arm

package
v0.10.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 30, 2016 License: MPL-2.0, MIT Imports: 44 Imported by: 0

README

packer-azure-arm

The ARM flavor of packer-azure utilizes the Azure Resource Manager APIs. Please see the overview for more information about ARM as well as the benefit of ARM.

Device Login vs. Service Principal Name (SPN)

There are two ways to get started with packer-azure. The simplest is device login, and only requires a Subscription ID. Device login is only supported for Linux based VMs. The second is the use of an SPN. We recommend the device login approach for those who are first time users, and just want to ''kick the tires.'' We recommend the SPN approach if you intend to automate Packer, or you are deploying Windows VMs.

Device Login

A sample template for device login is show below. There are three pieces of information you must provide to enable device login mode.

  1. SubscriptionID
  2. Resource Group - parent resource group that Packer uses to build an image.
  3. Storage Account - storage account where the image will be placed.

Device login mode is enabled by not setting client_id, client_secret, and tenant_id.

The device login flow asks that you open a web browser, navigate to http://aka.ms/devicelogin, and input the supplied code. This authorizes the Packer for Azure application to act on your behalf. An OAuth token will be created, and stored in the user's home directory (~/.azure/packer/oauth-TenantID.json, and TenantID will be replaced with the actual Tenant ID). This token is used if it exists, and refreshed as necessary.

{
    "variables": {
        "sid": "your_subscription_id",
        "rgn": "your_resource_group",
        "sa": "your_storage_account"
    },
    "builders": [
        {
            "type": "azure-arm",

            "subscription_id": "{{user `sid`}}",

            "resource_group_name": "{{user `rgn`}}",
            "storage_account": "{{user `sa`}}",

            "capture_container_name": "images",
            "capture_name_prefix": "packer",

            "os_type": "Linux",
            "image_publisher": "Canonical",
            "image_offer": "UbuntuServer",
            "image_sku": "14.04.3-LTS",

            "location": "South Central US",
            "vm_size": "Standard_A2"
        }
    ],
    "provisioners": [
        {
            "execute_command": "chmod +x {{ .Path }}; {{ .Vars }} sudo -E sh '{{ .Path }}'",
            "inline": [
                "apt-get update",
                "apt-get upgrade -y",

                "/usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync"
            ],
            "inline_shebang": "/bin/sh -x",
            "type": "shell"
        }
    ]
}

Service Principal Name

The ARM APIs use OAUTH to authenticate, and requires an SPN. The following articles are a good starting points for creating a new SPN.

There are three (four in the case of Windows) pieces of configuration you need to note after creating an SPN.

  1. Client ID (aka Service Principal ID)
  2. Client Secret (aka Service Principal generated key)
  3. Client Tenant (aka Azure Active Directory tenant that owns the Service Principal)
  4. Object ID (Windows only) - a certificate is used to authenticate WinRM access, and the certificate is injected into the VM using Azure Key Vault. Access to the key vault is protected by an ACL associated with the SPN's ObjectID. Linux does not need nor use a key vault, so there's no need to know the ObjectID.

You will also need the following.

  1. Subscription ID
  2. Resource Group
  3. Storage Account

Resource Group is where your storage account is located, and Storage Account is where the created packer image will be stored.

The Service Principal has been tested with the following permissions. Please review the document for the built in roles for more details.

  • Owner

NOTE: the Owner role is too powerful, and more explicit set of roles is TBD. Issue #183 is tracking this work. Permissions can be scoped to a specific resource group to further limit access.

Sample Ubuntu

The following is a sample Packer template for use with the Packer Azure for ARM builder.

