Packer is an open source tool provided by HashiCorp and is used to create images that have the same configurations for multiple platforms. In DevOps practices, Packer automates the build and deployment processes. Packer allows you to use predefined templates to create portable and reusable base images. This ensures image consistency in development, test, and production environments. This topic describes common Alibaba Cloud Elastic Compute Service (ECS) Image Builder parameters that are used to implement DevOps when you use Packer to create custom images in ECS. For example, you can use the parameters to add tags to custom images, create images based only on the system disk, and specify a snapshot timeout period.
Parameter used to add tags to custom images
Scenario: If you have multiple custom images, you can add tags to the images for easy management and retrieval. For example, you can add a tag to record the version number of an image or the types of applications that are contained in the image. Alibaba Cloud ECS Image Builder provides the tags parameter. If you specify this parameter when you use Packer to create a custom image, the tags that you specify in the parameter are added to the created image. For more information, see Tags.
Packer field: tags{"key":"value"}.
Usage: When you query images with tags in the ECS console or by calling the DescribeImages operation, you can view the tags. You can also filter images by tag. Tags added to images can be used together with Terraform to standardize enterprise-level DevOps processes.
Example: In the following configurations, the
"version":"v1.0.0"and"app":"web"tags are added to the generated image and the corresponding snapshot.{ "variables": { "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" }, "builders": [{ "type":"alicloud-ecs", "access_key":"{{user `access_key`}}", "secret_key":"{{user `secret_key`}}", "region":"cn-beijing", "image_name":"packer_basic", "source_image":"centos_7_03_64_20G_alibase_20170818.vhd", "ssh_username":"root", "instance_type":"ecs.t5-lc1m1.small", "internet_charge_type":"PayByTraffic", "io_optimized":"true", "tags": { "version": "v1.0.0", "app": "web" } }] }
Parameter used to specify whether to create an image based only on a system disk
Scenario: By default, Packer creates images directly from ECS instances. If the instances have data disks, the images that are generated based on the instances contain data disk snapshots.
NoteYou can use one of the following methods to create an instance that has data disks:
Method 1: Configure data disk parameters in the image_disk_mappings parameter. For more information, see Alicloud ECS in Packer documentation.
Method 2: Select an instance type that comes with data disks, such as ecs.d1ne.2xlarge. In most cases, the data disks are local disks, which cannot be used to create snapshots. Consequently, the instance type that comes with data disks cannot be used to create images.
Packer field: image_ignore_data_disks. Data type: Boolean.
Usage: If you want to create an image from an ECS instance that contains data disks but do not want the image to contain data disk snapshots, you can add
"image_ignore_data_disks": "true"to the configuration file. This way, you can create an image based only on the system disk.Example:
{ "variables": { "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" }, "builders": [ { "type":"alicloud-ecs", "access_key":"{{user `access_key`}}", "secret_key":"{{user `secret_key`}}", "region":"cn-hangzhou", "image_name":"packer_basic", "source_image":"aliyun_3_9_x64_20G_alibase_20231219.vhd", "associate_public_ip_address":true, "ssh_username":"root", "instance_type":"ecs.s6-c1m2.large", "internet_charge_type":"PayByTraffic", "io_optimized":true, "skip_image_validation":true, "image_disk_mappings": [ { "disk_snapshot_id": "s-bp1xxxxxx", "disk_device": "dev/xvdb" }], "image_ignore_data_disks": "true" } ] }
Parameter used to specify the snapshot timeout period
Scenario: Images are created from snapshots. The time required to create a snapshot for a disk varies based on the disk size. For a large disk, an extended period of time is required to create a snapshot, which may cause a timeout. To prevent a timeout error, you can configure the
wait_snapshot_ready_timeoutfield to increase the timeout period.Packer field: wait_snapshot_ready_timeout. Data type: Integer. Default value: 3600. Unit: seconds.
Usage: Set the
wait_snapshot_ready_timeoutfield to 7200 seconds.Example:
{ "variables": { "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" }, "builders": [ { "type":"alicloud-ecs", "access_key":"{{user `access_key`}}", "secret_key":"{{user `secret_key`}}", "region":"cn-hangzhou", "image_name":"packer_basic", "source_image":"aliyun_3_9_x64_20G_alibase_20231219.vhd", "associate_public_ip_address":true, "ssh_username":"root", "instance_type":"ecs.s6-c1m2.large", "internet_charge_type":"PayByTraffic", "io_optimized":true, "skip_image_validation":true, "wait_snapshot_ready_timeout": 7200 } ] }
Parameter used to connect to an ECS instance by using the private IP address of the instance
Scenario: You can use the private IP address of an ECS instance to connect to the instance, and no public IP address is required.
Packer field: ssh_private_ip. Data type: Boolean.
Usage: Set the
ssh_private_ipfield to true. Then, Packer uses the private IP address of the instance to connect to the instance, but does not associate an elastic IP address (EIP) with or assign a public IP address to the instance.ImportantWhen Packer uses the private IP address of the ECS instance it creates to connect to the instance, the ECS instance running Packer must be connected to the same vSwitch as the ECS instance that Packer creates.
Example:
{ "variables": { "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" }, "builders": [ { "type":"alicloud-ecs", "access_key":"{{user `access_key`}}", "secret_key":"{{user `secret_key`}}", "region":"cn-hangzhou", "image_name":"packer_basic", "source_image":"aliyun_3_9_x64_20G_alibase_20231219.vhd", "ssh_username":"root", "instance_type":"ecs.s6-c1m2.large", "internet_charge_type":"PayByTraffic", "io_optimized":true, "skip_image_validation":true, "ssh_private_ip": true, "vpc_id":"vpc-xxxx", "vswitch_id":"vsw-xxxx" } ] }
Parameter used to specify whether to stop an ECS instance
Scenario: By default, after Packer runs provisioners, it stops ECS instances and then creates images from the instances. However, instances must be in the Running state in specific scenarios, such as when Windows instances run Sysprep.
For information about how to use Sysprep, see What do I do if instances cannot access the AD domains of each other or instances cannot be added to the same AD domain at the same time?
Packer field: disable_stop_instance. Data type: Boolean.
Usage: Set the
disable_stop_instancefield to true. Then, Packer does not stop an ECS instance from which it creates an image. You must add a command to the configuration (provisioners) to stop the instance or manually stop the instance.Example:
{ "variables": { "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" }, "builders": [ { "type":"alicloud-ecs", "access_key":"{{user `access_key`}}", "secret_key":"{{user `secret_key`}}", "region":"cn-hangzhou", "image_name":"packer_basic", "source_image":"aliyun_3_9_x64_20G_alibase_20231219.vhd", "ssh_username":"root", "instance_type":"ecs.s6-c1m2.large", "internet_charge_type":"PayByTraffic", "io_optimized":true, "skip_image_validation":true, "associate_public_ip_address":true, "disable_stop_instance": true } ] }
Parameter used to specify the path of an instance user data file to enable WinRM
Scenario: For security purposes, the Windows Remote Management (WinRM) feature is disabled for Windows images by default. However, Packer must use the WinRM feature to connect to a Windows instance and run commands on the instance. You can use an instance user data file to enable WinRM when you create a Windows instance.
Packer field: user_data_file.
Usage: Use the
"user_data_file":"examples.ps1"configuration to specify the path of the instance user data file.Example: The instance user data file is stored in the following relative path: examples/alicloud/basic/winrm_enable_userdata.ps1.
{ "variables": { "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" }, "builders": [{ "type":"alicloud-ecs", "access_key":"{{user `access_key`}}", "secret_key":"{{user `secret_key`}}", "region":"cn-beijing", "image_name":"packer_test", "source_image":"win2008r2_64_ent_sp1_zh-cn_40G_alibase_20181220.vhd", "instance_type":"ecs.n1.tiny", "io_optimized":"true", "internet_charge_type":"PayByTraffic", "image_force_delete":"true", "communicator": "winrm", "winrm_port": 5985, "winrm_username": "Administrator", "winrm_password": "Test1234", "user_data_file": "examples/alicloud/basic/winrm_enable_userdata.ps1" }], "provisioners": [{ "type": "powershell", "inline": ["dir c:\\"] }] }NoteIn the preceding sample code:
"communicator": "winrm"indicates that WinRM is used to connect to the instance."winrm_port": 5985indicates that the communication port is port 5985."winrm_username": "Administrator"indicates that you are connected to the instance as an administrator."winrm_password": "Test1234"indicates that Password Test1234 is used.
"image_force_delete":"true"indicates that existing images are deleted if they have the same name as the image to be created.
Parameters used to create an image based on an on-premises ISO file and import the image to Alibaba Cloud ECS
Scenario: If an on-premises ISO file runs in a non-ECS virtualization environment, you can use Packer to create an image based on the file and then import the image to Alibaba Cloud ECS.
Packer fields: builders{"type":"qemu"} and post-processors{"type":"alicloud-import"}.
Example: If the on-premises environment is based on QEMU, you can use Packer to create an image and then import the image to Alibaba Cloud ECS. For more information, see Use Packer to create and import an on-premises image, which includes the following important steps:
Use an on-premises virtualization environment or a builder, such as QEMU Builder, to create an on-premises image.
Define Alicloud Import Post-Processor to import the generated on-premises image to Alibaba Cloud ECS.
Before you import an ISO file to Alibaba Cloud ECS, you must install an on-premise virtualization environment and then create an image based on the file. The image must be in a format supported by Alibaba Cloud, such as QCOW2, VHD, or RAW. Then, you can import the image to Alibaba Cloud ECS. For more information, see Import an image.
Parameters used to connect to an ECS instance by using an SSH key pair and the private IP address of the instance
Scenario: You can connect to an ECS instance by using an SSH key pair and the private IP address of the instance.
Packer fields: ssh_keypair_name and ssh_private_key_file.
NoteCreate an SSH key pair whose name is set to the value of the ssh_keypair_name field in the ECS console and store the private key securely. For more information, see Create an SSH key pair.
Usage: Specify the
ssh_private_key_filefield to download the private key file to the machine on which Packer is run. The value must be the absolute path of the private key file.Example:
{ "variables": { "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" }, "builders": [ { "type": "alicloud-ecs", "region": "cn-hangzhou", "image_name": "packer_basic", "source_image": "aliyun_3_x64_20G_alibase_20240819.vhd", "ssh_private_ip": true, "ssh_username": "root", "instance_type": "ecs.g6.large", "internet_charge_type": "PayByTraffic", "io_optimized": true, "skip_image_validation": true, "ssh_keypair_name": "{{user `ssh_keypair_name`}}", "ssh_private_key_file": "{{user `ssh_private_key_file`}}", "vpc_id": "{{user `vpc_id`}}", "vswitch_id": "{{user `vswitch_id`}}", "security_group_id": "{{user `security_group_id`}}" } ], "provisioners": [ { "type": "shell", "inline": [ "sleep 30", "yum install redis.x86_64 -y" ] } ] }
Parameters used to configure the system disk and data disks of an ECS instance
Scenario: Specify a category and size for the system disk and attach specific snapshot data as data disks to the temporary ECS instance that is used to create a custom image.
Packer fields: system_disk_mapping for system disk configurations and image_disk_mappings for data disk configurations.
