「vagrant provision example」には非常に時間がかかる場合がある。
作成済みboxをs3 privateに置く事で、複数人の利用者が使う場合、boxのダウンロードだけという短時間で済む。
[account1] aws_access_key_id = **** aws_secret_access_key = **** [account2] role_arn = arn:aws:iam::<account2 id>:role/<role name> source_profile = account1
ENV['AWS_PROFILE'] = 'example' ENV['AWS_REGION'] = 'ap-northeast-1' ENV['AWS_ACCESS_KEY_ID'] = 'AS***' ENV['AWS_SECRET_ACCESS_KEY'] = '***' ENV['AWS_SESSION_TOKEN'] = '***'
def aws_credentials(aws_profile, aws_region) ENV.delete_if { |name| name.start_with?('AWS_') } # Filter out rogue env vars. ENV['AWS_PROFILE'] = aws_profile ENV['AWS_REGION'] = aws_region unless ENV.has_key?('AWS_ACCESS_KEY_ID') sts_client = Aws::STS::Client.new(profile: ENV['AWS_PROFILE']) caller_identity = sts_client.get_caller_identity() # https://docs.aws.amazon.com/sdkforruby/api/Aws/STS/Client.html#assume_role-instance_method role_arn = sprintf("arn:aws:iam::%s:role/%s", caller_identity.account, caller_identity.arn.split('/')[1]) sts_creds = sts_client.assume_role({ role_arn: role_arn, role_session_name: "vagrant", }) ENV['AWS_ACCESS_KEY_ID'] = sts_creds.credentials.access_key_id ENV['AWS_SECRET_ACCESS_KEY'] = sts_creds.credentials.secret_access_key ENV['AWS_SESSION_TOKEN'] = sts_creds.credentials.session_token end end if vgconfig.has_key?("aws_profile") and ( ARGV[0].downcase == 'up' or ARGV[0].downcase == 'box' ) aws_credentials(vgconfig["aws_profile"], vgconfig["aws_region"]) end
Message: Aws::STS::Errors::AccessDenied: User: arn:aws:sts::***:assumed-role/***readonly/default_session is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::***:role/***readonly
vmconfig.vm.box = "centos-7-zabbix-3-server" vmconfig.vm.box_url = "s3://bucket/zabbix/3/vagrant/x86_64/centos-7-zabbix-3-server.json" vmconfig.vm.box_version = "20190102.1" # 古いバージョンを明示的に指定する場合。省略すると最新
利用側:
作成側:
s3://<bucket>/<app>/<app major version>/vagrant/<arch>/<os>-<os major version>-<app>-<app major version>-<app type>_<arch>_<build major version>.<build miner version>_<vm type>.box s3://bucket/zabbix/3/vagrant/x86_64/centos-7-zabbix-3-server_x86_64_20190102.1_virtualbox.box
{ "description": "CentOS 7, zabbix 3 server", "name": "centos-7-zabbix-3-server", "versions": [ { "providers": [ { "checksum": "0000000000000000000000000000000000000000", "checksum_type": "sha1", "name": "virtualbox", "url": "s3://bucket/zabbix/3/vagrant/x86_64/centos-7-zabbix-3-server_x86_64_20190102.1_virtualbox.box" } ], "version": "20190102.1" }, { "providers": [ { "checksum": "0000000000000000000000000000000000000000", "checksum_type": "sha1", "name": "virtualbox", "url": "s3://bucket/zabbix/3/vagrant/x86_64/centos-7-zabbix-3-server_x86_64_20190203.1_virtualbox.box" } ], "version": "20190203.1" } ] }
du -sh ~/vagrant/.vagrant.d/
vagrant box prune
vagrant box list
# yumのキャッシュを削除 yum clean all # 圧縮が効きやすいように0で埋めて、消す。rmを2行に分割すると、 「/home/vagrant/.ansible/tmp/ansible-tmp-XXXX」で失敗するので、1行にした。 dd if=/dev/zero of=/EMPTY bs=1M || echo "dd exit code $? is suppressed" && rm -f /EMPTY
環境:
サイズ:
vboxmanageを使った圧縮:
vboxmanage list hdds ... UUID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx ...
vboxmanage clonehd <name>.vmdk <name>.vdi --format vdi vboxmanage modifyhd <name>.vdi --compact rm <name>.vmdk vboxmanage clonehd <name>.vdi <name>.vmdk --format vmdk