Packer - kamialie/knowledge_corner GitHub Wiki

Contents

General

Packer workflow:

  1. Builders - connect to provide (fe AWS) and launch an instance
  2. Provisioners - perform customization (fe using Ansible)
  3. Post-Processors (optional) - tasks after image has been created

Builders

Use packer validate TEMPLATE.json to check basic syntax and configuration errors.

Getting images require credentials on the chosen provider. The following variables block is put at the same level as buidlers and provides vendor specific variables for authentication:

{
	"variables": {
		"aws_access_key": null
		"aws_secret_key": null
	}
	"builders":[{
		"var": "data"
		"access_key": "{{ user `aws_access_key` }}"
		"secret_key": "{{ user `aws_secret_key` }}"
	}]
}

Variables can be passed through cli via -var key=value parameter or by passing json file via -var-file FILENAME parameter or through environment variables:

variables.json

{
	"aws_access_key": null
	"aws_secret_key": null
}

environment variables example:

{
	"variables": {
		"aws_access_key": "{{ env `AWS_ACCESS_KEY` }}"
		"aws_secret_key": "{{ env `AWS_SECRET_KEY` }}"
	}
	"builders":[{
		"var": "data"
		"access_key": "{{ user `aws_access_key` }}"
		"secret_key": "{{ user `aws_secret_key` }}"
	}]
}

Debug mode (-debug parameter) makes packer stop at every stage and wait for confirmation. Setting environment variable PACKER_LOG to anything other than empty string makes packer output all debuging information.

dev-sec.io provides hardening automation scripts (including ansible) to provide extra security to an image. Can be used to create a personal hardened image.

Provisioners

shell

{
	"provisioners: [
		{
			"type": "shell",
			"inline": "echo 'Hello world!'"
		}
	]
}

file

{
	"provisioners: [
		{
			"type": "file",
			"source": "path/to/file/or/directory",
			"destination": "path/to/file/or/directory"
		}
	]
}

ansible

Regular playbook can be passed as an argument to ansible provisioner. Set all for hosts, as packer will pass the inventory itself.

{
	"provisioners: [
		{
			"type": "ansible",
			"playbook_file": "path/to/file/playbook"
		}
	]
}

Post-processors

manifest file

Creates manifest file containing summary information about image being built.

{
	"post-processors: [
		{
			"type": "manifest",
			"output": "manifest.json",
			"strip_path": true
		}
	]
}