https://github.com/travis-ci/travis-cookbooks.git)
  • TRAVIS_COOKBOOKS_SHA - a git tree-ish to which the clone will be checked out if defined (default not set)

Once the clone is complete, the clone directory is written to /.packer-env/TRAVIS_COOKBOOKS_DIR and the head sha is written to /.packer-env/TRAVIS_COOKBOOKS_SHA.

chef provisioning

The chef-solo provisioner will typically have no json data, but instead will leave all attribute and effective run list definition to a single wrapper cookbook located in ./cookbooks/.

chef wrapper cookbook layout

Each wrapper cookbook must contain at least a metadata.rb and a recipes/default.rb. Typically, the attributes/default.rb is defined and contains all override attribute settings. The earliest version of Chef used by either trusty or xenial stacks is 12.9, which means that all cookbook dependencies must be declared in metadata.rb, a requirement that is also enforced by the foodcritic checks.

For example, the minimal trusty image "ci-stevonnie" has a wrapper cookbook at ./cookbooks/travis-ci_stevonnie that looks like this:

cookbooks/travis_ci_stevonnie
β”œβ”€β”€ README.md
β”œβ”€β”€ attributes
β”‚Β Β  └── default.rb
β”œβ”€β”€ metadata.rb
β”œβ”€β”€ recipes
β”‚Β Β  └── default.rb
└── spec
    β”œβ”€β”€ ...

travis user double check

The script at ./packer-scripts/ensure-travis-user is responsible for ensuring the existence of the travis user and its home directory permissions, optionally setting the password to a random string. The list of operations is:

  • ensure the travis user exists
  • set the travis user password
  • ensure /home/travis exists
  • ensure /home/travis/.ssh/authorized_keys and /home/travis/.ssh/known_hosts both exist and have permissions of 0600
  • blank out /home/travis/.ssh/authorized_keys
  • ensure /home/travis is fully owned by travis:travis

Optional env vars supported by this script are:

  • TRAVIS_USER_PASSWORD - a string (default "travis")
  • TRAVIS_OBFUSCATE_PASSWORD - if non-empty, causes TRAVIS_USER_PASSWORD to be set to a random string

purging undesirable packages

The script at ./packer-scripts/purge is responsible for purging packages that are not desirable for the CI environment, such as the Chef that was installed prior for the Chef provisioner. Additionally, any package names present in /var/tmp/purge.txt will be purged. Optional env vars supported by this script are:

  • APT_GET_UPGRADE_DURING_CLEANUP - if non-empty, triggers an apt-get -y upgrade prior to package purging.
  • CLEAN_DEV_PACKAGES - if non-empty, purges any packages matching -dev$

disabling apparmor

The script at ./packer-scripts/disable-apparmor is responsible for disabling apparmor if detected. This is done primarily so that services such as PostgreSQL and Docker may be used in the CI environment without first updating apparmor configuration and restaring said services.

running server specs

The script at ./packer-scripts/run-serverspecs is responsible for running the serverspec suites via the rspec executable that is part of the chefdk package. The list of operations is:

  • install the chefdk package
  • create a sudo-bash wrapper for use in some specs
  • ensure all spec files are owned by travis:travis
  • run each suite defined in ${SPEC_SUITES}
  • optionally remove the chefdk package

Optional env vars supported by this script are:

  • PACKER_CHEF_PREFIX - directory in which to find packer chef stuff (default /tmp)
  • SPEC_RUNNER - string used to wrap execution of rspec (default sudo -u travis HOME=/home/travis -- bash -lc)
  • SPEC_SUITES - comma-delimited string of spec suites to run (default not set)
  • SKIP_CHEFDK_REMOVAL - if non-empty do not remove the chefdk package and APT source

removing undesirable files

The script at ./packer-scripts/cleanup is responsible for removing files and directories that are unnecessary for the CI environment or otherwise add unnecessary mass to the mastered image. The list of operations is:

  • recursively remove a bunch of files and directories
  • conditionally remove /var/lib/apt/lists/*
  • conditionally remove /var/lib/man-db
  • conditionally remove /home/travis/linux.iso and /home/travis/shutdown.sh
  • empty all files in /var/log

Optional env vars supported by this script are:

  • CLEANUP_APT_LISTS - if non-empty, trigger removal of /var/lib/apt/lists/*
  • CLEANUP_MAN_DB - if non-empty, trigger removal of /var/lib/man-db

minimizing image size

The script at ./packer-scripts/minimize is responsible for reducing the size of the provisioned image by squeezing out all of the empty space into a contiguous area using the same method as bento. The list of operations is:

  • exit 0 if $PACKER_BUILDER_TYPE is either googlecompute or amazon-ebs, as minimizing like this is superfluous on those builders
  • if $PACKER_BUILDER_TYPE is not docker, turn off swap and zero out the swap partition if available.
  • write zeros to /EMPTY until the disk is out of space
  • remove /EMPTY and run sync
  • if the vmware-toolbox-cmd is available, run disk shrink operations for both / /boot paths.

registering the image with job-board

The script at ./bin/job-board-register is responsible for "registering" the mastered image in a post-processing step by making an HTTP request to the job-board images API. The list of operations is:

  • source any available env vars exported from the provisioned VM
  • dump any env vars with prefixes ^(PACKER|TRAVIS|TAGS|IMAGE_NAME)
  • define a TAGS env var that will be used as the tags HTTP request param.
  • define a URI-escaped query string from several env vars
  • perform the HTTP request to job-board with curl and pipe the response through jq

Required env vars for this script are:

  • JOB_BOARD_IMAGES_URL - the URL including PATH_INFO prefix to job-board
  • IMAGE_NAME - the name of the image, typically the same as that used by the target infrastructure

Optional env vars supported by this script are:

  • PACKER_ENV_DIR - path to the envdir containing packer-specific env vars, default /.packer-env
  • TAGS - initial value for tags set during job-board registration
  • GROUP - value used in group tag, default edge if edge conditions match, else dev
  • DIST - value used in dist tag, default either Linux release codename or OS X product version
  • OS - value used in os tag, default lowercase value of uname, mapped to osx on Darwin

For more info on the relationship between a given packer build artifact and job-board, see job-board details below.

job-board details

The job-board application is responsible for tracking stack image metadata and presenting a queryable API that is used by the travis-worker API image selector. As described above, each stack image is registered with job-board along with a group, os, dist, and map of tags. When travis-worker requests a stack image identifier, it performs a series of queries with progressively lower specificity.

Of the values assigned to each stack image, the tags map is perhaps most mysterious, in part because it is so loosely defined. This is intentional, as the number of values that could be considered "tags" varies enough that maintaining them all as individual columns would result in (opinions!) too much overhead in the form of schema management and query complexity.

The implementation of the job-board-register script includes a process that converts the languages and features arrays present in /.job-board-register.yml, written from the values present in chef attributes at travis_packer_templates.job_board.{features,languages}, into "sets" represented as {key} => true. For example, if a given wrapper cookbook contains attributes like this:

override['travis_packer_templates']['job_board']['languages'] = %w(
  fribble
  snurp
  zzz
)

then the tags generated for registration with job-board would be equivalent to:

{
  "language_fribble": true,
  "language_snurp": true,
  "language_zzz": true
}

job-board tagsets

A "tagset" is the "set" (as in the type) of the "tags" applied during job-board registration of a particular stack image, including languages and features. At the time of this writing, both tagsets are used during serverspec runs, and only the languages tagset is considered during selection via the job-board API.

tagset relationships

Because the travis-worker API image selector is querying job-board for stack images that match a particular language, it is important for us to ensure reasonably consistent image selection by way of asserting the languages values do not overlap between certain stacks (an "exclusive" relationship). Additionally, it is important that we ensure certain stack features are subsets of others (an "inclusive" relationship).

Part of the CI process for this repository makes assertions about such exclusive and inclusive relationships by way of the check-job-board-tags script. The exact relationships being enforced may be viewed like so:

./bin/check-job-board-tags --list-only
exclusive relationships

An exclusive tagset relationship is equivalent to asserting that the set intersection is the empty set, e.g.:

tagset_a = %w(a b c)
tagset_b = %w(d e f)
assert (tagset_a & tagset_b).empty?
inclusive relationships

An inclusive tagset relationship is equivalent to asserting that all members of one tagset are present in another, or that a tagset's intersection with its superset is equivalent to itself, e.g.:

tagset_a = %w(a b c d e f)
tagset_b = %w(f d b)
assert (tagset_a & tagset_b).sort == tagset_b.sort

Testing cookbook changes

When submitting changes to this repository, please be aware that the top level-specs are shallow and don't include logic changes in the cookbooks.

Any cookbook specs are ran as part of the actual image building process, which is triggered when any of the ci-<image-name>.yml templates are modified.

The image build is ran as part of the packer-build repo on the branch corresponding to each template and is triggered by travis-packer-build.

This can be installed and invoked locally by running bundle install and then bundle exec travis-packer-build [options].

Example:

bundle exec travis-packer-build \
	-I ci-sardonyx.yml \
	--target-repo-slug="travis-infrastructure/packer-build" \
	--github-api-token="<your-token-here>" \
	--body-tmpl=".packer-build-pull-request-false-tmpl.yml"

You can specify the branch using -B (if you don't want to build from master).

The file .packer-build-pull-request-false-tmpl.yml here is just an example, but you can also create a different template that specifies other travis-cookbooks or packer-template branches.

Additionaly, if you just want to test a change in travis-cookbooks, you can use the shortcut script in ./bin/packer-build-cookbooks-branch:

./bin/packer-build-cookbooks-branch <travis-cookbooks-branch-name> <template-name>

Note: The above script expects the GITHUB_API_TOKEN environment variable to be set.

Once created, the images will be registered in job-board under the group: dev tag.

More Repositories

1

travis-ci

Free continuous integration platform for GitHub projects.
8,353
star
2

travis.rb

Travis CI Client (CLI and Ruby library)
Ruby
1,583
star
3

dpl

Dpl (dee-pee-ell) is a deploy tool made for continuous deployment.
Ruby
1,284
star
4

gimme

Install go, yay!
Shell
690
star
5

travis-cookbooks

Chef cookbook monolithic repo πŸ“– πŸ’£
HTML
663
star
6

travis-build

.travis.yml => build.sh converter
Ruby
653
star
7

travis-web

The Ember web client for Travis CI
JavaScript
611
star
8

docs-travis-ci-com

The Travis CI Documentation
SCSS
570
star
9

travis-api

The Travis CI API
Ruby
295
star
10

worker

Worker runs your Travis CI jobs
Go
274
star
11

travis-core

[DEPRECATED] Models and classes shared by Travis CI api, hub and gatekeeper
Ruby
239
star
12

travis-yaml

parses, normalizes, validates and serializes your .travis.yml
Ruby
170
star
13

travis-ci.github.com

[DEPRECATED] The Travis CI blog & documentation website
CSS
154
star
14

travis-worker

[DEPRECATED] This project is deprecated in favor of travis-ci/worker
Ruby
141
star
15

terraform-config

Terraform bits and bytes
HCL
123
star
16

travis-yml

Travis CI build config processing
Ruby
113
star
17

travis-lint

[DEPRECATED] Use travis-ci/travis-yml instead
Ruby
113
star
18

apt-package-safelist

Safelist of apt packages approved for build environments with restricted sudo
Shell
108
star
19

travis-watcher-macosx

[DEPRECATED] A Travis CI client for Mac OS X.
Objective-C
95
star
20

artifacts

Travis CI Artifacts Uploader
Go
87
star
21

travis-boxes

[DEPRECATED] Travis Boxes makes provisioning and configuring Virtual Box machines simple and easy.
Ruby
78
star
22

apt-source-safelist

Safelist of apt sources approved for build environments with restricted sudo
Ruby
78
star
23

gh

Layered GitHub API client
Ruby
68
star
24

travis-hub

Job State Central Command
Ruby
67
star
25

beta-features

The perfect place to leave feedback and comments on newly released Beta Features.
58
star
26

pudding

[DEPRECATED] It's a thing for managing instances!
Go
58
star
27

travis-logs

Processes log updates from the job runner (worker), and streams them to the web client, aggregates them, and archives to S3.
Ruby
56
star
28

travis-crowd

[DEPRECATED] Travis' love campaign (replaced by https://github.com/travis-ci/travis-love-campaign)
Ruby
49
star
29

osx-image-bootstrap

DEPRECATED Bootstrap scripts for Travis CI OS X VMs
Shell
47
star
30

build-stages-demo

Demos for Travis CI build stages
Ruby
46
star
31

travis-listener

Receives and queues service hook notifications from GitHub for processing.
Ruby
44
star
32

travis-rubies

my rubies, let me show you them
Shell
43
star
33

casher

CH CHING
Ruby
42
star
34

moustached-hubot

Moustached ChatOps for your hubot.
CoffeeScript
42
star
35

kubernetes-config

Travis services running on Kubernetes!
Shell
38
star
36

travis-tasks

The Sidekiq based Travis background job processor.
Ruby
37
star
37

php-src-builder

Builds php/php-src with php-build and uploads artifacts to S3
Roff
31
star
38

travis-support

Support classes and extensions used in travis-ci
Ruby
30
star
39

travis-scheduler

Queues jobs to be run by the various workers
Ruby
28
star
40

travis-cli-gh

[DEPRECATED] Travis CLI plugin to interact with GitHub API
Ruby
24
star
41

travis-sso

Implements Travis CI Single Sign-On as a Rack middleware.
Ruby
22
star
42

travis-artifacts

[DEPRECATED] Upload artifacts after running your tests to S3 (Unmaintained. See https://github.com/travis-ci/artifacts)
Ruby
21
star
43

docker-sinatra

[DEMO] Sample project for running a sinatra application on Docker from within a Travis build
Ruby
21
star
44

sso

SSO in go, implemented as an HTTP proxy.
Go
21
star
45

travis-assets

[DEPRECATED] We are using a CDN now
JavaScript
21
star
46

travis-conditions

Boolean language for conditional builds, stages, jobs
Ruby
20
star
47

actions

The best of GitHub Actions!
JavaScript
19
star
48

travis-foundation

Travis Foundation website.
HTML
19
star
49

gcloud-cleanup

Clean That Cloud! ☁️ πŸ›€
Go
19
star
50

travis-ruby-client

Ruby client library for Travis CI API
Ruby
19
star
51

packer-templates-mac

Templates for building images for macOS for Travis with Packer!
Shell
17
star
52

travis-chat

[DEMO] example app demoing travis-sso usage
Ruby
15
star
53

jupiter-brain

Jupiter Brain manages servers
Go
14
star
54

cpython-builder

Clones and builds CPython
Shell
13
star
55

travis.js

[DEPRECATED]
CoffeeScript
12
star
56

travis-deploy

[DEPRECATED] Travis Deploy tool
Ruby
11
star
57

collectd-vsphere

vSphere metrics plugin for collectd
Go
11
star
58

travis-web-log

CoffeeScript
10
star
59

system-info

πŸ’ Gathers and reports system information specific to the travis build environment.
Ruby
10
star
60

