packer.pkr.hcl
vault()는 vault 연동시 사용가능 : https://www.packer.io/docs/templates/hcl_templates/functions/contextual/vault
# packer init -upgrade .
# packer build -force .
locals {
client_id = vault("/kv/data/azure", "client_id")
client_secret = vault("/kv/data/azure", "client_secret")
tenant_id = vault("/kv/data/azure", "tenant_id")
subscription_id = vault("/kv/data/azure", "subscription_id")
resource_group_name = var.resource_name
virtual_network_name = "kbid-d-krc-vnet-002"
virtual_network_subnet_name = "d-mgmt-snet-001"
virtual_network_resource_group_name = "kbid-d-krc-mgmt-rg"
timestamp = formatdate("YYYYMMDD_hhmmss", timeadd(timestamp(), "9h")) #생성되는 이미지 이름을 time 기반으로 생성
}
variable "placeholder" {
default = "placekitten.com"
description = "Image-as-a-service URL. Some other fun ones to try are fillmurray.com, placecage.com, placebeard.it, loremflickr.com, baconmockup.com, placeimg.com, placebear.com, placeskull.com, stevensegallery.com, placedog.net"
}
# Basic example : https://www.packer.io/docs/builders/azure/arm#basic-example
# MS Guide : https://docs.microsoft.com/ko-kr/azure/virtual-machines/linux/build-image-with-packer
source "azure-arm" "basic-example" {
client_id = local.client_id
client_secret = local.client_secret
subscription_id = local.subscription_id
tenant_id = local.tenant_id
# shared_image_gallery {
# subscription = local.subscription_id
# resource_group = "myrg"
# gallery_name = "GalleryName"
# image_name = "gs_pkr_${local.timestamp}"
# image_version = "1.0.0"
# }
managed_image_resource_group_name = local.resource_group_name
managed_image_name = "${var.image_name}-${local.timestamp}"
os_type = "Linux"
# az vm image list-publishers --location koreacentral --output table
image_publisher = "RedHat"
# az vm image list-offers --location koreacentral --publisher RedHat --output table
image_offer = "RHEL"
# az vm image list-skus --location koreacentral --publisher RedHat --offer RHEL --output table
image_sku = "8_4"
azure_tags = {
dept = "KBHC Terraform POC"
}
# az vm list-skus --location koreacentral --all --output table
build_resource_group_name = local.resource_group_name
#########################################
# 기존 생성되어있는 network 를 사용하기 위한 항목 #
#########################################
virtual_network_name = local.virtual_network_name
virtual_network_subnet_name = local.virtual_network_subnet_name
virtual_network_resource_group_name = local.virtual_network_resource_group_name
# location = "koreacentral"
vm_size = "Standard_A2_v2"
}
build {
sources = ["sources.azure-arm.basic-example"]
provisioner "file" {
source = "./files/"
destination = "/tmp"
}
# Vault OTP
provisioner "shell" {
inline = [
"sudo cp /tmp/sshd /etc/pam.d/sshd",
"sudo cp /tmp/sshd_config /etc/ssh/sshd_config",
"sudo mkdir -p /etc/vault.d",
"sudo cp /tmp/vault.hcl /etc/vault.d/vault.hcl",
"sudo cp /tmp/vault-ssh-helper /usr/bin/vault-ssh-helper",
"echo \"=== Vault_Check ===\"",
"curl http://10.0.9.10:8200",
"/usr/bin/vault-ssh-helper -verify-only -config=/etc/vault.d/vault.hcl -dev",
"echo \"=== Add User ===\"",
"sudo adduser jboss",
"echo password | sudo passwd --stdin jboss",
"echo 'jboss ALL=(ALL) NOPASSWD: ALL' | sudo tee -a /etc/sudoers",
"echo \"=== SELINUX DISABLE ===\"",
"sudo sed -ie 's/SELINUX=enforcing/SELINUX=disabled /g' /etc/selinux/config"
]
}
# Apache
provisioner "shell" {
inline = [
"sudo yum -y update",
"sleep 15",
"sudo yum -y update",
"sudo yum -y install httpd",
"sudo systemctl enable httpd",
"sudo systemctl start httpd",
"chmod +x /tmp/deploy_app.sh",
"sudo PLACEHOLDER=${var.placeholder} WIDTH=600 HEIGHT=800 PREFIX=gs /tmp/deploy_app.sh",
"sudo firewall-cmd --zone=public --permanent --add-port=80/tcp",
"sudo firewall-cmd --reload",
]
}
}
약 7 분