Skip to content

necarnot/packer-examples-for-vsphere

 
 

Repository files navigation

Packer Examples for VMware vSphere

Last Commit   The Changelog   Packer 1.9.1+

Table of Contents

  1. Introduction
  2. Requirements
  3. Configuration
  4. Build
  5. Troubleshoot
  6. Credits

Introduction

This repository provides infrastructure-as-code examples to automate the creation of virtual machine images and their guest operating systems on VMware vSphere using HashiCorp Packer and the Packer Plugin for VMware vSphere (vsphere-iso builder). All examples are authored in the HashiCorp Configuration Language ("HCL2").

Use of this project is mentioned in the VMware Validated Solution: Private Cloud Automation for VMware Cloud Foundation authored by the maintainer. Learn more about this solution at vmware.com/go/vvs.

By default, the machine image artifacts are transferred to a vSphere Content Library as an OVF template and the temporary machine image is destroyed. If an item of the same name exists in the target content library, Packer will update the existing item with the new version of OVF template.

The following builds are available:

Linux Distributions

  • VMware Photon OS 5
  • VMware Photon OS 4
  • Debian 12
  • Debian 11
  • Ubuntu Server 22.04 LTS (cloud-init)
  • Ubuntu Server 20.04 LTS (cloud-init)
  • Red Hat Enterprise Linux 9 Server
  • Red Hat Enterprise Linux 8 Server
  • Red Hat Enterprise Linux 7 Server
  • AlmaLinux OS 9
  • AlmaLinux OS 8
  • Rocky Linux 9
  • Rocky Linux 8
  • CentOS Stream 9
  • CentOS Stream 8
  • CentOS Linux 7
  • SUSE Linux Enterprise Server 15

Microsoft Windows - Core and Desktop Experience

  • Microsoft Windows Server 2022 - Standard and Datacenter
  • Microsoft Windows Server 2019 - Standard and Datacenter
  • Microsoft Windows 11
  • Microsoft Windows 10

Note

  • The Microsoft Windows 11 machine image uses a virtual trusted platform module (vTPM). Refer to the VMware vSphere product documenation for requirements and pre-requisites.

  • The Microsoft Windows 11 machine image is not transferred to the content library by default. It is not supported to clone an encrypted virtual machine to the content library as an OVF Template. You can adjust the common content library settings to use VM Templates.

Requirements

Operating Systems:

Operating systems and versions tested with the project:

  • VMware Photon OS 4.0 (x86_64)
  • Ubuntu Server 22.04 LTS (x86_64)
  • macOS Monterey and Ventura (Intel)

Note

If your Ansible control node already uses OpenSSH >= 9.0 (e.g.,, macOS Ventura) you must add an additional option to enable scp.

Update the ansible/ansible.cfg to include the following:

[ssh_connection]
scp_extra_args = "-O"

Packer:

  • HashiCorp Packer 1.9.1 or higher.

    Note

    Click on the operating system name to display the installation steps.

    • Photon OS
      PACKER_VERSION="1.9.1"
      OS_PACKAGES="wget unzip"
      
      if [[ $(uname -m) == "x86_64" ]]; then
        LINUX_ARCH="amd64"
      elif [[ $(uname -m) == "aarch64" ]]; then
        LINUX_ARCH="arm64"
      fi
      
      tdnf install ${OS_PACKAGES} -y
      
      wget -q https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_linux_${LINUX_ARCH}.zip
      
      unzip -o -d /usr/local/bin/ packer_${PACKER_VERSION}_linux_${LINUX_ARCH}.zip
    • Ubuntu

      The Terraform packages are signed using a private key controlled by HashiCorp, so you must configure your system to trust that HashiCorp key for package authentication.

      To configure your repository:

      sudo bash -c 'wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor > /usr/share/keyrings/hashicorp-archive-keyring.gpg'

      Verify the key's fingerprint:

      gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --fingerprint

      The fingerprint must match E8A0 32E0 94D8 EB4E A189 D270 DA41 8C88 A321 9F7B. You can also verify the key on Security at HashiCorp under Linux Package Checksum Verification.