worker-operator

A Kubernetes operator for deploying worker
Go
10
star
61

enterprise-installation

Travis CI Enterprise Installation Instructions
10
star
62

job-board

have a job? need a job? no jobs? all the jobs!
Ruby
9
star
63

cloud-brain

It talks to the clouds
Go
9
star
64

travis-weblint

travis-lint meets teh Internet
Ruby
9
star
65

travis-images

[DEPRECATED] Used to created and manage Travis VMs IN THE CLOUD
Ruby
9
star
66

apt-whitelist-checker

Automation of https://github.com/travis-ci/apt-package-whitelist approval process
Shell
9
star
67

cyclist

AWS ASG lifecycle thing πŸŽ‰ 🚴
Go
8
star
68

2fabot

Slack bot that sends reminders to people to enable two-factor authentication.
Go
8
star
69

travis-extension-chrome

[DEPRECATED] Chrome extension that displays build status in the toolbar
8
star
70

travis-cli-pr

[DEPRECATED] This plugin has been deprecated, please use the travis settings command and the GitHub plugin instead. https://github.com/travis-ci/travis-cli-gh
Ruby
8
star
71

unlimited-jce-policy-jdk7

It's JCE Unlimited Strength Jurisdiction Policy Files 7 in a gem!
Ruby
7
star
72

prompt_warn_env

Warn if sensitive env vars are present
Shell
7
star
73

travis-erlang-builder

πŸ“«
Shell
6
star
74

travis-become

Ruby
6
star
75

travis-config

How does one configure πŸ’ƒ
Ruby
6
star
76

travis-migrations

Skeleton app to allow migrations to be run for our infrastructures
Ruby
6
star
77

travis-nightly-builder

API + rake tasks to build "nightly" or on-demand stuff
JavaScript
6
star
78

encrypted-column

Go implementation of encrypted database column bits
Go
6
star
79

travis-cli-settings

[DEPRECATED] No longer in use.
Ruby
5
star
80

travis-styleguide

[DEPRECATED] ✨
CSS
5
star
81

hubot-pudding

Script for interacting with a pudding server
CoffeeScript
5
star
82

travis-redirect

Ruby
5
star
83

veewee-definitions

[DEPRECATED] Veewee definitions we use to build our base boxes
Shell
5
star
84

container-example

[DEMO] An example showing how to use Travis CIs container-based infrastructure
Protocol Buffer
5
star
85

webhook-signature-verifier

A small Sinatra app to verify the webhook payload signature
Ruby
4
star
86

travis-images-specs

[DEPRECATED] tests for Travis build images
Ruby
4
star
87

travis-sidekiqs

Async, baby!
Ruby
4
star
88

cat-party

[DEMO] CodeDeploy Demo
HTML
4
star
89

tfw

The Tiny Floating Whale of infrastructure at Travis CI ✨ 🐳
Shell
4
star
90

travis-caching

[DEPRECATED] A simple caching service with pluggable backends
Ruby
4
star
91

travis_migrate_to_apps

Migrate your GitHub organizations to use the Travis CI GitHub App integration
Ruby
4
star
92

macbot

Slack bot for managing vSphere and other Travis Mac infrastructure things
Go
4
star
93

build-email

[DEPRECATED] The up-to-date HTML for build emails is generated from this template: https://github.com/travis-ci/travis-tasks/blob/master/lib/travis/addons/email/mailer/views/build/finished_email.html.erb
4
star
94

openshift-travis-quickstart

[DEMO] A sample Rack application showing Travis CI and OpenShift integration
Ruby
4
star
95

travis-api-v3

Pulling out our V3 codebase to be a stand alone application.
Ruby
3
star
96

travis-packer-build

πŸ“¦ 🚧
Ruby
3
star
97

travis-logsearch

Pipeline to dump job execution logs into elasticsearch!
Ruby
3
star
98

apt-gpg-keys

List of keys installed by travis-build at run time
3
star
99

build-env-linux

[WIP] New and improved Travis build environments for Linux
3
star
100

travis-encrypt

Encryption support
Ruby
3
star