{
    "variables": {
        "cid": "your_client_id",
        "cst": "your_client_secret",
        "tid": "your_client_tenant",
        "sid": "your_subscription_id",

        "rgn": "your_resource_group",
        "sa": "your_storage_account"
    },
    "builders": [
        {
            "type": "azure-arm",

            "client_id": "{{user `cid`}}",
            "client_secret": "{{user `cst`}}",
            "subscription_id": "{{user `sid`}}",
            "tenant_id": "{{user `tid`}}",

            "resource_group_name": "{{user `rgn`}}",
            "storage_account": "{{user `sa`}}",

            "capture_container_name": "images",
            "capture_name_prefix": "packer",

            "os_type": "Linux",
            "image_publisher": "Canonical",
            "image_offer": "UbuntuServer",
            "image_sku": "14.04.3-LTS",

            "location": "South Central US",

            "vm_size": "Standard_A2"
        }
    ],
    "provisioners": [
        {
            "execute_command": "chmod +x {{ .Path }}; {{ .Vars }} sudo -E sh '{{ .Path }}'",
            "inline": [
                "apt-get update",
                "apt-get upgrade -y",

                "/usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync"
            ],
            "inline_shebang": "/bin/sh -x",
            "type": "shell"
        }
    ]
}

Using the above template, Packer would be invoked as follows.

NOTE: the following variables must be changed based on your subscription. These values are just dummy values, but they match format of expected, e.g. if the value is a GUID the sample is a GUID.

packer build^
  -var cid="593c4dc4-9cd7-49af-9fe0-1ea5055ac1e4"^
  -var cst="GbzJfsfrVkqL/TLfZY8TXA=="^
  -var sid="ce323e74-56fc-4bd6-aa18-83b6dc262748"^
  -var tid="da3847b4-8e69-40bd-a2c2-41da6982c5e2"^
  -var rgn="My Resource Group"^
  -var sa="mystorageaccount"^
  c:\packer\ubuntu_14_LTS.json

Please see the config_sameples/arm directory for more examples of usage.

Documentation

Index

Constants

View Source
const (
	DefaultPublicIPAddressName = "packerPublicIP"
	DefaultSasBlobContainer    = "system/Microsoft.Compute"
	DefaultSasBlobPermission   = "r"
	DefaultSecretName          = "packerKeyVaultSecret"
)
View Source
const (
	DefaultCloudEnvironmentName = "Public"
	DefaultImageVersion         = "latest"
	DefaultUserName             = "packer"
	DefaultVMSize               = "Standard_A1"
)
View Source
const (
	DeployCanceled  = "Canceled"
	DeployFailed    = "Failed"
	DeployDeleted   = "Deleted"
	DeploySucceeded = "Succeeded"
)
View Source
const (
	TempNameAlphabet     = "0123456789bcdfghjklmnpqrstvwxyz"
	TempPasswordAlphabet = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
)
View Source
const (
	BuilderId = "Azure.ResourceManagement.VMImage"
)
View Source
const (
	EnvPackerLogAzureMaxLen = "PACKER_LOG_AZURE_MAXLEN"
)
View Source
const (
	KeySize = 2048
)
View Source
const KeyVault = `` /* 2304-byte string literal not displayed */

Template to deploy a KeyVault.

NOTE: the parameters for the KeyVault template are identical to Windows template. Keeping these values in sync simplifies the code at the expense of template bloat. This bloat may be addressed in the future.

View Source
const Linux = `` /* 5296-byte string literal not displayed */
View Source
const Windows = `` /* 5857-byte string literal not displayed */

Variables

This section is empty.

Functions

This section is empty.

Types

type Artifact added in v0.10.1

type Artifact struct {
	StorageAccountLocation string
	OSDiskUri              string
	TemplateUri            string
	OSDiskUriReadOnlySas   string
	TemplateUriReadOnlySas string
}

func NewArtifact added in v0.10.1

func NewArtifact(template *CaptureTemplate, getSasUrl func(name string) string) (*Artifact, error)

func (*Artifact) BuilderId added in v0.10.1

func (*Artifact) BuilderId() string

func (*Artifact) Destroy added in v0.10.1

func (*Artifact) Destroy() error

func (*Artifact) Files added in v0.10.1

func (*Artifact) Files() []string

func (*Artifact) Id added in v0.10.1

func (*Artifact) Id() string

func (*Artifact) State added in v0.10.1

func (*Artifact) State(name string) interface{}

func (*Artifact) String added in v0.10.1

func (a *Artifact) String() string

type Authenticate added in v0.10.1

type Authenticate struct {
	// contains filtered or unexported fields
}

func NewAuthenticate added in v0.10.1

func NewAuthenticate(env azure.Environment, clientID, clientSecret, tenantID string) *Authenticate

