Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add windows example ami #1525

Merged
merged 6 commits into from
Jan 5, 2022
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
Add config for windows ami
  • Loading branch information
maths22 committed Dec 18, 2021
commit 6d95070790dea7fd21a98b3b9406bd83dff8fdfb
9 changes: 9 additions & 0 deletions examples/prebuilt/lambdas-download/.terraform.lock.hcl

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion examples/prebuilt/lambdas-download/main.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
locals {
version = "<REPLACE_BY_GITHUB_RELEASE_VERSION>"
version = "v0.27.0"
}

module "lambdas" {
13 changes: 7 additions & 6 deletions examples/prebuilt/main.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
locals {
environment = "prebuilt"
aws_region = "eu-west-1"
}

resource "random_id" "random" {
@@ -12,7 +11,7 @@ data "aws_caller_identity" "current" {}
module "runners" {
source = "../../"
create_service_linked_role_spot = true
aws_region = local.aws_region
aws_region = var.aws_region
vpc_id = module.vpc.vpc_id
subnet_ids = module.vpc.private_subnets

@@ -24,15 +23,17 @@ module "runners" {
webhook_secret = random_id.random.hex
}

webhook_lambda_zip = "../../lambda_output/webhook.zip"
runner_binaries_syncer_lambda_zip = "../../lambda_output/runner-binaries-syncer.zip"
runners_lambda_zip = "../../lambda_output/runners.zip"
webhook_lambda_zip = "lambdas-download/webhook.zip"
runner_binaries_syncer_lambda_zip = "lambdas-download/runner-binaries-syncer.zip"
runners_lambda_zip = "lambdas-download/runners.zip"

runner_extra_labels = "default,example"

runner_os = var.runner_os

# configure your pre-built AMI
enabled_userdata = false
ami_filter = { name = ["github-runner-amzn2-x86_64-2021*"] }
ami_filter = { name = [var.ami_name_filter] }
ami_owners = [data.aws_caller_identity.current.account_id]

# enable access to the runners via SSM
2 changes: 1 addition & 1 deletion examples/prebuilt/providers.tf
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
provider "aws" {
region = local.aws_region
region = var.aws_region
}
5 changes: 5 additions & 0 deletions examples/prebuilt/testing.tfva
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
ami_name_filter = "github-runner-windows-core-2019-*"
runner_os = "win"
github_app_id = "159615"
github_app_key_base64 = "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBemp3a3VuRFlwNVFmRERFVEhpYU1neXlqYXhKZWFFd252c1lkUDFjR213ZVM5V0dLCnM4U1ZGVUFQRFdQaGo5Q0ZmVTRaUktIVVhMY3hmN3RMUjhRNVJ1QXdhZ1pHK1ErS1RaTCtxbTN0WVpsc1FjYkwKOUw3emkwRUpqaE5oSkNSeURnY1dYa1pMSmp5cGhqK2swOVJidytFUFg0c0dkSnBZcVZLOTkwcUxHS0NVSDZHVAo4YUt5N1d1dG1rRUZIeVJ5Qys0SjJsRjU2azJuREJxaWUxQmF1SHFoRTU3RzFJbFhRbmp0Uk83ak1NTFVqU3NvCkUzTmdPdUtsbG1mTkVWOHplVjdLeEs5TDdhOU9MQ2JRbE1hQi9QRzFiK3hJWWxmR1o3SFpXeEQwdnBuYnEwSEcKUFp0YU9DZ1RPQWQveHFDTUNCNXluYitVKzdPSkZyWVBNUmlLVlFJREFRQUJBb0lCQUFnQmJhdVBGZG5yZGdrVApIcHJkQkRkVFZFU2p3ZVpxam1CcGNGazFGNXlNL3JkbndlcVlodkQ4TzVsWmR6Z044Q0NkRjM0Q2lpdlBNS3kwCnFJZHdwb2lKeTFkU1J3OEQrMnBuZWx0RFNTT3d3UE1NdEg0YnEzaU1YY0tXSGY4NUt2UkFjaTNXckxRZlJyVmYKWXhhVjk3bnkwcFh5MzUxSElJbnlIRTJ0SnhrZGtNWU9NVTlqVFRCSXAyUXhoNHhvN2NaMm1PUDEwQnp6YUJHOQp6OTFDcHFPTm1QcXg5Skp2dUxwbk1Qb05wUWZ6ZEZmOVhMMEMyeHVOZVR2a016KzVjamtzQ1htWjNUbjJzUUlvCjE2Ly94b0FlT1ZqVmFOUTgxOGdyMU14TDJFVVVRbkRQNC8vRFoyVzQ3eEZpUFR5TXNsSEdsWDYyWktpcUhVSzcKYmd4dTRVRUNnWUVBOFc4L2FCRW9oaEVkbzBQZFY4aUxOUUdweURCMjNmVHVkY1RGbFIvL0RtZ2FWaHdvTC96NApRL1ZqTWpsSXR0aWlaaEtoTEZMbDJBYVdrR1o3eE1XaUFvN0owdXJqVmFnWXk3VHFIU0hESjFDTUExSVUxMnVQCkNzR012K2RLcGpPdThoaVpxc2w2VWVhaUZXZGJHY2ZVeG4ycUtTd3FGTkp6dU5GSnNLUTE4N3NDZ1lFQTJxMUUKY3ZhTjF5cWNLVDd6WnJQdktDdWpVTE9sRVRjSHZuSTJUS1VnbXBVdXV0WXBZVVNlY1VhbkdlbjUvUmJleXJYdwpqVGxaTVd2Skw1MnFHempBTnhmV3R1R0MwbmNiQ200eURMa2EyZUVOek1jRjl6ME9YY0xETU1rTEZIekd1L3NUCmYwLzJjMFk0T2ZXU3hyaVFVQ2owWER0QmNDZkRQaEtqQ0d6K01TOENnWUVBb1dENUF2aWxHNmdKSlg1UlQwSHYKT3NrWDBZWURqaTBQejR4dGZWWmJ5Q2R4b3lsQys0Q2QrZDdtSlVZQkFxY2ZOaGN4d0V6UThXckY3Vk56VzMyMgo0dnJLa0w4TW9jNndkRWxEUzZHcnJuVzZnT1cycEo5eWg0QUVNcW5KVGZxeDc0VGVBamlXR0hTTzFydTFPekJGCld6L1lJNWt2cjZkVVRxOG1FSHBTemMwQ2dZRUF0d0VXTFpmRXNITUthVUl6ZEpuVTVhdFBhN1JMeWhKaHVySGUKVzFvOTVPQkFVVC8xTlYrMXNWck5jVlJzVDdBYUYwOFgxemhOT3B6WHE2K29za3RXSVVVai9ielFQTTVNcFBmLwpqc0pDaEdCaHFpUk5DOUhlK2Z5S1dZT0djRWpVRUhGWXFjMERsUWtJK1FoWkkxRkdCSytoZ0taZVp6di9teTBCCm40V0hYU1VDZ1lCYytSaGpnbE03UzR1MFZjdUlyN0w1Y1hOcVBMYjdTRTBMRzlFWWErTFYwLzFZc3pCc3dMWjkKM2NrVlJ6MHFBdXA4dHluVzJIMkFoQlJZcW5UNGFmNURvWkozbUdIVVdKYk1RWjVvMnIzVTd0dGwwamdwcjlFSwpyQXE1dlppM0h0S3FyR1VoN2xNMjhOb2paWHExY2luQnhScmZvMWVmeEpmVEZLaDFsZnQ2elE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo="
aws_region = "us-west-2"
15 changes: 15 additions & 0 deletions examples/prebuilt/variables.tf
Original file line number Diff line number Diff line change
@@ -2,3 +2,18 @@
variable "github_app_key_base64" {}

variable "github_app_id" {}

variable "runner_os" {
type = string
default = "linux"
}

variable "ami_name_filter" {
type = string
default = "github-runner-amzn2-x86_64-2021*"
ScottGuymer marked this conversation as resolved.
Show resolved Hide resolved
}

variable "aws_region" {
type = string
default = "eu-west-1"
}
2 changes: 1 addition & 1 deletion examples/prebuilt/vpc.tf
Original file line number Diff line number Diff line change
@@ -2,6 +2,6 @@ module "vpc" {
source = "git::https://github.com/philips-software/terraform-aws-vpc.git?ref=2.2.0"

environment = local.environment
aws_region = local.aws_region
aws_region = var.aws_region
create_private_hosted_zone = false
}
2 changes: 1 addition & 1 deletion images/README.md
Original file line number Diff line number Diff line change
@@ -4,7 +4,7 @@ The images inside this folder are pre-built images designed to shorten the boot

These images share the same scripting as used in the user-data mechanism in `/modules/runners/templates/`. We use a `tempaltefile` mechanism to insert the relevant script fragments into the scripts used for provisioning the images.

The example in `linux-amzn2` also uploads a `start-runner.sh` script that uses the exact same startup process as used in the user-data mechanism. This means that the image created here does not need any extra scripts injected or changes to boot up and connect to GH.
The examples in `linux-amzn2` and `windows-core-2019` also uploads a `start-runner` script that uses the exact same startup process as used in the user-data mechanism. This means that the image created here does not need any extra scripts injected or changes to boot up and connect to GH.
ScottGuymer marked this conversation as resolved.
Show resolved Hide resolved

## Building your own

8 changes: 8 additions & 0 deletions images/install-runner.ps1
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
#!/bin/bash -e

user_name=ec2-user

## This wrapper file re-uses scripts in the /modules/runners/templates directory
## of this repo. These are the same that are used by the user_data functionality
## to bootstrap the instance if it is started from an existing AMI.
${install_runner}
37 changes: 37 additions & 0 deletions images/windows-core-2019/bootstrap_win.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
<powershell>
ScottGuymer marked this conversation as resolved.
Show resolved Hide resolved

write-output "Running User Data Script"
ScottGuymer marked this conversation as resolved.
Show resolved Hide resolved
write-host "(host) Running User Data Script"

Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction Ignore

# Don't set this before Set-ExecutionPolicy as it throws an error
$ErrorActionPreference = "stop"

# Remove HTTP listener
Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse

# Create a self-signed certificate to let ssl work
$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "packer"
New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint -Force

# WinRM
write-output "Setting up WinRM"
write-host "(host) setting up WinRM"

cmd.exe /c winrm quickconfig -q
ScottGuymer marked this conversation as resolved.
Show resolved Hide resolved
cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'
cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'
cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'
cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTPS" "@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}"
cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes
cmd.exe /c netsh firewall add portopening TCP 5986 "Port 5986"
cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm

</powershell>
64 changes: 64 additions & 0 deletions images/windows-core-2019/github_agent.windows.pkr.hcl
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
packer {
required_plugins {
amazon = {
version = ">= 0.0.2"
source = "github.com/hashicorp/amazon"
}
}
}

variable "action_runner_url" {
description = "The URL to the tarball of the action runner"
type = string
default = "https://github.com/actions/runner/releases/download/v2.285.1/actions-runner-win-x64-2.285.1.zip"
}

variable "region" {
description = "The region to build the image in"
type = string
default = "eu-west-1"
}

source "amazon-ebs" "githubrunner" {
ami_name = "github-runner-windows-core-2019-${formatdate("YYYYMMDDhhmm", timestamp())}"
communicator = "winrm"
instance_type = "t3a.medium"
region = var.region
source_ami_filter {
filters = {
name = "Windows_Server-2019-English-Core-Base-*"
ScottGuymer marked this conversation as resolved.
Show resolved Hide resolved
root-device-type = "ebs"
virtualization-type = "hvm"
}
most_recent = true
owners = ["amazon"]
}
tags = {
OS_Version = "windows-core-2019"
Release = "Latest"
Base_AMI_Name = "{{ .SourceAMIName }}"
}
user_data_file = "./bootstrap_win.txt"
winrm_insecure = true
winrm_port = 5986
winrm_use_ssl = true
winrm_username = "Administrator"
}

build {
name = "githubactions-runner"
sources = [
"source.amazon-ebs.githubrunner"
]

provisioner "file" {
content = templatefile("../../modules/runners/templates/start-runner.ps1", {})
ScottGuymer marked this conversation as resolved.
Show resolved Hide resolved
ScottGuymer marked this conversation as resolved.
Show resolved Hide resolved
destination = "C:\\start-runner.ps1"
}

provisioner "powershell" {
inline = [templatefile("./windows-provisioner.ps1", {
action_runner_url = var.action_runner_url
})]
}
}
52 changes: 52 additions & 0 deletions images/windows-core-2019/windows-provisioner.ps1
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
$ErrorActionPreference = "Continue"
$VerbosePreference = "Continue"

# Install Chocolatey
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12
$env:chocolateyUseWindowsCompression = 'true'
Invoke-WebRequest https://chocolatey.org/install.ps1 -UseBasicParsing | Invoke-Expression

# Add Chocolatey to powershell profile
$ChocoProfileValue = @'
$ChocolateyProfile = "$env:ChocolateyInstall\helpers\chocolateyProfile.psm1"
if (Test-Path($ChocolateyProfile)) {
Import-Module "$ChocolateyProfile"
}

refreshenv
'@
# Write it to the $profile location
Set-Content -Path "$PsHome\Microsoft.PowerShell_profile.ps1" -Value $ChocoProfileValue -Force
# Source it
. "$PsHome\Microsoft.PowerShell_profile.ps1"

refreshenv

Write-Host "Installing cloudwatch agent..."
Invoke-WebRequest -Uri https://s3.amazonaws.com/amazoncloudwatch-agent/windows/amd64/latest/amazon-cloudwatch-agent.msi -OutFile C:\amazon-cloudwatch-agent.msi
$cloudwatchParams = '/i', 'C:\amazon-cloudwatch-agent.msi', '/qn', '/L*v', 'C:\CloudwatchInstall.log'
Start-Process "msiexec.exe" $cloudwatchParams -Wait -NoNewWindow
Remove-Item C:\amazon-cloudwatch-agent.msi

# Install dependent tools
Write-Host "Installing additional development tools"
choco install git awscli -y
refreshenv

Write-Host "Creating actions-runner directory for the GH Action installtion"
New-Item -ItemType Directory -Path C:\actions-runner ; Set-Location C:\actions-runner

Write-Host "Downloading the GH Action runner from ${action_runner_url}"
Invoke-WebRequest -Uri ${action_runner_url} -OutFile actions-runner.zip

Write-Host "Un-zip action runner"
Expand-Archive -Path actions-runner.zip -DestinationPath .

Write-Host "Delete zip file"
Remove-Item actions-runner.zip

$action = New-ScheduledTaskAction -WorkingDirectory "C:\actions-runner" -Execute "PowerShell.exe" -Argument "-File C:\start-runner.ps1"
$trigger = New-ScheduledTaskTrigger -AtStartup
Register-ScheduledTask -TaskName "runnerinit" -Action $action -Trigger $trigger -User System -RunLevel Highest -Force

C:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\InitializeInstance.ps1 -Schedule