feat: Add hooks for prebuilt images (AMI), including amazon linux packer example (#1444)

npalm · npalm · commit 14ac0db04dc9 · 2021-12-22T09:14:46.000+01:00
* Initial creation of runner image

* Refactored startup script and added it to the per-boot folder

* Make the runner location a variable

So we can pass the runner version in at packer build time if we want to update the runner version.

* Retrieve external config setting via tags

Retrieve the required config via the instance tags so we dont have to pass in and set environment on the instance in an awkward way.

* Enable tag based config

Give the instance the permission to query its own tags and set the correct tags on the instance.

* Add a CI job

* Fix the CI build

* Fix the formatting

* Retain user_data provisioning and remove duplication

refactored to make sure user_data continues to work with minimal breaking changes.
Use a single set of scripts shared between image and user_data provisioning.

* Fix interpolation issues in template file

* fix build

* Fix formatting

* minor tweaks and fixes

* Fixes from testing

* Enable docker on boot

* Add in output of start time for the runner

* Scoop up the runner log

* Add a powershell build script for windows users

* Fix formatting

* Use SSM parameters for configuration

Its best practice to use SSM parameters for configuration of the runners. In adding this i have also added parameter path  based config so its easy to extend in the future.

* Make the SSM policy more specific

* Update .github/workflows/packer-build.yml

Co-authored-by: Niek Palm &lt;npalm@users.noreply.github.com&gt;

* Added condition to the describe tags policy

* Dont use templatefile on the tags policy

Because of the use of ${} in the policy terraform is trying to replace it.

* Added an option to turn off userdata scripting

* Added/updated documentation

* Revert policy as it has no effect on the permissions

* Add reference to prebuilt images in the main readme

* Add an example of deploying with prebuilt images

* Update readme

* Use current user as ami_owner

* Update example to 5 secs

* Updated ami name to include the arch

* Fixed log file variable

* Added explicit info about required settings to the readme

* Change userdata_enabled to enabled_userdata

Keep within existing naming convention

Co-authored-by: Niek Palm &lt;npalm@users.noreply.github.com&gt;
diff --git a/README.md b/README.md
@@ -299,6 +299,7 @@ Examples are located in the [examples](./examples) directory. The following exam
 - _[Ubuntu](examples/ubuntu/README.md)_: Example usage of creating a runner using Ubuntu AMIs.
 - _[Prebuilt Images](examples/prebuilt/README.md)_: Example usages of deploying runners with a custom prebuilt image.
 - _[Windows](examples/windows/README.md)_: Example usage of creating a runner using Windows as the OS.
+- _[Prebuilt Images](examples/prebuilt/README.md)_: Example usages of deploying runners with a custom prebuilt image.
 
 ## Sub modules
 
@@ -340,34 +341,34 @@ In case the setup does not work as intended follow the trace of events:
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-| Name | Version |
-|------|---------|
+| Name                                                                      | Version   |
+| ------------------------------------------------------------------------- | --------- |
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.38 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws)                   | >= 3.38   |
 
 ## Providers
 
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.38 |
-| <a name="provider_random"></a> [random](#provider\_random) | n/a |
+| Name                                                       | Version |
+| ---------------------------------------------------------- | ------- |
+| <a name="provider_aws"></a> [aws](#provider\_aws)          | >= 3.38 |
+| <a name="provider_random"></a> [random](#provider\_random) | n/a     |
 
 ## Modules
 
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_runner_binaries"></a> [runner\_binaries](#module\_runner\_binaries) | ./modules/runner-binaries-syncer | n/a |
-| <a name="module_runners"></a> [runners](#module\_runners) | ./modules/runners | n/a |
-| <a name="module_ssm"></a> [ssm](#module\_ssm) | ./modules/ssm | n/a |
-| <a name="module_webhook"></a> [webhook](#module\_webhook) | ./modules/webhook | n/a |
+| Name                                                                                | Source                           | Version |
+| ----------------------------------------------------------------------------------- | -------------------------------- | ------- |
+| <a name="module_runner_binaries"></a> [runner\_binaries](#module\_runner\_binaries) | ./modules/runner-binaries-syncer | n/a     |
+| <a name="module_runners"></a> [runners](#module\_runners)                           | ./modules/runners                | n/a     |
+| <a name="module_ssm"></a> [ssm](#module\_ssm)                                       | ./modules/ssm                    | n/a     |
+| <a name="module_webhook"></a> [webhook](#module\_webhook)                           | ./modules/webhook                | n/a     |
 
 ## Resources
 
-| Name | Type |
-|------|------|
+| Name                                                                                                                                              | Type     |
+| ------------------------------------------------------------------------------------------------------------------------------------------------- | -------- |
 | [aws_resourcegroups_group.resourcegroups_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/resourcegroups_group) | resource |
-| [aws_sqs_queue.queued_builds](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource |
-| [random_string.random](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
+| [aws_sqs_queue.queued_builds](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue)                              | resource |
+| [random_string.random](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string)                                     | resource |
 
 ## Inputs
 
@@ -448,12 +449,12 @@ In case the setup does not work as intended follow the trace of events:
 
 ## Outputs
 
-| Name | Description |
-|------|-------------|
-| <a name="output_binaries_syncer"></a> [binaries\_syncer](#output\_binaries\_syncer) | n/a |
-| <a name="output_runners"></a> [runners](#output\_runners) | n/a |
-| <a name="output_ssm_parameters"></a> [ssm\_parameters](#output\_ssm\_parameters) | n/a |
-| <a name="output_webhook"></a> [webhook](#output\_webhook) | n/a |
+| Name                                                                                | Description |
+| ----------------------------------------------------------------------------------- | ----------- |
+| <a name="output_binaries_syncer"></a> [binaries\_syncer](#output\_binaries\_syncer) | n/a         |
+| <a name="output_runners"></a> [runners](#output\_runners)                           | n/a         |
+| <a name="output_ssm_parameters"></a> [ssm\_parameters](#output\_ssm\_parameters)    | n/a         |
+| <a name="output_webhook"></a> [webhook](#output\_webhook)                           | n/a         |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 ## Contribution
diff --git a/modules/runners/templates/start-runner.sh b/modules/runners/templates/start-runner.sh
@@ -29,12 +29,11 @@ echo "Retrieved /$environment/runner/enable-cloudwatch parameter - ($enable_clou
 agent_mode=$(echo "$parameters" | jq --arg environment "$environment" -r '.[] | select(.Name == "/\($environment)/runner/agent-mode") | .Value')
 echo "Retrieved /$environment/runner/agent-mode parameter - ($agent_mode)"
 
-if [[ -n "$enable_cloudwatch_agent" ]]; then  
-  echo "Cloudwatch is enabled"  
+if [[ -n "$enable_cloudwatch_agent" ]]; then
+  echo "Cloudwatch is enabled"
   amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c "ssm:$environment-cloudwatch_agent_config_runner"
 fi
 
-
 ## Configure the runner
 
 echo "Get GH Runner config from AWS SSM"
@@ -66,18 +65,18 @@ sudo --preserve-env=RUNNER_ALLOW_RUNASROOT -u "$run_as" -- ./config.sh --unatten
 echo "Starting runner after $(awk '{print int($1/3600)":"int(($1%3600)/60)":"int($1%60)}' /proc/uptime)"
 echo "Starting the runner as user $run_as"
 
-if [[ $agent_mode = "ephemeral" ]]; then  
+if [[ $agent_mode = "ephemeral" ]]; then
   echo "Starting the runner in ephemeral mode"
   sudo --preserve-env=RUNNER_ALLOW_RUNASROOT -u "$run_as" -- ./run.sh
   echo "Runner has finished"
-  
+
   echo "Stopping cloudwatch service"
   service awslogsd stop
   echo "Terminating instance"
   aws ec2 terminate-instances --instance-ids "$instance_id" --region "$region"
-else 
+else
   echo "Installing the runner as a service"
   ./svc.sh install "$run_as"
   echo "Starting the runner in persistent mode"
   ./svc.sh start
-fi
+fi