Usage: Specify the
system_disk_mappingandimage_disk_mappingsfields to create a custom image. The custom image contains disk information, such as the category of the system disk, the size of each disk, whether the disks are released together with the associated instance, the category of each data disk, and the name of each data disk partition.Example:
{ "variables": { "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" }, "builders": [ { "type": "alicloud-ecs", "region": "cn-hangzhou", "image_name": "packer_basic", "source_image": "aliyun_3_x64_20G_alibase_20240819.vhd", "associate_public_ip_address":true, "ssh_username": "root", "instance_type": "ecs.g6.large", "internet_charge_type": "PayByTraffic", "io_optimized": true, "skip_image_validation": true, "system_disk_mapping":{ "disk_category":"cloud_essd", "disk_size":20, "disk_delete_with_instance":true }, "image_disk_mappings":[{ "disk_snapshot_id":"s-xxxxxxxxxxxxxxx", "disk_device":"dev/xvdb", "disk_category":"cloud_essd" }] } ], "provisioners": [ { "type": "shell", "inline": [ "sleep 30", "yum install redis.x86_64 -y" ] } ] }
Parameters used to specify the image family of the base image for creating a custom image and the image family of the created custom image
Scenario: Obtain the latest available image from an image family without the need to change the value of the
source_imageparameter when the image in the image family is updated.Packer fields: image_family and target_image_family.
Usage: Specify the
image_familyfield to obtain the latest available image from the specified image family to create a temporary ECS instance, and specify thetarget_image_familyfield to associate an image family with the custom image that is created from the temporary ECS instance.Example:
{ "variables": { "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" }, "builders": [ { "type": "alicloud-ecs", "region": "cn-hangzhou", "image_name": "packer_basic", "associate_public_ip_address":true, "ssh_username": "root", "instance_type": "ecs.g6.large", "internet_charge_type": "PayByTraffic", "io_optimized": true, "skip_image_validation": true, "image_family":"acs:centos_7_9_x64", "target_image_family":"test_packer_basic" } ], "provisioners": [ { "type": "shell", "inline": [ "sleep 30", "yum install redis.x86_64 -y" ] } ] }
Parameter used to specify a Packer configuration file
Scenario: Multiple environment configurations are required and the configurations do not interfere with each other. For example, the configurations involve multiple accounts in multiple regions.
Packer field: profile.
Usage: Use the profile field to specify a Packer configuration file. If you specify this field, Packer preferentially obtains configurations from the specified configuration file. For example, if a parameter is specified in both the specified configuration file and Packer template, the value in the configuration file takes precedence. The path of the configuration file must be
~/.aliyun/config.json.Example:
{ "builders": [ { "type": "alicloud-ecs", "profile": "packer_sk", "region": "cn-hangzhou", "image_name": "packer_basic", "source_image": "aliyun_3_x64_20G_alibase_20240819.vhd", "ssh_username": "root", "instance_type": "ecs.g6.large", "internet_charge_type": "PayByTraffic", "io_optimized": true, "skip_image_validation": true, "associate_public_ip_address":true } ], "provisioners": [ { "type": "shell", "inline": [ "sleep 30", "yum install redis.x86_64 -y" ] } ] }In the preceding sample code,
packer_skin"profile": "packer_sk"is the name of the configuration file. The path of the configuration file must be~/.aliyun/config.json. The configuration file contains the following information:{ "current": "ALI", "profiles": [ { "name": "packer_sk", "mode": "AK", "access_key_id": "xxxxxxxxxxxxxxxxxxxxxxx", "access_key_secret": "xxxxxxxxxxxxxxxxxxxx", "sts_token":"", "sts_region": "", "ram_role_name": "", "ram_role_arn": "", "ram_session_name": "", "source_profile": "", "private_key": "", "key_pair_name": "", "expired_seconds": 0, "verified": "", "output_format": "json", "language": "en", "site": "", "retry_timeout": 0, "connect_timeout": 0, "retry_count": 0, "process_command": "", "credentials_uri": "" } ], "meta_path": "" }
Parameter used to run Packer by using an instance RAM role without the need to provide the AccessKey pair of your account
Scenario: If you do not want to configure the AccessKey pair of your account in a template or environment variable, you can attach an instance Resource Access Management (RAM) role to the ECS instance on which Packer is run to obtain a temporary AccessKey pair based on the instance RAM role. For information about how to attach an instance RAM role to an ECS instance, see Instance RAM roles.
NoteIn this scenario, you must perform the image creation operations on an ECS instance instead of on an on-premises server.
You must attach the following policy to the instance RAM role. For information about how to grant permissions to an instance RAM role, see RAM roles.
Packer field: ram_role_name.
Usage: Obtain a temporary AccessKey pair based on the instance RAM role attached to the ECS instance to run Packer without the need to provide the AccessKey pair of your account.
Example:
{ "builders": [ { "type": "alicloud-ecs", "region": "cn-hangzhou", "image_name": "packer_basic", "source_image": "aliyun_3_x64_20G_alibase_20240819.vhd", "associate_public_ip_address": true, "ssh_username": "root", "instance_type": "ecs.g6.large", "internet_charge_type": "PayByTraffic", "io_optimized": true, "ram_role_name": "ImageTestAle", "skip_image_validation": true } ], "provisioners": [ { "type": "shell", "inline": [ "sleep 30", "yum install redis.x86_64 -y" ] } ] }
Parameter used to attach an instance RAM role to a temporary ECS instance
Scenario: Attach an instance RAM role to a temporary ECS instance and obtain a temporary AccessKey pair to conduct business operations by using a shell script. For information about how to attach an instance RAM role to an ECS instance, see Instance RAM roles.
NoteIf you use a RAM user, you must grant the
ram:PassRolepermission to the RAM user. For more information, see the 3. Grant permissions to RAM users section of the "RAM users" topic. The following sample code provides the policy content:Packer field: ecs_ram_role_name.
Usage: Obtain a temporary AccessKey pair to conduct business operations.
Example:
{ "variables": { "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" }, "builders": [ { "type": "alicloud-ecs", "region": "cn-hangzhou", "image_name": "packer_basic", "source_image": "aliyun_3_x64_20G_alibase_20240819.vhd", "ssh_username": "root", "instance_type": "ecs.g6.large", "internet_charge_type": "PayByTraffic", "io_optimized": true, "ecs_ram_role_name": "packer-test", "skip_image_validation": true, "associate_public_ip_address": true } ], "provisioners": [ { "type": "shell", "inline": [ "sleep 30", "yum install redis.x86_64 -y" ] } ] }
Parameters used by Account B to assume the identity of Account A to create an image
Scenario: cross-account access and temporary authorization.
NotePrerequisites in the scenario:
Account A creates a RAM role of the Alibaba Cloud Account trusted entity type for Account B and grants the required resource operation permissions to the RAM role. For information about the procedure, see the Step 1: Account A creates a RAM role and grants permissions to it section of the "RAM roles" topic. The following sample code provides the policy content:
If Account B is a RAM user, you must grant the
sts:AssumeRolepermission to the RAM user. The following sample code provides the policy content:Do not specify the
ssh_private_ip: trueparameter. You must specify theassociate_public_ip_address:trueparameter to connect to an ECS instance by using the public IP address of the instance.In this scenario, you can run Packer on an on-premises machine or on an ECS instance. If you run Packer on an ECS instance, you must allocate a public bandwidth that is greater than 0 Mbit/s to the instance. Otherwise, the instance cannot access the RAM service to obtain a temporary AccessKey pair.
Packer fields: ram_role_arn and ram_session_name. The ram_role_arn field specifies the Alibaba Cloud Resource Name (ARN) of the RAM role. The ram_session_name field specifies the name of the RAM role.
Usage: Use Account B to assume the identity of Account A to create a custom image.
Example:
{ "variables": { "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" }, "builders": [ { "type": "alicloud-ecs", "region": "cn-hangzhou", "image_name": "packer_basic", "source_image": "aliyun_3_x64_20G_alibase_20240819.vhd", "associate_public_ip_address":true, "ssh_username": "root", "ram_role_arn": "acs:ram::186xxxxxxxxxx07:role/packer-test", "ram_session_name": "packer-test", "instance_type": "ecs.g6.large", "internet_charge_type": "PayByTraffic", "io_optimized": true, "skip_image_validation": true } ], "provisioners": [ { "type": "shell", "inline": [ "sleep 30", "yum install redis.x86_64 -y" ] } ] }
References
For information about more parameters and examples, see Alicloud ECS and Examples.