      Add the official HashiCorp repository to your system:

      sudo bash -c 'echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] \
      https://apt.releases.hashicorp.com $(lsb_release -cs) main" > /etc/apt/sources.list.d/hashicorp.list'

      Install Packer from HashiCorp repository:

      sudo apt update && sudo apt install packer
    • macOS
      brew tap hashicorp/tap
      
      brew install hashicorp/tap/packer
  • Packer plugins:

    Note

    Required plugins are automatically downloaded and initialized when using ./build.sh. For dark sites, you may download the plugins and place these same directory as your Packer executable /usr/local/bin or $HOME/.packer.d/plugins.

Additional Software Packages:

The following additional software packages must be installed on the operating system running Packer.

Note

Click on the operating system name to display the installation steps for all prerequisites.

  • Photon OS
    • git command-line tools.

    • ansible-core 2.15.

    • jq A command-line JSON processor.

    • xorriso - A command-line .iso creator.

      pip3 install --user ansible-core==2.15
      export PATH="$HOME/.local/bin:$PATH"
      tdnf -y install git jq xorriso
    • HashiCorp Terraform 1.5.0 or higher.

      TERRAFORM_VERSION="1.5.0"
      OS_PACKAGES="wget unzip"
      
      if [[ $(uname -m) == "x86_64" ]]; then
        LINUX_ARCH="amd64"
      elif [[ $(uname -m) == "aarch64" ]]; then
        LINUX_ARCH="arm64"
      fi
      
      tdnf install ${OS_PACKAGES} -y
      
      wget -q https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_${LINUX_ARCH}.zip
      
      unzip -o -d /usr/local/bin/ terraform_${TERRAFORM_VERSION}_linux_${LINUX_ARCH}.zip
  • Ubuntu
    • git command-line tools.

    • ansible-core 2.15.

    • jq A command-line JSON processor.

    • xorriso - A command-line .iso creator.

    • mkpasswd - Password generating utility

    • HashiCorp Terraform 1.5.0 or higher.

      pip3 install --user ansible-core==2.15
      sudo apt -y install git jq xorriso whois terraform
    • gomplate 3.11.5 or higher.

      GOMPLATE_VERSION="3.11.5"
      LINUX_ARCH="amd64"
      
      sudo curl -o /usr/local/bin/gomplate -sSL https://github.com/hairyhenderson/gomplate/releases/download/v${GOMPLATE_VERSION}/gomplate_linux-${LINUX_ARCH}
      sudo chmod 755 /usr/local/bin/gomplate
  • macOS
    • git command-line tools.

    • ansible-core 2.15.

    • jq A command-line JSON processor.

    • Coreutils

    • HashiCorp Terraform 1.5.0 or higher.

    • gomplate 3.11.5 or higher.

      pip3 install --user ansible-core==2.15
      brew install git jq coreutils hashicorp/tap/terraform gomplate
    • mkpasswd - Password generating utility

      brew install --cask docker

Platform:

  • VMware vSphere 7.0 Update 3D or later.

Configuration

Step 1 - Download the Source

You can choose between two options to get the source code:

  1. Download the Release Archive
  2. Clone the Repository

Download the Latest Release

TAG_NAME=$(curl -s https://api.github.com/repos/vmware-samples/packer-examples-for-vsphere/releases | jq  -r '.[0].tag_name')
TARBALL_URL=$(curl -s https://api.github.com/repos/vmware-samples/packer-examples-for-vsphere/releases | jq  -r '.[0].tarball_url')

mkdir packer-examples-for-vsphere
cd packer-examples-for-vsphere
curl -sL $TARBALL_URL | tar xvfz - --strip-components 1
git init -b main
git add .
git commit -m "Initial commit"
git switch -c $TAG_NAME HEAD

Clone the Repository

Note

You may also clone develop for the latest prerelease updates.

TAG_NAME=$(curl -s https://api.github.com/repos/vmware-samples/packer-examples-for-vsphere/releases | jq  -r '.[0].tag_name')

git clone https://github.com/vmware-samples/packer-examples-for-vsphere.git
cd packer-examples-for-vsphere
git switch -c $TAG_NAME $TAG_NAME

Warning

A branch is mandatory because it is used for the build version and the virtual machine name. It does not matter if it is based on the HEAD or a release tag.

The directory structure of the repository.

├── build.sh
├── build.tmpl
├── build-ci.tmpl
├── build.yaml
├── CHANGELOG.md
├── CODE_OF_CONDUCT.md
├── config.sh
├── CONTRIBUTING.md
├── LICENSE
├── MAINTAINERS.md
├── NOTICE
├── README.md
├── set-envvars.sh
├── ansible
│   ├── ansible.cfg
│   ├── main.yml
│   └── roles
│       └── <role>
│           └── *.yml
├── artifacts
├── builds
│   ├── ansible.pkrvars.hcl.example
│   ├── build.pkrvars.hcl.example
│   ├── common.pkrvars.hcl.example
│   ├── proxy.pkrvars.hcl.example
│   ├── rhsm.pkrvars.hcl.example
│   ├── scc.pkrvars.hcl.example
│   ├── vsphere.pkrvars.hcl.example
│   ├── linux
│   │   └── <distribution>
│   │       └── <version>
│   │           ├── *.pkr.hcl
│   │           ├── *.auto.pkrvars.hcl
│   │           └── data
│   │               └── ks.pkrtpl.hcl
│   └── windows
│       └── <distribution>
│           └── <version>
│               ├── *.pkr.hcl
│               ├── *.auto.pkrvars.hcl
│               └── data
│                   └── autounattend.pkrtpl.hcl
├── manifests
├── scripts
│   ├── linux
│   └── windows
│       └── *.ps1
└── terraform
    ├── vsphere-role
    │   └── *.tf
    └── vsphere-virtual-machine
        ├── content-library-ovf-linux-cloud-init
        │   └── *.tf
        ├── content-library-ovf-linux-cloud-init-hcp-packer
        │   └── *.tf
        ├── content-library-ovf-linux-guest-customization
        │   └── *.tf
        ├── content-library-ovf-linux-guest-customization-hcp-packer
        │   └── *.tf
        ├── content-library-ovf-windows-guest-customization
        │   └── *.tf
        ├── content-library-ovf-windows-guest-customization-hcp-packer
        │   └── *.tf
        ├── content-library-template-linux-guest-customization-hcp-packer
        │   └── *.tf
        ├── content-library-template-windows-guest-customization-hcp-packer
        │   └── *.tf
        ├── template-linux-cloud-init
        │   └── *.tf
        ├── template-linux-cloud-init-hcp-packer
        │   └── *.tf
        ├── template-linux-guest-customization
        │   └── *.tf
        ├── template-linux-guest-customization-hcp-packer
        │   └── *.tf
        ├── template-windows-guest-customization
        │   └── *.tf
        └── template-windows-guest-customization-hcp-packer
            └── *.tf

The files are distributed in the following directories.

  • ansible - contains the Ansible roles to prepare Linux machine image builds.
  • artifacts - contains the OVF artifacts exported by the builds, if enabled.
  • builds - contains the templates, variables, and configuration files for the machine image builds.
  • scripts - contains the scripts to initialize and prepare Windows machine image builds.
  • manifests - manifests created after the completion of the machine image builds.
  • terraform - contains example Terraform plans to create a custom role and test machine image builds.

Warning

When forking the project for upstream contribution, please be mindful not to make changes that may expose your sensitive information, such as passwords, keys, certificates, etc.

