ltstudiooo - Fotolia
How to build a Packer image for Azure
Packer is an open source tool that automates the Windows Server image building process to give administrators a consistent approach to create new VMs.
For admins who prefer to roll their own Windows Server image, despite the best of intentions, issues can arise from these handcrafted builds.
To maintain some consistency -- and avoid unnecessary help desk tickets -- image management tools such as Packer can help construct golden images tailored for different needs. The Packer image tool automates the building process and helps admins manage Windows Server images. Packer offers a way to script the image construction process to produce builds through automation for multiple platforms at the same time. Admins can use code repositories to store validated Packer image configurations that admins across different locations can share to ensure stability across builds.
Build a Packer image for Azure
To demonstrate how Packer works, we'll use it to build a Windows Server image. To start, download and install Packer for the operating system of choice. Packer offers an installation guide on its website.
Next, we need to figure out where to create the image. A Packer feature called builders creates images for various services, such as Azure, AWS, Docker, VMware and more. This tutorial will explain how to build a Windows Server image to run in Azure.
To construct an image for Azure, we have to meet a few prerequisites. You need:
- a service principal for Packer to authenticate to Azure;
- a storage account to hold the image;
- the resource group name for the storage account;
- the Azure subscription ID;
- the tenant ID for your Azure Active Directory; and
- a storage container to place the VHD image.
Validate the Windows Server build instructions
Next, it's time to set up the image template. Every Packer image requires a JSON file called a template that tells Packer how to build the image and where to put it. An example of a template that builds an Azure image is in the code below. Save it with the filename WindowsServer.Azure.json.
{
"variables": {
"client_id": "",
"client_secret": "",
"object_id": ""
},
"builders": [{
"type": "azure-arm",
"client_id": "{{user `client_id`}}",
"object_id": "{{user `object_id`}}",
"client_secret": "{{user `client_secret`}}",
"resource_group_name": "labtesting",
"storage_account": "adblabtesting",
"subscription_id": "d660a51f-031d-4b8f-827d-3f811feda5fc",
"tenant_id": "bb504844-07db-4019-b1c4-7243dfc97121",
"capture_container_name": "vhds",
"capture_name_prefix": "packer",
"os_type": "Windows",
"image_publisher": "MicrosoftWindowsServer",
"image_offer": "WindowsServer",
"image_sku": "2016-Datacenter",
"location": "East US",
"vm_size": "Standard_D2S_v3"
}]
}
You should validate the schema before you start with the packer validate command. We don't want sensitive information in the template, so we create the client_id and client_secret variables and pass those at runtime.
packer validate -var 'client_id=value' -var 'client_secret=value' WindowsServer.Azure.json
How to correct Packer build issues
After the command confirms the template is good, we build the image with nearly the same syntax as the validation command. For the purposes of this article, we will use placeholders for the client_id, client_secret and object_id references.
> packer build -var 'client_id=XXXX' -var 'client_secret=XXXX' -var 'object_id=XXXX' WindowsServer.Azure.json
When you run the build the first time, you may run into a few errors if the setup is not complete. Here are the errors that came up when I ran my build:
- "Build 'azure-arm' errored: The storage account is located in eastus, but the build will take place in West US. The locations must be identical"
- Build 'azure-arm' errored: storage.AccountsClient#ListKeys: Failure responding to request: StatusCode=404 – Original Error: autorest/azure: Service returned an error. Status=404 Code="ResourceGroupNotFound" Message="Resource group 'adblabtesting' could not be found."
- "==> azure-arm: ERROR: -> VMSizeDoesntSupportPremiumStorage : Requested operation cannot be performed because storage account type 'Premium_LRS' is not supported for VM size 'Standard_A2'."
The error messages are straightforward and not difficult to fix.
However, the following error message is more serious:
==> azure-arm: ERROR: -> Forbidden : Access denied
==> azure-arm:
==> azure-arm: ...failed to get certificate URL, retry(0)
This indicates the use of the wrong object_id. Find the correct one in the Azure subscription role.
After adding the right object_id, you will find a VHD image in Azure.