Automation of AMI Creation Using Packer

Contributor - 20 April 2017 - 12min
Contributor - 20 April 2017 - 12min
Infra/Devops team maintains a Golden Image (Base Image) which is a production ready base image with pre-installed required software like java,tomcat,nagios-client, default-system users. For security patch or software version update we have to keep updating the Base Image which requires manual AMI updation and creation process.
Packer is easy to use and automates the creation of any type of machine image.Out of the box Packer comes with support to build images for Amazon EC2, CloudStack, DigitalOcean, Docker, Google Compute Engine, Microsoft Azure, QEMU, VirtualBox, VMware, and more.
Download Packer Binary from hashicorp site on your Linux machine
wget https://releases.hashicorp.com/packer/0.12.1/packer_0.12.1_linux_amd64.zip Unzip the downloaded zip file
unzip packer_0.12.1_linux_amd64.zip
Copy the binary file in your local path
cp packer /usr/local/bin/
Export the path
export PATH=$PATH:/usr/local/bin/packer
Verifying the Installation
packer -v
{ "builders": [{ "type": "amazon-ebs", "access_key": "", "secret_key": "", "region": "us-west-2", "source_ami": "ami-1e299d7e", "instance_type": "t2.micro", "ssh_username": "ec2-user", "ami_name": "Base_Image_1.0.0" }] }
Provide access_key and secret_key either in template itself or set environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY else it looks for the credentials file (.aws/credentials) in the user’s home directory.
amazon-ebs Create EBS-backed AMIs by launching a source AMI and re-packaging it into a new AMI after provisioning.
Provide you region
Provide source image ami id
Provide the instance type of ami to be created
Provide default username (ec2-user for Amazon Linux AMI)
Provide the name of new ami to be created
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:AttachVolume", "ec2:AuthorizeSecurityGroupIngress", "ec2:CopyImage", "ec2:CreateImage", "ec2:CreateKeypair", "ec2:CreateSecurityGroup", "ec2:CreateSnapshot", "ec2:CreateTags", "ec2:CreateVolume", "ec2:DeleteKeypair", "ec2:DeleteSecurityGroup", "ec2:DeleteSnapshot", "ec2:DeleteVolume", "ec2:DeregisterImage", "ec2:DescribeImageAttribute", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeRegions", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshots", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVolumes", "ec2:DetachVolume", "ec2:GetPasswordData", "ec2:ModifyImageAttribute", "ec2:ModifyInstanceAttribute", "ec2:ModifySnapshotAttribute", "ec2:RegisterImage", "ec2:RunInstances", "ec2:StopInstances", "ec2:TerminateInstances" ], "Resource": "*" } ] }
root@adityad1:/home/adityad1/chef-hu/packer# packer validate base_image.json
Template validated successfully.
root@adityad1:/home/adityad1/chef-hu/packer# packer build base_image.json amazon-ebs output will be in this color. ==> amazon-ebs: Prevalidating AMI Name... amazon-ebs: Found Image ID: ami-1e299d7e ==> amazon-ebs: Creating temporary keypair: packer_586f6d61-50d3-87c7-79d4-47878630b37d ==> amazon-ebs: Creating temporary security group for this instance... ==> amazon-ebs: Authorizing access to port 22 the temporary security group... ==> amazon-ebs: Launching a source AWS instance... amazon-ebs: Instance ID: i-08ec69f82ca4d20f2 ==> amazon-ebs: Waiting for instance (i-08ec69f82ca4d20f2) to become ready... ==> amazon-ebs: Waiting for SSH to become available... ==> amazon-ebs: Connected to SSH! ==> amazon-ebs: Stopping the source instance... ==> amazon-ebs: Waiting for the instance to stop... ==> amazon-ebs: Creating the AMI: Base_Image_1.0.0 amazon-ebs: AMI: ami-d3c073b3 ==> amazon-ebs: Waiting for AMI to become ready... ==> amazon-ebs: Terminating the source AWS instance... ==> amazon-ebs: Cleaning up any extra volumes... ==> amazon-ebs: No volumes to clean up, skipping ==> amazon-ebs: Deleting temporary security group... ==> amazon-ebs: Deleting temporary keypair... Build 'amazon-ebs' finished. ==> Builds finished. The artifacts of successful builds are: --> amazon-ebs: AMIs were created: us-west-2: ami-d3c073b3
For provisioning , I have used chef provision as shown inside packer to run my base_image cookbook recipe
{ "builders": [{ "type": "amazon-ebs", "access_key": "", "secret_key": "", "region": "us-west-2", "source_ami": "ami-1e299d7e", "instance_type": "t2.micro", "ssh_username": "ec2-user", "ami_name": "Base_Image_1.0.0" }], "provisioners": [{ "type": "file", "source": "/home/adityad1/chef-hu/packer/packer_client.pem", "destination": "/tmp/packer_client.pem" }, { "type": "chef-client", "server_url": "https://api.chef.io/organizations/organization_name", "node_name": "packer_client", "install_command": "curl -L https://www.chef.io/chef/install.sh | {{if.Sudo}}sudo{{end}} bash -s -- -v 12.15.19", "run_list": ["base_node::base_image"], "validation_key_path": "/home/adityad1/chef-hu/.chef/client-validator.pem", "validation_client_name": "client-validator", "client_key": "/tmp/packer_client.pem", "skip_clean_client": "true" }] }
Provided chef url to install chef-client inside machine.
Provide your base_image cookbook recipe name to run
Download and install packer on your Jenkins server and Create a “packer” folder and upload base_image.json file on your Github Repository.
Create a simple Jenkins Job as shown
"How to access AWS from jenkins ? When i trigger packer build base.json i'm getting error AWS was not able to validate the provided access credentials in Jenkins".
"[…] Automation of AMI Creation Using Packer […]".