Use HashiCorp Packer to Automate Machine Images in Azure

HashiCorp Packer

Posted By : Subramani Sundaram

Added :

No Comments


HashiCorp Packer automates the creation of any type of machine image. It embraces modern configuration management by encouraging you to use automated scripts to install and configure the software within your Packer-made images.

Packer brings machine images into the modern age, unlocking untapped potential and opening new opportunities.

Packer can create Azure virtual machine images through variety of ways depending on the strategy that you want to use for building the images. Packer supports the following builders for Azure images at the moment:

  • azure-arm — Uses Azure Resource Manager (ARM) to launch a virtual machine (VM) from which a new image is captured after provisioning. If in doubt, use this builder; it is the easiest builder to get started with.
HashiCorp Packer

Authentication for Azure

The Packer Azure builders provide a couple of ways to authenticate to Azure. The following methods are available and are explained below:

  • Azure Active Directory interactive login. Interactive login is available for the Public and US Gov clouds only.
  • Azure Managed Identity
  • Azure Active Directory Service Principal

How to use Packer to create Linux virtual machine images in Azure

Each virtual machine (VM) in Azure is created from an image that defines the Linux distribution and OS version. Images can include pre-installed applications and configurations.

The Azure Marketplace provides many first and third-party images for most common distributions and application environments, or you can create your own custom images tailored to your needs.

Steps to use image with Azure :

  1. Create Azure resource group
  2. Create Azure credentials
  3. Define Packer template
  4. Build Packer image
  5. Create VM from Azure Image
  6. Test VM and NGINX

During the build process, Packer creates temporary Azure resources as it builds the source VM. To capture that source VM for use as an image, you must define a resource group. The output from the Packer build process is stored in this resource group.

az group create -n myResourceGroup -l eastus

azure create resource group

Packer authenticates with Azure using a service principal. An Azure service principal is a security identity that you can use with apps, services, and automation tools like Packer. You control and define the permissions as to what operations the service principal can perform in Azure.

az ad sp create-for-rbac — query “{ client_id: appId, client_secret: password, tenant_id: tenant }”

azure create service principal

To authenticate to Azure, you also need to obtain your Azure subscription ID

az account show — query “{ subscription_id: id }”

azure show subscription

Next , we need to create a new json file to create a packer image from the above service principal that we have created.

To build images, you create a template as a JSON file. In the template, you define builders and provisioners that carry out the actual build process

Create a file named ubuntu.json and paste the following content. Enter your own values for the following:

azure json template
azure json template 2

We need to save it on a file called as ubuntu.json by filling the other details that are marked as xxx and ten we can save it and run it.

Build the image by specifying your Packer template file as follows:

./packer build ubuntu.json

hashicorp packer template file

We can now create a VM from the Image that we created above . We need to specify the image you created with the --image parameter.

az vm create \
— resource-group myResourceGroup \
— name myVM \
— image myPackerImage \
— admin-username azureuser \
— generate-ssh-keys

To allow web traffic to reach your VM, open port 80 from the Internet.

az vm open-port \
— resource-group myResourceGroup \
— name myVM \
— port 80

Now , we can check our VM public IP and we will get the below output.

azure nginx

How to use Packer to create Windows virtual machine images in Azure

Each virtual machine (VM) in Azure is created from an image that defines the Windows distribution and OS version. Images can include pre-installed applications and configurations.

The Azure Marketplace provides many first and third-party images for most common distributions and application environments, or you can create your own custom images tailored to your needs.

Steps to use image with Azure :

  1. Create Azure resource group
  2. Create Azure credentials
  3. Define Packer template
  4. Build Packer image
  5. Create VM from Azure Image
  6. Test VM and NGINX

During the build process, Packer creates temporary Azure resources as it builds the source VM. To capture that source VM for use as an image, you must define a resource group. The output from the Packer build process is stored in this resource group.

$rgName = “myPackerGroup”
$location = “East US”
New-AzResourceGroup -Name $rgName -Location $location

hashicorp packer output

Packer authenticates with Azure using a service principal. An Azure service principal is a security identity that you can use with apps, services, and automation tools like Packer.

$sp = New-AzADServicePrincipal -DisplayName “PackerSP$(Get-Random)”
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($sp.Secret)
$plainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)

$plainPassword
$sp.ApplicationId

Get-AzSubscription

hashicorp packer azure authentication

To build images, you create a template as a JSON file. In the template, you define builders and provisioners that carry out the actual build process.

Create a file named windows.json and paste the following content. Enter your own values for the following:

azure json template 3
azure json template 4

This template builds a Windows Server 2016 VM, installs IIS, then generalizes the VM with Sysprep. The IIS install shows how you can use the PowerShell provisioner to run additional commands. The final Packer image then includes the required software install and configuration.

Build the image by opening a cmd prompt and specifying your Packer template file as follows:

./packer build windows.json

hashicorp packer template file 2

You can now create a VM from your Image with New-AzVM. The supporting network resources are created if they do not already exist.

When prompted, enter an administrative username and password to be created on the VM. The following example creates a VM named myVM from myPackerImage.

New-AzVm `
-ResourceGroupName $rgName `
-Name “myVM” `
-Location $location `
-VirtualNetworkName “myVnet” `
-SubnetName “mySubnet” `
-SecurityGroupName “myNetworkSecurityGroup” `
-PublicIpAddressName “myPublicIpAddress” `
-OpenPorts 80 `
-Image “myPackerImage”

Obtain the public IP address of your VM with Get-AzPublicIPAddress. The following example obtains the IP address for myPublicIP created earlier.

Get-AzPublicIPAddress `
-ResourceGroupName $rgName `
-Name “myPublicIPAddress” | select “IpAddress”

To see your VM, that includes the IIS install from the Packer provisioner, in action, enter the public IP address in to a web browser.

hashicorp-packer-output-2

How to use Packer to create machine images in Azure using Azure DevOps CICD process.

  1. Check in that ubuntu or windows json file for the packer image creation .
hashicorp packer create azure machine image

2. Create a CI pipeline with all the above manual steps that we have seen above , after including all we will see the pipeline steps as below.

hashicorp-packer-create-azure-machine-image-2
hashicorp-packer-create-azure-machine-image-3
hashicorp-packer-create-azure-machine-image-4

Once after we run the pipeline we will see the output as below .

hashicorp-packer-create-azure-machine-image-5
hashicorp-packer-create-azure-machine-image-6
hashicorp-packer-create-azure-machine-image-7
hashicorp-packer-create-azure-machine-image-8
hashicorp-packer-create-azure-machine-image-9
hashicorp-packer-create-azure-machine-image-10

So we have seen 2 ways to create a packer image and then we can create a VM from that customized image from the packer. We can also add the port number and then we can try to access the VM from the other public IP.

Comment below or Contact us for any further query related to Microsoft Azure.

Related Courses

VILT & Self-Paced

AZ-204 Developing Solutions for Microsoft Azure

This self-paced course will help you prepare for the Azure Developer certification exam AZ-204: Developing Solutions for Microsoft Azure.

Self-Paced

AZ-900: Microsoft Azure Fundamentals Tutorial

AZ-900: Microsoft Azure Fundamentals Tutorial provides foundational level knowledge on cloud concepts; core Azure services; security, privacy, compliance, and trust; and Azure pricing and support.

Self-Paced

AZ-400 Designing and Implementing Microsoft DevOps Solutions

This self-paced course will help you prepare for the Azure DevOps certification exam AZ-400: Designing and Implementing Microsoft DevOps Solutions.

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments