AZURE.md 4.62 KB
Newer Older
1 2 3 4 5 6
# Packer + Azure

Steps from the blog post http://blog.geuer-pollmann.de/blog/2016/09/21/azure-germany-loves-packer/

## Security Setup

Stefan Scherer's avatar
Stefan Scherer committed
7 8 9 10 11 12 13 14
### UsingPowerShell

Read https://david-obrien.net/2016/06/use-packer-with-azurerm/

### Using Azure CLI

Read https://www.packer.io/docs/builders/azure-setup.html

15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95
First, you create an app in Azure Active Directory:

```
azure ad app create --json \
  --name "Service Principal Packer" \
  --home-page "https://packer.io" \
  --identifier-uris "https://packer.io" \
  --key-type Password \
  --password SuperLongPassword123.-
```

The output of this command shows you the application ID **appId**:

In the next step, we promote our app to be a "service principal", and we list
the service principals we have:

```
azure ad sp create --json -vv --applicationId 1326f47c-eaea-42aa-8aa8-ff99fbaf3da9
```

You will get the **appId** and the **objectId**.

Now lookup you Azure Active Directory TenantID with

```
azure account show --json | jq '.[].tenantId'
```

Now lookup your Azure Subscription ID with

```
azure account show --json | jq '.[].id'
```

As a last step of the security setup, you can assign your service principal ‘Contributor’ rights to your subscription (replace $spObjectId and $subscriptionId with proper values):

```
azure role assignment create \
  --objectId $spObjectId \
  --roleName Contributor \
  --scope "/subscriptions/$subscriptionId"
```

## Pick a location

```
azure location list
```

## Pick a VM

First list the publishers, but normally we choose `MicrosoftWindowsServer` as publisher.

```
azure vm image list-publishers westeurope
```

Now list the images available for that publisher

```
azure vm image list -l westeurope MicrosoftWindowsServer
```

The interesting ones might be

```
data:    MicrosoftWindowsServer  WindowsServer      2016-Datacenter                  Windows  2016.0.20161010  westeurope  MicrosoftWindowsServer:WindowsServer:2016-Datacenter:2016.0.20161010                
data:    MicrosoftWindowsServer  WindowsServer      2016-Datacenter                  Windows  2016.0.20161108  westeurope  MicrosoftWindowsServer:WindowsServer:2016-Datacenter:2016.0.20161108                
data:    MicrosoftWindowsServer  WindowsServer      2016-Datacenter                  Windows  2016.0.20161213  westeurope  MicrosoftWindowsServer:WindowsServer:2016-Datacenter:2016.0.20161213                
data:    MicrosoftWindowsServer  WindowsServer      2016-Datacenter-with-Containers  Windows  2016.0.20161012  westeurope  MicrosoftWindowsServer:WindowsServer:2016-Datacenter-with-Containers:2016.0.20161012
data:    MicrosoftWindowsServer  WindowsServer      2016-Datacenter-with-Containers  Windows  2016.0.20161025  westeurope  MicrosoftWindowsServer:WindowsServer:2016-Datacenter-with-Containers:2016.0.20161025
data:    MicrosoftWindowsServer  WindowsServer      2016-Datacenter-with-Containers  Windows  2016.0.20161108  westeurope  MicrosoftWindowsServer:WindowsServer:2016-Datacenter-with-Containers:2016.0.20161108
data:    MicrosoftWindowsServer  WindowsServer      2016-Datacenter-with-Containers  Windows  2016.0.20161213  westeurope  MicrosoftWindowsServer:WindowsServer:2016-Datacenter-with-Containers:2016.0.20161213
data:    MicrosoftWindowsServer  WindowsServer      2016-Nano-Server                 Windows  2016.0.20161012  westeurope  MicrosoftWindowsServer:WindowsServer:2016-Nano-Server:2016.0.20161012               
data:    MicrosoftWindowsServer  WindowsServer      2016-Nano-Server                 Windows  2016.0.20161109  westeurope  MicrosoftWindowsServer:WindowsServer:2016-Nano-Server:2016.0.20161109               
data:    MicrosoftWindowsServer  WindowsServer      2016-Nano-Server                 Windows  2016.0.20170113  westeurope  MicrosoftWindowsServer:WindowsServer:2016-Nano-Server:2016.0.20170113               
```


**TODO** Describe how to create the resource group and storage account needed by packer build. I've used an existing resource group and storage account.

96 97 98 99 100 101 102 103 104 105 106 107
## Create Resource Group

```
azure group create myaccount westeurope
```

## Create a storage account

```
azure storage account create --sku-name LRS --location westeurope --kind BlobStorage --access-tier Cool --resource-group myaccount myaccount
```

108 109 110 111 112 113 114 115 116 117
## Store secrets in pass

I use `pass` for my secrets.

```
export PACKER_AZURE_AD_TENANT_ID=xxx
export PACKER_AZURE_SUBSCRIPTION_ID=xxx
export PACKER_AZURE_OBJECT_ID=xxx
export PACKER_AZURE_APP_ID=xxx
export PACKER_AZURE_CLIENT_SECRET='xxx'
118 119
export PACKER_AZURE_RESOURCE_GROUP=myaccount
export PACKER_AZURE_STORAGE_ACCOUNT=myaccount
120 121 122 123 124 125 126 127 128 129
```

## Build

Load your secrets and run the packer build

```
eval $(pass packer-azure)
packer build windows_2016_docker_azure.json
```