Step 2 - Configure Service Account Privileges in vSphere

Create a custom vSphere role with the required privileges to integrate HashiCorp Packer with VMware vSphere. A service account can be added to the role to ensure that Packer has least privilege access to the infrastructure. Clone the default Read-Only vSphere role and add the following privileges:

Category Privilege Reference
Content Library Add library item ContentLibrary.AddLibraryItem
... Update Library Item ContentLibrary.UpdateLibraryItem
Cryptographic Operations Direct Access (Required for packer_cache upload.) Cryptographer.Access
... Encrypt (Required for vTPM.) Cryptographer.Encrypt
Datastore Allocate space Datastore.AllocateSpace
... Browse datastore Datastore.Browse
... Low level file operations Datastore.FileManagement
Host Configuration > System Management Host.Config.SystemManagement
Network Assign network Network.Assign
Resource Assign virtual machine to resource pool Resource.AssignVMToPool
vApp Export vApp.Export
Virtual Machine Configuration > Add new disk VirtualMachine.Config.AddNewDisk
... Configuration > Add or remove device VirtualMachine.Config.AddRemoveDevice
... Configuration > Advanced configuration VirtualMachine.Config.AdvancedConfig
... Configuration > Change CPU count VirtualMachine.Config.CPUCount
... Configuration > Change memory VirtualMachine.Config.Memory
... Configuration > Change settings VirtualMachine.Config.Settings
... Configuration > Change Resource VirtualMachine.Config.Resource
... Configuration > Modify device settings VirtualMachine.Config.EditDevice
... Configuration > Set annotation VirtualMachine.Config.Annotation
... Edit Inventory > Create from existing VirtualMachine.Inventory.CreateFromExisting
... Edit Inventory > Create new VirtualMachine.Inventory.Create
... Edit Inventory > Remove VirtualMachine.Inventory.Delete
... Interaction > Configure CD media VirtualMachine.Interact.SetCDMedia
... Interaction > Configure floppy media VirtualMachine.Interact.SetFloppyMedia
... Interaction > Connect devices VirtualMachine.Interact.DeviceConnection
... Interaction > Inject USB HID scan codes VirtualMachine.Interact.PutUsbScanCodes
... Interaction > Power off VirtualMachine.Interact.PowerOff
... Interaction > Power on VirtualMachine.Interact.PowerOn
... Provisioning > Create template from virtual machine VirtualMachine.Provisioning.CreateTemplateFromVM
... Provisioning > Mark as template VirtualMachine.Provisioning.MarkAsTemplate
... Provisioning > Mark as virtual machine VirtualMachine.Provisioning.MarkAsVM
... State > Create snapshot VirtualMachine.State.CreateSnapshot

If you would like to automate the creation of the custom vSphere role, a Terraform example is included in the project.

  1. Navigate to the directory for the example.

    cd terraform/vsphere-role
  2. Duplicate the terraform.tfvars.example file to terraform.tfvars in the directory.

    cp terraform.tfvars.example terraform.tfvars
  3. Open the terraform.tfvars file and update the variables according to your environment.

  4. Initialize the current directory and the required Terraform provider for VMware vSphere.

    terraform init
  5. Create a Terraform plan and save the output to a file.

    terraform plan -out=tfplan
  6. Apply the Terraform plan.

    terraform apply tfplan

Once the custom vSphere role is created, assign Global Permissions in vSphere for the service account that will be used for the HashiCorp Packer to VMware vSphere integration in the next step. Global permissions are required for the content library. For example:

  1. Log in to the vCenter Server at <management_vcenter_server_fqdn>/ui as [email protected].
  2. Select Menu > Administration.
  3. Create service account in vSphere SSO if it does not exist: In the left pane, select Single Sign On > Users and Groups and click on Users, from the dropdown select the domain in which you want to create the user (e.g., rainpole.io) and click ADD, fill all the username (e.g., svc-packer-vsphere) and all required details, then click ADD to create the user.
  4. In the left pane, select Access control > Global permissions and click the Add permissions icon.
  5. In the Add permissions dialog box, enter the service account (e.g., [email protected]), select the custom role (e.g., Packer to vSphere Integration Role) and the Propagate to children checkbox, and click OK.

In an environment with many vCenter Server instances, such as management and workload domains, you may wish to further reduce the scope of access across the infrastructure in vSphere for the service account. For example, if you do not want Packer to have access to your management domain, but only allow access to workload domains:

  1. From the Hosts and clusters inventory, select management domain vCenter Server to restrict scope, and click the Permissions tab.

  2. Select the service account with the custom role assigned and click the Edit.

  3. In the Change role dialog box, from the Role drop-down menu, select No Access, select the Propagate to children checkbox, and click OK.

Step 3 - Configure the Variables

The variables are defined in .pkrvars.hcl files.

Copy the Example Variables

Run the config script ./config.sh to copy the .pkrvars.hcl.example files to the config directory.

The config folder is the default folder, You may override the default by passing an alternate value as the first argument.

./config.sh foo
./build.sh foo

For example, this is useful for the purposes of running machine image builds for different environment.

San Francisco: us-west-1

./config.sh config/us-west-1
./build.sh config/us-west-1

Los Angeles: us-west-2

./config.sh config/us-west-2
./build.sh config/us-west-2
Build Variables

Edit the config/build.pkrvars.hcl file to configure the following:

  • Credentials for the default account on machine images.

Example: config/build.pkrvars.hcl

build_username           = "rainpole"
build_password           = "<plaintext_password>"
build_password_encrypted = "<sha512_encrypted_password>"
build_key                = "<public_key>"

You can also override the build_key value with contents of a file, if required.

For example:

build_key = file("${path.root}/config/ssh/build_id_ecdsa.pub")

Generate a SHA-512 encrypted password for the build_password_encrypted using tools like mkpasswd.

Example: mkpasswd using Docker on Photon:

rainpole@photon> sudo systemctl start docker
rainpole@photon> sudo docker run -it --rm alpine:latest
mkpasswd -m sha512
Password: ***************
[password hash]
rainpole@photon> sudo systemctl stop docker

Example: mkpasswd using Docker on macOS:

rainpole@macos> docker run -it --rm alpine:latest
mkpasswd -m sha512
Password: ***************
[password hash]

Example: mkpasswd on Ubuntu:

rainpole@ubuntu> mkpasswd -m sha-512
Password: ***************
[password hash]

Generate a public key for the build_key for public key authentication.

Example: macOS and Linux.

rainpole@macos> ssh-keygen -t ecdsa -b 521 -C "[email protected]"
Generating public/private ecdsa key pair.
Enter file in which to save the key (/Users/rainpole/.ssh/id_ecdsa):
Enter passphrase (empty for no passphrase): **************
Enter same passphrase again: **************
Your identification has been saved in /Users/rainpole/.ssh/id_ecdsa.
Your public key has been saved in /Users/rainpole/.ssh/id_ecdsa.pub.

The content of the public key, build_key, is added the key to the ~/.ssh/authorized_keys file of the build_username on the guest operating system.

Warning

Replace the default public keys and passwords.

By default, both Public Key Authentication and Password Authentication are enabled for Linux distributions. If you wish to disable Password Authentication and only use Public Key Authentication, comment or remove the portion of the associated Ansible configure role.

Ansible Variables

Edit the config/ansible.pkrvars.hcl file to configure the following:

  • Credentials for the Ansible account on Linux machine images.

Example: config/ansible.pkrvars.hcl

ansible_username = "ansible"
ansible_key      = "<public_key>"

Note

A random password is generated for the Ansible user.

You can also override the ansible_key value with contents of a file, if required.

For example:

ansible_key = file("${path.root}/config/ssh/ansible_id_ecdsa.pub")
Common Variables

Edit the config/common.pkrvars.hcl file to configure the following common variables:

  • Virtual Machine Settings
  • Template and Content Library Settings
  • OVF Export Settings
  • Removable Media Settings
  • Boot and Provisioning Settings
  • HCP Packer Registry

Example: config/common.pkrvars.hcl

// Virtual Machine Settings
common_vm_version           = 19
common_tools_upgrade_policy = true
common_remove_cdrom         = true

// Template and Content Library Settings
common_template_conversion     = false
common_content_library_name    = "sfo-w01-lib01"
common_content_library_ovf     = true
common_content_library_destroy = true

// OVF Export Settings
common_ovf_export_enabled   = false
common_ovf_export_overwrite = true

// Removable Media Settings
common_iso_datastore = "sfo-w01-cl01-ds-nfs01"

// Boot and Provisioning Settings
common_data_source      = "http"
common_http_ip          = null
common_http_port_min    = 8000
common_http_port_max    = 8099
common_ip_wait_timeout  = "20m"
common_shutdown_timeout = "15m"

// HCP Packer
common_hcp_packer_registry_enabled = false
Data Source Options

http is the default provisioning data source for Linux machine image builds.

If iptables is enabled on your Packer host, you will need to open common_http_port_min through common_http_port_max ports.

Example: Open a port range in iptables.

iptables -A INPUT -p tcp --match multiport --dports 8000:8099 -j ACCEPT`

You can change the common_data_source from http to disk to build supported Linux machine images without the need to use Packer's HTTP server. This is useful for environments that may not be able to route back to the system from which Packer is running.

The cd_content option is used when selecting disk unless the distribution does not support a secondary CD-ROM. For distributions that do not support a secondary CD-ROM the floppy_content option is used.

common_data_source = "disk"
HTTP Binding (Optional)

If you need to define a specific IPv4 address from your host for Packer's HTTP Server, modify the common_http_ip variable from null to a string value that matches an IP address on your Packer host. For example:

common_http_ip = "172.16.11.254"
Proxy Variables (Optional)

Edit the config/proxy.pkrvars.hcl file to configure the following:

  • SOCKS proxy settings used for connecting to Linux machine images.
  • Credentials for the proxy server.

Example: config/proxy.pkrvars.hcl

communicator_proxy_host     = "proxy.rainpole.io"
communicator_proxy_port     = 8080
communicator_proxy_username = "rainpole"
communicator_proxy_password = "<plaintext_password>"
Red Hat Subscription Manager Variables

Edit the config/redhat.pkrvars.hcl file to configure the following:

  • Credentials for your Red Hat Subscription Manager account.

Example: config/redhat.pkrvars.hcl

rhsm_username = "rainpole"
rhsm_password = "<plaintext_password>"

These variables are only used if you are performing a Red Hat Enterprise Linux Server build and are used to register the image with Red Hat Subscription Manager during the build for system updates and package installation. Before the build completes, the machine image is unregistered from Red Hat Subscription Manager.

SUSE Customer Connect Variables

Edit the config/scc.pkrvars.hcl file to configure the following:

  • Credentials for your SUSE Customer Connect account.

Example: config/scc.pkrvars.hcl

scc_email = "[email protected]"
scc_code  = "<plaintext_code>"

These variables are only used if you are performing a SUSE Linux Enterprise Server build and are used to register the image with SUSE Customer Connect during the build for system updates and package installation. Before the build completes, the machine image is unregistered from SUSE Customer Connect.

vSphere Variables

Edit the builds/vsphere.pkrvars.hcl file to configure the following:

  • vSphere Endpoint and Credentials
  • vSphere Settings

Example: config/vsphere.pkrvars.hcl

vsphere_endpoint             = "sfo-w01-vc01.sfo.rainpole.io"
vsphere_username             = "[email protected]"
vsphere_password             = "<plaintext_password>"
vsphere_insecure_connection  = true
vsphere_datacenter           = "sfo-w01-dc01"
vsphere_cluster              = "sfo-w01-cl01"
vsphere_datastore            = "sfo-w01-cl01-ds-vsan01"
vsphere_network              = "sfo-w01-seg-dhcp"
vsphere_folder               = "sfo-w01-fd-templates"

Using Environment Variables

If you prefer not to save potentially sensitive information in cleartext files, you add the variables to environmental variables using the included set-envvars.sh script:

rainpole@macos> . ./set-envvars.sh

Note

You need to run the script as source or the shorthand ".".

Machine Image Variables (Optional)

Edit the *.auto.pkrvars.hcl file in each builds/<type>/<build> folder to configure the following virtual machine hardware settings, as required:

  • CPUs (int)

  • CPU Cores (int)

  • Memory in MB (int)

  • Primary Disk in MB (int)

  • .iso URL (string)

  • .iso Path (string)

  • .iso File (string)

  • .iso Checksum Type (string)

  • .iso Checksum Value (string)

    Note

    All variables.auto.pkrvars.hcl default to using the VMware Paravirtual SCSI controller and the VMXNET 3 network card device types.

Step 4 - Guest Operating Systems ISOs

The project supports using a datastore to store your guest operating system .iso files, you must download and upload these to a datastore path.

  1. Download the x64 guest operating system .iso files.

    Linux Distributions:
    • VMware Photon OS 5
      • Download the latest release of the FULL .iso image. (e.g., photon-5.0-xxxxxxxxx.x86_64.iso)
    • VMware Photon OS 4
      • Download the latest release of the FULL .iso image. (e.g., photon-4.0-xxxxxxxxx.iso)
    • Debian 12
      • Download the latest netinst release .iso image. (e.g., debian-12.x.x-amd64-netinst.iso)
    • Debian 11
      • Download the latest netinst release .iso image. (e.g., debian-11.x.x-amd64-netinst.iso)
    • Ubuntu Server 22.04 LTS
      • Download the latest LIVE release .iso image. (e.g., ubuntu-22.04.x-live-server-amd64.iso)
    • Ubuntu Server 20.04 LTS
      • Download the latest LIVE release .iso image. (e.g., ubuntu-20.04.x-live-server-amd64.iso)
    • Red Hat Enterprise Linux 9 Server
      • Download the latest release of the FULL .iso image. (e.g., rhel-9.x-x86_64-dvd.iso)
    • Red Hat Enterprise Linux 8 Server
      • Download the latest release of the FULL .iso image. (e.g., rhel-8.x-x86_64-dvd.iso)
    • Red Hat Enterprise Linux 7 Server
      • Download the latest release of the FULL .iso image. (e.g., rhel-server-7.x-x86_64-dvd.iso)
    • AlmaLinux OS 9
      • Download the latest release of the FULL .iso image. (e.g., AlmaLinux-9.x-x86_64-dvd.iso)
    • AlmaLinux OS 8
      • Download the latest release of the FULL .iso image. (e.g., AlmaLinux-8.x-x86_64-dvd.iso)
    • Rocky Linux 9
      • Download the latest release of the FULL .iso image. (e.g., Rocky-9.x-x86_64-dvd.iso)
    • Rocky Linux 8
      • Download the latest release of the FULL .iso image. (e.g., Rocky-8.x-x86_64-dvd.iso)
    • CentOS Stream 9
      • Download the latest release of the FULL .iso image. (e.g., CentOS-Stream-9-latest-x86_64-dvd1.iso)
    • CentOS Stream 8
      • Download the latest release of the FULL .iso image. (e.g., CentOS-Stream-8-x86_64-latest-dvd1.iso)
    • CentOS Linux 7
      • Download the latest release of the FULL .iso image. (e.g., CentOS-7-x86_64-DVD.iso)
    • SUSE Linux Enterprise 15
      • Download the latest 15.4 release of the FULL .iso image. (e.g., SLE-15-SP4-Full-x86_64-GM-Media1.iso)
    Microsoft Windows:
    • Microsoft Windows Server 2022
    • Microsoft Windows Server 2019
    • Microsoft Windows 11 22H2
    • Microsoft Windows 10 22H2
  2. Obtain the checksum type (e.g., sha512, sha256, md5, etc.) and checksum value for each guest operating system .iso from the vendor. This will be use in the build input variables.

  3. Upload or your guest operating system .iso files to the datastore and update the configuration variables.

    Example: config/common.pkrvars.hcl

    common_iso_datastore = "sfo-w01-cl01-ds-nfs01"

    Example: builds/<type>/<build>/*.auto.pkrvars.hcl

    iso_path           = "iso/linux/photon"
    iso_file           = "photon-4.0-xxxxxxxxx.iso"
    iso_checksum_type  = "md5"
    iso_checksum_value = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

Step 5 - Modify the Configurations (Optional)

If required, modify the configuration files for the Linux distributions and Microsoft Windows.

Linux Distribution Kickstart and Ansible Roles

Username and password variables are passed into the kickstart or cloud-init files for each Linux distribution as Packer template files (.pkrtpl.hcl) to generate these on-demand. Ansible roles are then used to configure the Linux machine image builds.

Microsoft Windows Unattended amd Scripts

Variables are passed into the Microsoft Windows unattend files (autounattend.xml) as Packer template files (autounattend.pkrtpl.hcl) to generate these on-demand. By default, each unattended file is set to use the KMS client setup keys as the Product Key.

PowerShell scripts are used to configure the Windows machine image builds.

Need help customizing the configuration files?

Step 6 - Enable HCP Packer Registry (Optional)

If you are new to HCP Packer, review the following documentation and video to learn more before enabling an HCP Packer registry:

Create an HCP Packer Registry

Before you can use the HCP Packer registry, you need to create it by following Create HCP Packer Registry procedure.

Configure an HCP Packer Registry

Edit the config/common.pkrvars.hcl file to enable the HCP Packer registry.

// HCP Packer
common_hcp_packer_registry_enabled = true

Then, export your HCP credentials before building.

rainpole@macos> export HCP_CLIENT_ID=<client_id>
rainpole@macos> export HCP_CLIENT_SECRET=<client_secret>

Build

Build with Variables Files

Start a build by running the build script (./build.sh). The script presents a menu the which simply calls Packer and the respective build(s).

You can also start a build based on a specific source for some of the virtual machine images.

For example, if you simply want to build a Microsoft Windows Server 2022 Standard Core, run the following:

Initialize the plugins:

rainpole@macos> packer init builds/windows/server/2022/.

Build a specific machine image:

rainpole@macos> packer build -force \
      --only vsphere-iso.windows-server-standard-core \
      -var-file="config/vsphere.pkrvars.hcl" \
      -var-file="config/build.pkrvars.hcl" \
      -var-file="config/common.pkrvars.hcl" \
      builds/windows/server/2022

Build with Environmental Variables

You can set your environment variables if you would prefer not to save sensitive information in cleartext files.

You can add these to environmental variables using the included set-envvars.sh script.

rainpole@macos> . ./set-envvars.sh

Note

You need to run the script as source or the shorthand ".".

Initialize the plugins:

rainpole@macos> packer init builds/windows/server/2022/.

Build a specific machine image using environmental variables:

rainpole@macos> packer build -force \
      --only vsphere-iso.windows-server-standard-core \
      builds/windows/server/2022

Generate a Custom Build Script

The build script (./build.sh) can be generated using a template (./build.tmpl) and a configuration file in YAML (./build.yaml).

Generate a custom build script:

rainpole@macos> gomplate -c build.yaml -f build.tmpl -o build.sh

Generate a Custom GitLab CI/CD pipeline

The GitLab CI/CD YAML (.gitlab-ci.yml) can be generated using a template (./build-ci.tmpl) and a configuration file in YAML (./build.yaml).

Generate a custom .gitlab-ci.yml:

rainpole@macos> gomplate -c build.yaml -f build-ci.tmpl -o .gitlab-ci.yml

Happy building!!!

Troubleshoot

Credits

About

Packer Examples for vSphere

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • HCL 91.7%
  • Shell 6.7%
  • PowerShell 1.6%