官网:<https://developer.hashicorp.com/packer>
文档:<https://developer.hashicorp.com/packer/docs>
公司现有构建镜像代码库地址:https://gitlab.ushareit.me/sre/packer.git
简介
通过模板定义配置,使用插件构建 AWS、Azure、GCP、阿里云、华为云、腾讯云等多种云或 Saas 平台系统镜像的开源工具,可用外部插件配置文档:<https://developer.hashicorp.com/packer/plugins>
安装
下载地址,页面已包含各种系统安装说明:<https://developer.hashicorp.com/packer/downloads>
- Mac
brew install packer
packer -autocomplete-install- CentOS/RHEL
sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
sudo yum -y install packer
packer -autocomplete-install- Amazon Linux
sudo yum install -y yum-utils shadow-utils
sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/AmazonLinux/hashicorp.repo
sudo yum -y install packer
packer -autocomplete-installPacker 注意事项
编写镜像定义模板文件,Packer 1.5及以上版本支持并推荐使用 HCL2(HashiCorp Configuration Language)模板。文件名后缀为 .pkr.hcl 或 .pkr.json 解析为 HCL2 模式,其它情况则使用老版 JSON 模式解析。
HCL 具体说明:<https://developer.hashicorp.com/packer/docs/templates/hcl_templates>
常用命令简单说明
详细说明:<https://developer.hashicorp.com/packer/docs/commands>
注意事项:命令后[]及包含的内容代表可选项
- 格式化配置文件,
.即为当前目录,-check只检查是否已经格式化过,不修改文件,具体说明:<https://www.terraform.io/cli/commands/fmt>packer fmt [-check] [文件或目录路径] - 检验配置文件语法是否有效,具体说明:<https://developer.hashicorp.com/packer/docs/commands/validate>
packer validate [参数选项] - 将 JSON 配置模板转义为格式化 HCL2 副本,新文件名为旧文件名后缀替换为 .pkr.hcl,具体说明:<https://developer.hashicorp.com/packer/docs/commands/hcl2_upgrade>
packer hcl2_upgrade [文件路径] - 构建镜像,具体说明:<https://developer.hashicorp.com/packer/docs/commands/build>
packer build [参数选项] [文件或目录路径]
AWS
详细文档:<https://developer.hashicorp.com/packer/plugins/builders/amazon>
谷歌云
详细文档:<https://developer.hashicorp.com/packer/plugins/builders/googlecompute>
华为云
详细文档:<https://developer.hashicorp.com/packer/plugins/builders/openstack>
AWS EC2 示例
本次使用 AWS 账号作为示例说明。
1. 安装 Packer CLI 程序。
2. 新建 AWS 程序密钥,授予权限如下:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:AttachVolume",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CopyImage",
"ec2:CreateImage",
"ec2:CreateKeypair",
"ec2:CreateSecurityGroup",
"ec2:CreateSnapshot",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:DeleteKeyPair",
"ec2:DeleteSecurityGroup",
"ec2:DeleteSnapshot",
"ec2:DeleteVolume",
"ec2:DeregisterImage",
"ec2:DescribeImageAttribute",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:DescribeRegions",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSnapshots",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVpcs",
"ec2:DetachVolume",
"ec2:GetPasswordData",
"ec2:ModifyImageAttribute",
"ec2:ModifyInstanceAttribute",
"ec2:ModifySnapshotAttribute",
"ec2:RegisterImage",
"ec2:RunInstances",
"ec2:StopInstances",
"ec2:TerminateInstances"
],
"Resource": "*"
}
]
}3. 设置环境变量关联 AWS 程序密钥或者运行命令 aws configure 直接永久保存密钥配置:
export AWS_ACCESS_KEY_ID=申请的AK
export AWS_SECRET_ACCESS_KEY=申请的SK4. 新建模板配置文件:aws.pkr.hcl:
variable "ImageVersion" {
type = string
}
data "amazon-ami" "main" {
filters = {
name = "amzn2-ami-kernel-*-hvm-*-x86_64-gp2"
root-device-type = "ebs"
virtualization-type = "hvm"
}
most_recent = true
owners = ["137112412989"]
region = "ap-southeast-1"
}
source "amazon-ebs" "main" {
ami_block_device_mappings {
delete_on_termination = true
device_name = "/dev/xvda"
volume_type = "gp3"
}
ami_description = "awscli lrzsz node_exporter obsutil openssh tmux"
ami_name = "dongsong-test-v${var.ImageVersion}"
ami_regions = ["ap-south-1"]
ami_users = ["404486105145"]
instance_type = "t3.medium"
region = "ap-southeast-1"
source_ami = "${data.amazon-ami.main.id}"
ssh_clear_authorized_keys = true
ssh_username = "ec2-user"
subnet_id = "subnet-0a95dbf475604da5d"
tags = {
"sgt:env" = "prod"
"sgt:group" = "SGT"
"sgt:project" = "image"
"sgt:subgroup" = "SRE"
}
}
build {
sources = ["source.amazon-ebs.main"]
provisioner "shell" {
scripts = ["image-init.sh", "aws-init.sh"]
}
}5. 格式化配置:
packer fmt aws.pkr.hcl6. 检查语法:
packer validate -var "ImageVersion=1" aws.pkr.hcl7. 构建镜像:
packer build -var "ImageVersion=1" aws.pkr.hcl