type AzureClient

func NewAzureClient

func NewAzureClient(subscriptionID, resourceGroupName, storageAccountName string,
	servicePrincipalToken, servicePrincipalTokenVault *azure.ServicePrincipalToken) (*AzureClient, error)

type Builder

type Builder struct {
	// contains filtered or unexported fields
}

func (*Builder) Cancel

func (b *Builder) Cancel()

func (*Builder) Prepare

func (b *Builder) Prepare(raws ...interface{}) ([]string, error)

func (*Builder) Run

func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packer.Artifact, error)

type CaptureBootDiagnostics added in v0.10.1

type CaptureBootDiagnostics struct {
	Enabled bool `json:"enabled"`
}

type CaptureDiagnosticProfile added in v0.10.1

type CaptureDiagnosticProfile struct {
	BootDiagnostics CaptureBootDiagnostics `json:"bootDiagnostics"`
}

type CaptureDisk added in v0.10.1

type CaptureDisk struct {
	OSType       string     `json:"osType"`
	Name         string     `json:"name"`
	Image        CaptureUri `json:"image"`
	Vhd          CaptureUri `json:"vhd"`
	CreateOption string     `json:"createOption"`
	Caching      string     `json:"caching"`
}

type CaptureHardwareProfile added in v0.10.1

type CaptureHardwareProfile struct {
	VMSize string `json:"vmSize"`
}

type CaptureNetworkInterface added in v0.10.1

type CaptureNetworkInterface struct {
	Id string `json:"id"`
}

type CaptureNetworkProfile added in v0.10.1

type CaptureNetworkProfile struct {
	NetworkInterfaces []CaptureNetworkInterface `json:"networkInterfaces"`
}

type CaptureOSProfile added in v0.10.1

type CaptureOSProfile struct {
	ComputerName  string `json:"computerName"`
	AdminUsername string `json:"adminUsername"`
	AdminPassword string `json:"adminPassword"`
}

type CaptureOperation added in v0.10.1

type CaptureOperation struct {
	OperationId string                      `json:"operationId"`
	Status      string                      `json:"status"`
	Properties  *CaptureOperationProperties `json:"properties"`
}

type CaptureOperationProperties added in v0.10.1

type CaptureOperationProperties struct {
	Output *CaptureTemplate `json:"output"`
}

type CaptureProperties added in v0.10.1

type CaptureProperties struct {
	HardwareProfile    CaptureHardwareProfile   `json:"hardwareProfile"`
	StorageProfile     CaptureStorageProfile    `json:"storageProfile"`
	OSProfile          CaptureOSProfile         `json:"osProfile"`
	NetworkProfile     CaptureNetworkProfile    `json:"networkProfile"`
	DiagnosticsProfile CaptureDiagnosticProfile `json:"diagnosticsProfile"`
	ProvisioningState  int                      `json:"provisioningState"`
}

type CaptureResources added in v0.10.1

type CaptureResources struct {
	ApiVersion string            `json:"apiVersion"`
	Name       string            `json:"name"`
	Type       string            `json:"type"`
	Location   string            `json:"location"`
	Properties CaptureProperties `json:"properties"`
}

type CaptureStorageProfile added in v0.10.1

type CaptureStorageProfile struct {
	OSDisk CaptureDisk `json:"osDisk"`
}

type CaptureTemplate added in v0.10.1

type CaptureTemplate struct {
	Schema         string                              `json:"$schema"`
	ContentVersion string                              `json:"contentVersion"`
	Parameters     map[string]CaptureTemplateParameter `json:"parameters"`
	Resources      []CaptureResources                  `json:"resources"`
}

type CaptureTemplateParameter added in v0.10.1

type CaptureTemplateParameter struct {
	Type         string `json:"type"`
	DefaultValue string `json:"defaultValue,omitempty"`
}

type CaptureUri added in v0.10.1

type CaptureUri struct {
	Uri string `json:"uri"`
}

type Config

type Config struct {
	common.PackerConfig `mapstructure:",squash"`

	// Authentication via OAUTH
	ClientID       string `mapstructure:"client_id"`
	ClientSecret   string `mapstructure:"client_secret"`
	ObjectID       string `mapstructure:"object_id"`
	TenantID       string `mapstructure:"tenant_id"`
	SubscriptionID string `mapstructure:"subscription_id"`

	// Capture
	CaptureNamePrefix    string `mapstructure:"capture_name_prefix"`
	CaptureContainerName string `mapstructure:"capture_container_name"`

	// Compute
	ImagePublisher string `mapstructure:"image_publisher"`
	ImageOffer     string `mapstructure:"image_offer"`
	ImageSku       string `mapstructure:"image_sku"`
	ImageVersion   string `mapstructure:"image_version"`
	Location       string `mapstructure:"location"`
	VMSize         string `mapstructure:"vm_size"`

	// Deployment
	ResourceGroupName string `mapstructure:"resource_group_name"`
	StorageAccount    string `mapstructure:"storage_account"`

	CloudEnvironmentName string `mapstructure:"cloud_environment_name"`

	// OS
	OSType string `mapstructure:"os_type"`

	// Runtime Values
	UserName string
	Password string

	Comm communicator.Config `mapstructure:",squash"`
	// contains filtered or unexported fields
}

type DeploymentFactory

type DeploymentFactory struct {
	// contains filtered or unexported fields
}

type DeploymentPoller

type DeploymentPoller struct {
	// contains filtered or unexported fields
}

func NewDeploymentPoller

func NewDeploymentPoller(getProvisioningState func() (string, error)) *DeploymentPoller

func (*DeploymentPoller) PollAsNeeded

func (t *DeploymentPoller) PollAsNeeded() (string, error)

type OpenSshKeyPair

type OpenSshKeyPair struct {
	// contains filtered or unexported fields
}

func NewOpenSshKeyPair

func NewOpenSshKeyPair() (*OpenSshKeyPair, error)

func NewOpenSshKeyPairWithSize

func NewOpenSshKeyPairWithSize(keySize int) (*OpenSshKeyPair, error)

func (*OpenSshKeyPair) AuthorizedKey

func (s *OpenSshKeyPair) AuthorizedKey() string

func (*OpenSshKeyPair) PrivateKey

func (s *OpenSshKeyPair) PrivateKey() string

type StepCaptureImage

type StepCaptureImage struct {
	// contains filtered or unexported fields
}

func NewStepCaptureImage

func NewStepCaptureImage(client *AzureClient, ui packer.Ui) *StepCaptureImage

func (*StepCaptureImage) Cleanup

func (*StepCaptureImage) Run

type StepCreateResourceGroup

type StepCreateResourceGroup struct {
	// contains filtered or unexported fields
}

func NewStepCreateResourceGroup

func NewStepCreateResourceGroup(client *AzureClient, ui packer.Ui) *StepCreateResourceGroup

func (*StepCreateResourceGroup) Cleanup

func (s *StepCreateResourceGroup) Cleanup(state multistep.StateBag)

func (*StepCreateResourceGroup) Run

type StepDeleteOSDisk

type StepDeleteOSDisk struct {
	// contains filtered or unexported fields
}

func NewStepDeleteOSDisk

func NewStepDeleteOSDisk(client *AzureClient, ui packer.Ui) *StepDeleteOSDisk

func (*StepDeleteOSDisk) Cleanup

func (*StepDeleteOSDisk) Run

type StepDeleteResourceGroup

type StepDeleteResourceGroup struct {
	// contains filtered or unexported fields
}

func NewStepDeleteResourceGroup

func NewStepDeleteResourceGroup(client *AzureClient, ui packer.Ui) *StepDeleteResourceGroup

func (*StepDeleteResourceGroup) Cleanup

func (*StepDeleteResourceGroup) Run

type StepDeployTemplate

type StepDeployTemplate struct {
	// contains filtered or unexported fields
}

func NewStepDeployTemplate

func NewStepDeployTemplate(client *AzureClient, ui packer.Ui, template string) *StepDeployTemplate

func (*StepDeployTemplate) Cleanup

func (*StepDeployTemplate) Run

type StepGetCertificate added in v0.10.1

type StepGetCertificate struct {
	// contains filtered or unexported fields
}

func NewStepGetCertificate added in v0.10.1

func NewStepGetCertificate(client *AzureClient, ui packer.Ui) *StepGetCertificate

func (*StepGetCertificate) Cleanup added in v0.10.1

func (*StepGetCertificate) Run added in v0.10.1

type StepGetIPAddress

type StepGetIPAddress struct {
	// contains filtered or unexported fields
}

func NewStepGetIPAddress

func NewStepGetIPAddress(client *AzureClient, ui packer.Ui) *StepGetIPAddress

func (*StepGetIPAddress) Cleanup

func (*StepGetIPAddress) Run

type StepGetOSDisk

type StepGetOSDisk struct {
	// contains filtered or unexported fields
}

func NewStepGetOSDisk

func NewStepGetOSDisk(client *AzureClient, ui packer.Ui) *StepGetOSDisk

func (*StepGetOSDisk) Cleanup

func (*StepGetOSDisk) Cleanup(multistep.StateBag)

func (*StepGetOSDisk) Run

type StepPowerOffCompute

type StepPowerOffCompute struct {
	// contains filtered or unexported fields
}

func NewStepPowerOffCompute

func NewStepPowerOffCompute(client *AzureClient, ui packer.Ui) *StepPowerOffCompute

func (*StepPowerOffCompute) Cleanup

func (*StepPowerOffCompute) Run

type StepSetCertificate added in v0.10.1

type StepSetCertificate struct {
	// contains filtered or unexported fields
}

func NewStepSetCertificate added in v0.10.1

func NewStepSetCertificate(config *Config, ui packer.Ui) *StepSetCertificate

func (*StepSetCertificate) Cleanup added in v0.10.1

func (*StepSetCertificate) Run added in v0.10.1

type StepValidateTemplate

type StepValidateTemplate struct {
	// contains filtered or unexported fields
}

func NewStepValidateTemplate

func NewStepValidateTemplate(client *AzureClient, ui packer.Ui, template string) *StepValidateTemplate

func (*StepValidateTemplate) Cleanup

func (*StepValidateTemplate) Run

type TempName

type TempName struct {
	AdminPassword       string
	CertificatePassword string
	ComputeName         string
	DeploymentName      string
	KeyVaultName        string
	ResourceGroupName   string
	OSDiskName          string
}

func NewTempName

func NewTempName() *TempName

type TemplateParameter

type TemplateParameter struct {
	Value string `json:"value"`
}

type TemplateParameters

type TemplateParameters struct {
	AdminUsername              *TemplateParameter `json:"adminUsername,omitempty"`
	AdminPassword              *TemplateParameter `json:"adminPassword,omitempty"`
	DnsNameForPublicIP         *TemplateParameter `json:"dnsNameForPublicIP,omitempty"`
	ImageOffer                 *TemplateParameter `json:"imageOffer,omitempty"`
	ImagePublisher             *TemplateParameter `json:"imagePublisher,omitempty"`
	ImageSku                   *TemplateParameter `json:"imageSku,omitempty"`
	ImageVersion               *TemplateParameter `json:"imageVersion,omitempty"`
	KeyVaultName               *TemplateParameter `json:"keyVaultName,omitempty"`
	KeyVaultSecretValue        *TemplateParameter `json:"keyVaultSecretValue,omitempty"`
	ObjectId                   *TemplateParameter `json:"objectId,omitempty"`
	OSDiskName                 *TemplateParameter `json:"osDiskName,omitempty"`
	SshAuthorizedKey           *TemplateParameter `json:"sshAuthorizedKey,omitempty"`
	StorageAccountBlobEndpoint *TemplateParameter `json:"storageAccountBlobEndpoint,omitempty"`
	TenantId                   *TemplateParameter `json:"tenantId,omitempty"`
	VMSize                     *TemplateParameter `json:"vmSize,omitempty"`
	VMName                     *TemplateParameter `json:"vmName,omitempty"`
	WinRMCertificateUrl        *TemplateParameter `json:"winRMCertificateUrl,omitempty"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL