A set of Packer configurations to create compute images.
Switch to the packer sub-directory.
-
You can build a single image by running:
packer build -only=virtualbox-iso instance.jsonReplacing
virtualbox-isowithvmware-isoorgooglecomputeas needed.If you use
googlecompute, you will need to specify additional variables, so your command may look like:packer build -only=googlecompute -var ssh_username=ubuntu -var googlecompute_account_file=account.json -var googlecompute_project_id=<your project id> instance.jsonThe
googlecompute_account_fileis a service account's JSON credential file as mentioned in the Packer Google Compute Builder documentation. -
You need to install the Ansible roles to provision the image.
ansible-galaxy install -r ../ansible/requirements.yaml -
Modify or delete the
ansible.cfgto point to the directory which contains your Ansible roles. -
If you are building a VirtualBox or VMWare image, you can use it with Vagrant, by running the following:
vagrant box add ubuntu1804 box/virtualbox/ubuntu1804-0.1.0.box # or vagrant box add ubuntu1804 box/vmware_desktop/ubuntu1804-0.1.0.box vagrant init ubuntu1804
If you want to automate this build in Google Cloud Build,
one way you can do that is by setting up a service account, encrypting the
account's credentials and adding the encrypted file to the repository,
adding a cloudbuild.yaml, and setting up the Google Cloud Build trigger.
You will need to create a Google Cloud Service account with
Compute Engine Instance Admin (v1) and Service Account User roles.
Then create a credentials JSON file. See the
Packer Google Compute Builder page for more details.
Then, encrypt the credentials file (renamed to account.json) using
Google KMS after setting up a Google KMS keyring:
gcloud kms encrypt \
--plaintext-file=account.json \
--ciphertext-file=account.json.enc \
--location=[KEYRING-LOCATION] \
--keyring=[KEYRING-NAME] \
--key=[KEY-NAME]
Add the account.json.enc file to the repository in the packer sub-directory.
You will need to add Packer as a Docker image in your GCP project's container registry. See the Google Cloud Builders Community Packer image.
You can use a cloudbuild.yaml like:
steps:
- name: gcr.io/cloud-builders/gcloud
args:
- kms
- decrypt
- --ciphertext-file=packer/account.json.enc
- --plaintext-file=packer/account.json
- --location=[KEYRING-LOCATION]
- --keyring=core-[KEYRING-NAME]
- --key=[KEY-NAME]
id: decrypt credentials
- name: gcr.io/$PROJECT_ID/packer
args:
- build
- -only=googlecompute
- -var
- ssh_username=ubuntu
- -var
- googlecompute_account_file=account.json
- -var
- googlecompute_project_id=$PROJECT_ID
- instance.json
dir: packer
id: build image with packer
timeout: 1200sAdd the cloudbuild.yaml to the repository and create a
Cloud Build trigger.