Packer is an open source tool provided by HashiCorp and is used to create images that have the same configurations for multiple platforms. In DevOps practices, Packer automates the build and deployment processes. Packer lets you use predefined templates to create portable and reusable base images. This ensures image consistency in development, test, and production environments. This topic describes common Alibaba Cloud Elastic Compute Service (ECS) Image Builder parameters that are used to implement DevOps when you use Packer to create custom images in ECS. For example, you can use the parameters to add tags to custom images, create images based only on the system disk, and specify a snapshot timeout period.
Attach an image tag
-
Scenario: If you have multiple custom images, you can add tags to the images for easy management and retrieval. For example, you can add a tag to record the version number of an image or the types of applications that are contained in the image. Alibaba Cloud ECS Image Builder provides the tags parameter. If you specify this parameter when you use Packer to create a custom image, the tags that you specify in the parameter are added to the created image. For more information, see Tags.
-
Packer field: tags{"key":"value"}.
-
Usage: When you query images with tags in the ECS console or by calling the DescribeImages operation, you can view the tags. You can also filter images by tag. Tags added to images can be used together with Terraform to standardize enterprise-level DevOps processes.
-
Configuration example: The following configuration attaches two tags,
version=v1.0.0andapp=web, to the resulting image and its snapshot.{ "variables": { "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" }, "builders": [{ "type":"alicloud-ecs", "access_key":"{{user `access_key`}}", "secret_key":"{{user `secret_key`}}", "region":"cn-beijing", "image_name":"packer_basic", "source_image":"centos_7_03_64_20G_alibase_20170818.vhd", "ssh_username":"root", "instance_type":"ecs.t5-lc1m1.small", "internet_charge_type":"PayByTraffic", "io_optimized":"true", "tags": { "version": "v1.0.0", "app": "web" } }] }
Parameter used to specify whether to create an image based only on a system disk
-
Scenario: By default, Packer creates images directly from ECS instances. If the instances have data disks, the images that are generated based on the instances contain data disk snapshots.
NoteYou can use one of the following methods to create an instance that has data disks:
-
Method 1: You can use image_disk_mappings to set parameters for data disks. For more information, see the Packer documentation: Alicloud Image Builder.
-
Method 2: Select an instance type that comes with data disks, such as ecs.d1ne.2xlarge. In most cases, the data disks are local disks, which cannot be used to create snapshots. Consequently, the instance type that comes with data disks cannot be used to create images.
-
-
Packer field: image_ignore_data_disks. Data type: Boolean.
-
Usage: If you want to create an image from an ECS instance that contains data disks but do not want the image to contain data disk snapshots, you can add
"image_ignore_data_disks": "true"to the configuration file. This way, you can create an image based only on the system disk. -
Example:
{ "variables": { "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" }, "builders": [ { "type":"alicloud-ecs", "access_key":"{{user `access_key`}}", "secret_key":"{{user `secret_key`}}", "region":"cn-hangzhou", "image_name":"packer_basic", "source_image":"aliyun_3_9_x64_20G_alibase_20231219.vhd", "associate_public_ip_address":true, "ssh_username":"root", "instance_type":"ecs.s6-c1m2.large", "internet_charge_type":"PayByTraffic", "io_optimized":true, "skip_image_validation":true, "image_disk_mappings": [ { "disk_snapshot_id": "s-bp1xxxxxx", "disk_device": "dev/xvdb" }], "image_ignore_data_disks": "true" } ] }
Set the snapshot timeout
-
Scenario: Images are created from snapshots. The time required to create a snapshot for a disk varies based on the disk size. For a large disk, an extended period of time is required to create a snapshot, which may cause a timeout. To prevent a timeout error, you can configure the
wait_snapshot_ready_timeoutfield to increase the timeout period. -
Packer field: wait_snapshot_ready_timeout. Data type: Integer. Default value: 3600. Unit: seconds.
-
Usage: Set the
wait_snapshot_ready_timeoutfield to 7200 seconds. -
Example:
{ "variables": { "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" }, "builders": [ { "type":"alicloud-ecs", "access_key":"{{user `access_key`}}", "secret_key":"{{user `secret_key`}}", "region":"cn-hangzhou", "image_name":"packer_basic", "source_image":"aliyun_3_9_x64_20G_alibase_20231219.vhd", "associate_public_ip_address":true, "ssh_username":"root", "instance_type":"ecs.s6-c1m2.large", "internet_charge_type":"PayByTraffic", "io_optimized":true, "skip_image_validation":true, "wait_snapshot_ready_timeout": 7200 } ] }
Connect to an instance using a private IP
-
Scenario: You can use the private IP address of an ECS instance to connect to the instance, and no public IP address is required.
-
Packer field: ssh_private_ip. Data type: Boolean.
-
Usage: Set the
ssh_private_ipfield to true. Then, Packer uses the private IP address of the instance to connect to the instance, but does not associate an elastic IP address (EIP) with or assign a public IP address to the instance.ImportantWhen Packer uses the private IP address of the ECS instance it creates to connect to the instance, the ECS instance running Packer must be connected to the same vSwitch as the ECS instance that Packer creates.
-
Example:
{ "variables": { "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" }, "builders": [ { "type":"alicloud-ecs", "access_key":"{{user `access_key`}}", "secret_key":"{{user `secret_key`}}", "region":"cn-hangzhou", "image_name":"packer_basic", "source_image":"aliyun_3_9_x64_20G_alibase_20231219.vhd", "ssh_username":"root", "instance_type":"ecs.s6-c1m2.large", "internet_charge_type":"PayByTraffic", "io_optimized":true, "skip_image_validation":true, "ssh_private_ip": true, "vpc_id":"vpc-xxxx", "vswitch_id":"vsw-xxxx" } ] }
Set stop instance options
-
Scenario: By default, after Packer runs provisioners, it stops ECS instances and then creates images from the instances. However, instances must be in the Running state in specific scenarios, such as when Windows instances run Sysprep.
For information about how to use Sysprep, see What do I do if instances cannot access the AD domains of each other or instances cannot be added to the same AD domain at the same time?
-
Packer field: disable_stop_instance. Data type: Boolean.
-
Usage: Set the
disable_stop_instancefield to true. Then, Packer does not stop an ECS instance from which it creates an image. You must add a command to the configuration (provisioners) to stop the instance or manually stop the instance. -
Example configuration:
{ "variables": { "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" }, "builders": [ { "type":"alicloud-ecs", "access_key":"{{user `access_key`}}", "secret_key":"{{user `secret_key`}}", "region":"cn-hangzhou", "image_name":"packer_basic", "source_image":"aliyun_3_9_x64_20G_alibase_20231219.vhd", "ssh_username":"root", "instance_type":"ecs.s6-c1m2.large", "internet_charge_type":"PayByTraffic", "io_optimized":true, "skip_image_validation":true, "associate_public_ip_address":true, "disable_stop_instance": true } ] }
Enable WinRM with UserData
-
Scenario: For security purposes, the Windows Remote Management (WinRM) feature is disabled for Windows images by default. However, Packer must use the WinRM feature to connect to a Windows instance and run commands on the instance. You can use an instance user data file to enable WinRM when you create a Windows instance.
-
Packer field: user_data_file.
-
Usage: Use the
"user_data_file":"examples.ps1"configuration to specify the path of the instance user data file. -
Example: The instance user data file is stored in the following relative path: examples/alicloud/basic/winrm_enable_userdata.ps1.
{ "variables": { "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" }, "builders": [{ "type":"alicloud-ecs", "access_key":"{{user `access_key`}}", "secret_key":"{{user `secret_key`}}", "region":"cn-beijing", "image_name":"packer_test", "source_image":"win2008r2_64_ent_sp1_zh-cn_40G_alibase_20181220.vhd", "instance_type":"ecs.n1.tiny", "io_optimized":"true", "internet_charge_type":"PayByTraffic", "image_force_delete":"true", "communicator": "winrm", "winrm_port": 5985, "winrm_username": "Administrator", "winrm_password": "Test1234", "user_data_file": "examples/alicloud/basic/winrm_enable_userdata.ps1" }], "provisioners": [{ "type": "powershell", "inline": ["dir c:\\"] }] }Note-
The following describes the parameters for WinRM in the example:
-
"communicator": "winrm"indicates that WinRM is used to connect to the instance. -
"winrm_port": 5985indicates that the communication port is port 5985. -
"winrm_username": "Administrator"indicates that you are connected to the instance as an administrator. -
"winrm_password": "Test1234"indicates that Password Test1234 is used.
-
-
image_force_deletespecifies whether to first delete an existing image that has the same name.
-
Create an image from a local ISO file
-
If the ISO file is in a different on-premises virtualization environment, you can also use Packer to perform the operation.
-
Packer fields: builders{"type":"qemu"} and post-processors{"type":"alicloud-import"}.
-
Example: If the on-premises environment is based on QEMU, you can use Packer to create an image and then import the image to Alibaba Cloud ECS. For more information, see Use Packer to create and import an on-premises image, which includes the following important steps:
-
You need to use the Builder for your local virtualization environment, such as the QEMU Builder.
-
Define Alicloud Import Post-Processor to import the generated on-premises image to Alibaba Cloud ECS.
-
Before you import an ISO file to Alibaba Cloud ECS, you must install an on-premise virtualization environment and then create an image based on the file. The image must be in a format supported by Alibaba Cloud, such as QCOW2, VHD, or RAW. Then, you can import the image to Alibaba Cloud ECS. For more information, see Import an image.
Parameters used to connect to an ECS instance using an SSH key pair and the private IP address of the instance
-
Scenario: You can connect to an ECS instance using an SSH key pair and the private IP address of the instance.
-
Packer fields: ssh_keypair_name and ssh_private_key_file.
NoteCreate an SSH key pair whose name is set to the value of the ssh_keypair_name field in the ECS console and store the private key securely. For more information, see Create an SSH key pair.
-
Usage: Specify the
ssh_private_key_filefield to download the private key file to the machine on which Packer is run. The value must be the absolute path of the private key file. -
Example:
{ "variables": { "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" }, "builders": [ { "type": "alicloud-ecs", "region": "cn-hangzhou", "image_name": "packer_basic", "source_image": "aliyun_3_x64_20G_alibase_20240819.vhd", "ssh_private_ip": true, "ssh_username": "root", "instance_type": "ecs.g6.large", "internet_charge_type": "PayByTraffic", "io_optimized": true, "skip_image_validation": true, "ssh_keypair_name": "{{user `ssh_keypair_name`}}", "ssh_private_key_file": "{{user `ssh_private_key_file`}}", "vpc_id": "{{user `vpc_id`}}", "vswitch_id": "{{user `vswitch_id`}}", "security_group_id": "{{user `security_group_id`}}" } ], "provisioners": [ { "type": "shell", "inline": [ "sleep 30", "yum install redis.x86_64 -y" ] } ] }
Configure system and data disks
-
Scenario: Specify a category and size for the system disk and attach specific snapshot data as data disks to the temporary ECS instance that is used to create a custom image.
-
Packer fields: system_disk_mapping for system disk configurations and image_disk_mappings for data disk configurations.
-
Usage: Specify the
system_disk_mappingandimage_disk_mappingsfields to create a custom image. The custom image contains disk information, such as the category of the system disk, the size of each disk, whether the disks are released together with the associated instance, the category of each data disk, and the name of each data disk partition. -
Example:
{ "variables": { "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" }, "builders": [ { "type": "alicloud-ecs", "region": "cn-hangzhou", "image_name": "packer_basic", "source_image": "aliyun_3_x64_20G_alibase_20240819.vhd", "associate_public_ip_address":true, "ssh_username": "root", "instance_type": "ecs.g6.large", "internet_charge_type": "PayByTraffic", "io_optimized": true, "skip_image_validation": true, "system_disk_mapping":{ "disk_category":"cloud_essd", "disk_size":20, "disk_delete_with_instance":true }, "image_disk_mappings":[{ "disk_snapshot_id":"s-xxxxxxxxxxxxxxx", "disk_device":"dev/xvdb", "disk_category":"cloud_essd" }] } ], "provisioners": [ { "type": "shell", "inline": [ "sleep 30", "yum install redis.x86_64 -y" ] } ] }
Create and define an image family for a target image
-
Scenario: Obtain the latest available image from an image family without the need to change the value of the
source_imageparameter when the image in the image family is updated. -
Packer fields: image_family and target_image_family.
-
Usage: Specify the
image_familyfield to obtain the latest available image from the specified image family to create a temporary ECS instance, and specify thetarget_image_familyfield to associate an image family with the custom image that is created from the temporary ECS instance. -
Example configuration:
{ "variables": { "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" }, "builders": [ { "type": "alicloud-ecs", "region": "cn-hangzhou", "image_name": "packer_basic", "associate_public_ip_address":true, "ssh_username": "root", "instance_type": "ecs.g6.large", "internet_charge_type": "PayByTraffic", "io_optimized": true, "skip_image_validation": true, "image_family":"acs:centos_7_9_x64", "target_image_family":"test_packer_basic" } ], "provisioners": [ { "type": "shell", "inline": [ "sleep 30", "yum install redis.x86_64 -y" ] } ] }
Profile configuration
-
Scenario: Multiple environment configurations are required and the configurations do not interfere with each other. For example, the configurations involve multiple accounts in multiple regions.
-
Packer field: profile.
-
Usage: Use the profile field to specify a Packer configuration file. If you specify this field, Packer preferentially obtains configurations from the specified configuration file. For example, if a parameter is specified in both the specified configuration file and Packer template, the value in the configuration file takes precedence. The path of the configuration file must be
~/.aliyun/config.json. -
Example configuration:
{ "builders": [ { "type": "alicloud-ecs", "profile": "packer_sk", "region": "cn-hangzhou", "image_name": "packer_basic", "source_image": "aliyun_3_x64_20G_alibase_20240819.vhd", "ssh_username": "root", "instance_type": "ecs.g6.large", "internet_charge_type": "PayByTraffic", "io_optimized": true, "skip_image_validation": true, "associate_public_ip_address":true } ], "provisioners": [ { "type": "shell", "inline": [ "sleep 30", "yum install redis.x86_64 -y" ] } ] }In the preceding sample code,
packer_skin"profile": "packer_sk"is the name of the configuration file. The path of the configuration file must be~/.aliyun/config.json. The configuration file contains the following information:{ "current": "ALI", "profiles": [ { "name": "packer_sk", "mode": "AK", "access_key_id": "xxxxxxxxxxxxxxxxxxxxxxx", "access_key_secret": "xxxxxxxxxxxxxxxxxxxx", "sts_token":"", "sts_region": "", "ram_role_name": "", "ram_role_arn": "", "ram_session_name": "", "source_profile": "", "private_key": "", "key_pair_name": "", "expired_seconds": 0, "verified": "", "output_format": "json", "language": "en", "site": "", "retry_timeout": 0, "connect_timeout": 0, "retry_count": 0, "process_command": "", "credentials_uri": "" } ], "meta_path": "" }
Make AccessKey-free calls using a RAM role
-
Scenario: If you do not want to configure the AccessKey pair of your account in a template or environment variable, you can attach an instance Resource Access Management (RAM) role to the ECS instance on which Packer is run to obtain a temporary AccessKey pair based on the instance RAM role. For information about how to attach an instance RAM role to an ECS instance, see Instance RAM roles.
Note-
In this scenario, you must perform the image creation operations on an ECS instance instead of on an on-premises server.
-
You must attach the following policy to the instance RAM role. For information about how to grant permissions to an instance RAM role, see RAM roles.
-
-
Packer field: ram_role_name.
-
Usage: Obtain a temporary AccessKey pair based on the instance RAM role attached to the ECS instance to run Packer without the need to provide the AccessKey pair of your account.
-
Example:
{ "builders": [ { "type": "alicloud-ecs", "region": "cn-hangzhou", "image_name": "packer_basic", "source_image": "aliyun_3_x64_20G_alibase_20240819.vhd", "associate_public_ip_address": true, "ssh_username": "root", "instance_type": "ecs.g6.large", "internet_charge_type": "PayByTraffic", "io_optimized": true, "ram_role_name": "ImageTestAle", "skip_image_validation": true } ], "provisioners": [ { "type": "shell", "inline": [ "sleep 30", "yum install redis.x86_64 -y" ] } ] }
Attaching a RAM role to a temporary ECS
-
Scenario: Attach an instance RAM role to a temporary ECS instance and obtain a temporary AccessKey pair to conduct business operations using a shell script. For information about how to attach an instance RAM role to an ECS instance, see Instance RAM roles.
NoteIf you use a RAM user, you must grant the
ram:PassRolepermission to the RAM user. For more information, see the Step 3: Grant permissions to RAM users section of the "RAM users" topic. The following sample code provides the policy content: -
Packer field: ecs_ram_role_name.
-
Usage: Obtain a temporary AccessKey pair to conduct business operations.
-
Example:
{ "variables": { "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" }, "builders": [ { "type": "alicloud-ecs", "region": "cn-hangzhou", "image_name": "packer_basic", "source_image": "aliyun_3_x64_20G_alibase_20240819.vhd", "ssh_username": "root", "instance_type": "ecs.g6.large", "internet_charge_type": "PayByTraffic", "io_optimized": true, "ecs_ram_role_name": "packer-test", "skip_image_validation": true, "associate_public_ip_address": true } ], "provisioners": [ { "type": "shell", "inline": [ "sleep 30", "yum install redis.x86_64 -y" ] } ] }
Account B assumes a role from Account A to create an image
-
Scenario: cross-account access and temporary authorization.
NotePrerequisites in the scenario:
-
Account A creates a RAM role of the Alibaba Cloud Account trusted entity type for Account B and grants the required resource operation permissions to the RAM role. For information about the procedure, see the Step 1: Account A creates a RAM role and grants permissions to it section of the "RAM roles" topic. The following sample code provides the policy content:
-
If Account B is a RAM user, you must grant the
sts:AssumeRolepermission to the RAM user. The following sample code provides the policy content: -
Do not specify the
ssh_private_ip: trueparameter. You must specify theassociate_public_ip_address:trueparameter to connect to an ECS instance using the public IP address of the instance. -
In this scenario, you can run Packer on an on-premises machine or on an ECS instance. If you run Packer on an ECS instance, you must allocate a public bandwidth that is greater than 0 Mbit/s to the instance. Otherwise, the instance cannot access the RAM service to obtain a temporary AccessKey pair.
-
-
Packer fields: ram_role_arn (the ARN of the RAM role) and ram_session_name (the session name).
-
Usage: Use Account B to assume the identity of Account A to create a custom image.
-
Example:
{ "variables": { "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" }, "builders": [ { "type": "alicloud-ecs", "region": "cn-hangzhou", "image_name": "packer_basic", "source_image": "aliyun_3_x64_20G_alibase_20240819.vhd", "associate_public_ip_address":true, "ssh_username": "root", "ram_role_arn": "acs:ram::186xxxxxxxxxx07:role/packer-test", "ram_session_name": "packer-test", "instance_type": "ecs.g6.large", "internet_charge_type": "PayByTraffic", "io_optimized": true, "skip_image_validation": true } ], "provisioners": [ { "type": "shell", "inline": [ "sleep 30", "yum install redis.x86_64 -y" ] } ] }
References
For information about more parameters and examples, see Alicloud ECS and Examples.