Commit 39f05ffd authored by Stefan Scherer's avatar Stefan Scherer Committed by GitHub

Merge pull request #24 from StefanScherer/add-azure-template

WIP: Add Azure template
parents def11e46 161d87c4
# Packer + Azure
Steps from the blog post http://blog.geuer-pollmann.de/blog/2016/09/21/azure-germany-loves-packer/
## Security Setup
### UsingPowerShell
Read https://david-obrien.net/2016/06/use-packer-with-azurerm/
### Using Azure CLI
Read https://www.packer.io/docs/builders/azure-setup.html
First, you create an app in Azure Active Directory:
```
azure ad app create --json \
--name "Service Principal Packer" \
--home-page "https://packer.io" \
--identifier-uris "https://packer.io" \
--key-type Password \
--password SuperLongPassword123.-
```
The output of this command shows you the application ID **appId**:
In the next step, we promote our app to be a "service principal", and we list
the service principals we have:
```
azure ad sp create --json -vv --applicationId 1326f47c-eaea-42aa-8aa8-ff99fbaf3da9
```
You will get the **appId** and the **objectId**.
Now lookup you Azure Active Directory TenantID with
```
azure account show --json | jq '.[].tenantId'
```
Now lookup your Azure Subscription ID with
```
azure account show --json | jq '.[].id'
```
As a last step of the security setup, you can assign your service principal ‘Contributor’ rights to your subscription (replace $spObjectId and $subscriptionId with proper values):
```
azure role assignment create \
--objectId $spObjectId \
--roleName Contributor \
--scope "/subscriptions/$subscriptionId"
```
## Pick a location
```
azure location list
```
## Pick a VM
First list the publishers, but normally we choose `MicrosoftWindowsServer` as publisher.
```
azure vm image list-publishers westeurope
```
Now list the images available for that publisher
```
azure vm image list -l westeurope MicrosoftWindowsServer
```
The interesting ones might be
```
data: MicrosoftWindowsServer WindowsServer 2016-Datacenter Windows 2016.0.20161010 westeurope MicrosoftWindowsServer:WindowsServer:2016-Datacenter:2016.0.20161010
data: MicrosoftWindowsServer WindowsServer 2016-Datacenter Windows 2016.0.20161108 westeurope MicrosoftWindowsServer:WindowsServer:2016-Datacenter:2016.0.20161108
data: MicrosoftWindowsServer WindowsServer 2016-Datacenter Windows 2016.0.20161213 westeurope MicrosoftWindowsServer:WindowsServer:2016-Datacenter:2016.0.20161213
data: MicrosoftWindowsServer WindowsServer 2016-Datacenter-with-Containers Windows 2016.0.20161012 westeurope MicrosoftWindowsServer:WindowsServer:2016-Datacenter-with-Containers:2016.0.20161012
data: MicrosoftWindowsServer WindowsServer 2016-Datacenter-with-Containers Windows 2016.0.20161025 westeurope MicrosoftWindowsServer:WindowsServer:2016-Datacenter-with-Containers:2016.0.20161025
data: MicrosoftWindowsServer WindowsServer 2016-Datacenter-with-Containers Windows 2016.0.20161108 westeurope MicrosoftWindowsServer:WindowsServer:2016-Datacenter-with-Containers:2016.0.20161108
data: MicrosoftWindowsServer WindowsServer 2016-Datacenter-with-Containers Windows 2016.0.20161213 westeurope MicrosoftWindowsServer:WindowsServer:2016-Datacenter-with-Containers:2016.0.20161213
data: MicrosoftWindowsServer WindowsServer 2016-Nano-Server Windows 2016.0.20161012 westeurope MicrosoftWindowsServer:WindowsServer:2016-Nano-Server:2016.0.20161012
data: MicrosoftWindowsServer WindowsServer 2016-Nano-Server Windows 2016.0.20161109 westeurope MicrosoftWindowsServer:WindowsServer:2016-Nano-Server:2016.0.20161109
data: MicrosoftWindowsServer WindowsServer 2016-Nano-Server Windows 2016.0.20170113 westeurope MicrosoftWindowsServer:WindowsServer:2016-Nano-Server:2016.0.20170113
```
**TODO** Describe how to create the resource group and storage account needed by packer build. I've used an existing resource group and storage account.
## Create Resource Group
```
azure group create myaccount westeurope
```
## Create a storage account
```
azure storage account create --sku-name LRS --location westeurope --kind BlobStorage --access-tier Cool --resource-group myaccount myaccount
```
## Store secrets in pass
I use `pass` for my secrets.
```
export PACKER_AZURE_AD_TENANT_ID=xxx
export PACKER_AZURE_SUBSCRIPTION_ID=xxx
export PACKER_AZURE_OBJECT_ID=xxx
export PACKER_AZURE_APP_ID=xxx
export PACKER_AZURE_CLIENT_SECRET='xxx'
export PACKER_AZURE_RESOURCE_GROUP=myaccount
export PACKER_AZURE_STORAGE_ACCOUNT=myaccount
```
## Build
Load your secrets and run the packer build
```
eval $(pass packer-azure)
packer build windows_2016_docker_azure.json
```
## Copy vhd
### Create a public container
Create a public container, eg. `vhds`
### Copy blob
```
azure storage blob copy start https://myaccount.blob.core.windows.net/system/Microsoft.Compute/Images/images/WindowsServer2016Docker-osDisk.vhd vhds
azure storage blob copy start https://myaccount.blob.core.windows.net/system/Microsoft.Compute/Images/images/WindowsServer2016Docker-osDisk.vhd --dest-container vhds --dest-blob WindowsServer2016Docker.20170122-osDisk.vhd
```
Write-Host Creating group docker
net localgroup docker /add
$username = "vagrant"
$username = $env:USERNAME
Write-Host Adding user $username to group docker
net localgroup docker $username /add
function DockerPull {
Param ([string]$image)
Write-Host Installing $image ...
$j = Start-Job -ScriptBlock { docker pull $args[0] } -ArgumentList $image
while ( $j.JobStateInfo.state -ne "Completed" ) {
Write-Host $j.JobStateInfo.state
Start-Sleep 10
}
$results = Receive-Job -Job $j
$results
}
DockerPull microsoft/windowsservercore
DockerPull microsoft/nanoserver
Write-Host "Install Containers feature"
Install-WindowsFeature -Name Containers
......@@ -14,9 +14,3 @@ Write-Host "Fix --restart=always for reboot ..."
& sc.exe config Docker depend= LanmanWorkstation
Start-Service Docker
Write-Host "Installing WindowsServerCore container image..."
& "C:\Program Files\docker\docker.exe" pull microsoft/windowsservercore
Write-Host "Installing NanoServer container image..."
& "C:\Program Files\docker\docker.exe" pull microsoft/nanoserver
......@@ -142,6 +142,7 @@
"scripts": [
"./scripts/docker/add-docker-group.ps1",
"./scripts/docker/install-docker.ps1",
"./scripts/docker/docker-pull-async.ps1",
"./scripts/docker/open-docker-insecure-port.ps1",
"./scripts/docker/remove-docker-key-json.ps1",
"./scripts/docker/disable-windows-defender.ps1"
......
{
"variables": {
"azure_ad_tenant_id": "{{env `PACKER_AZURE_AD_TENANT_ID`}}",
"azure_subscription_id": "{{env `PACKER_AZURE_SUBSCRIPTION_ID`}}",
"object_id": "{{env `PACKER_AZURE_OBJECT_ID`}}",
"app_id": "{{env `PACKER_AZURE_APP_ID`}}",
"client_secret": "{{env `PACKER_AZURE_CLIENT_SECRET`}}",
"resource_group": "{{env `PACKER_AZURE_RESOURCE_GROUP`}}",
"storage_account": "{{env `PACKER_AZURE_STORAGE_ACCOUNT`}}"
},
"builders": [
{
"type": "azure-arm",
"subscription_id": "{{user `azure_subscription_id`}}",
"tenant_id": "{{user `azure_ad_tenant_id`}}",
"object_id": "{{user `object_id`}}",
"client_id": "{{user `app_id`}}",
"client_secret": "{{user `client_secret`}}",
"resource_group_name": "{{user `resource_group`}}",
"cloud_environment_name": "Public",
"location": "West Europe",
"vm_size": "Standard_D2_v2",
"storage_account": "{{user `storage_account`}}",
"capture_container_name": "images",
"capture_name_prefix": "WindowsServer2016Docker",
"os_type": "Windows",
"image_publisher": "MicrosoftWindowsServer",
"image_offer": "WindowsServer",
"image_sku": "2016-Datacenter",
"image_version": "latest",
"communicator": "winrm",
"winrm_use_ssl": "true",
"winrm_insecure": "true",
"winrm_timeout": "3m",
"winrm_username": "packer"
}
],
"provisioners": [
{
"type": "powershell",
"scripts": [
"./scripts/docker/install-containers-feature.ps1"
]
},
{
"type": "windows-restart"
},
{
"type": "powershell",
"scripts": [
"./scripts/docker/add-docker-group.ps1",
"./scripts/docker/disable-windows-defender.ps1",
"./scripts/docker/install-docker.ps1",
"./scripts/docker/docker-pull-async.ps1",
"./scripts/docker/remove-docker-key-json.ps1"
]
}
]
}
......@@ -61,6 +61,7 @@
"scripts": [
"./scripts/docker/add-docker-group.ps1",
"./scripts/docker/install-docker.ps1",
"./scripts/docker/docker-pull-async.ps1",
"./scripts/docker/open-docker-insecure-port.ps1",
"./scripts/docker/remove-docker-key-json.ps1",
"./scripts/docker/disable-windows-defender.ps1"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment