Hector F. Jimenez Saldarriaga
💭🛫✈🛬Computer Systems Engineer👷♀️ with interests in Computer Security🔐Unix 🐧❤️ DevOps/SysOps. Js/Py❤️ Programming. @pereirajs @PerTechTalks co-organizer
{Building AWS Golden Images using Packer and Gitlab}
Meet the Speaker
DevOps and CloudOps Engineer
🥷 Hector F. Jimenez S.
@h3ct0rjs @c1b3rh4ck
www.devops.com.co
- Interested in Open Source and Open Communities
- Coorganizer Pereirajs and PereiraTechTalks
- DevOps/CloudOps Engineer at Globant (Disney || ESPN)
- Helping Startups and Companies to improve the CI/CD Workflows and all kinds of automation
- Harry Potter Fanboy
www.linkedin.com/in/h3ct0rjs/
Content
-
What is a Golden Image
-
What are the key benefits and advantages of
-
What is Hashicorp Packer
-
Demos
-
Lessons Learned
-
References
¯\_(ツ)_/¯
"Tu conocimiento es valioso y tu voz tiene el poder de inspirar, educar y transformar vidas. No guardes tus ideas, compártelas con el mundo y sé el cambio que deseas ver."
In media production, a gold image is the final cut of an album or film after all edits and mixing have been completed. It’s in its final, perfect form–it’s gold.
Golden Images
In our context a golden image is an intentionally configured snapshot of a system, (server, virtual desktop environment, disk drives...) which can be used to deploy new instances.
Golden Images
Sometimes they're also named :
- Master Image
- Clone Image
- Machine Image
- Baseline Image
📸
👩💻🧑💻
Contains :
- All Custom applications
- OS, User Configuration Settings
- Hardening Configurations
- Security Updates
- Updated Dependencies
Golden Images
- Reduced human error
- Faster patch management and upgrades
- Maintaining configuration and avoiding configuration drifts
- Easy to launch new servers from Golden Images
- Documented by default
- Version control
Key Benefits and Advantages
Sometimes terrible images practices accross Cloud Vendors:
- Source Verification and Third Party Trust Concerns
- Secrets managed via images on porpouse
- Secrets managed via images on accident
- Kernel Exploits
- Image maintenance issues
¿Why do we need Golden Images?
- Manual Creation
- Automated Creation
Creation of Golden Images
Manual Creation- Automated Creation
Creation of Golden Images
https://www.packer.io
What is packer
Packer lets you create identical machine images for multiple platforms from a single source configuration. A common use case is creating golden images for organizations to use in cloud infrastructure.
* Open Source
* Create Machine Images
* Multi Cloud
* Combine with Config Management Tools
* Highly Performant
* Highly Performant
* Multi-Provider Portability
# Manizales Tech Talks
Name: Packer
Developer: HashiCorp
Initial Release: 2013
First Stable Version: 1.0
Current Version: v1.8.7
Operating System: Linux, FreeBSD, OS X, and Microsoft
Interface: Command line
Website: https://www.packer.io/ [*]
[*] https://www.hashicorp.com/blog/packer-1-0
Details
Packer
How does Packer work?
# Manizales Tech Talks
Post-Processors
Post-processors run after builders and provisioners. Post-processors are optional, and you can use them to upload artifacts, re-package files, and more.
Builders
Builders create machines and generate images from those machines for various platforms. Packer also has some builders that perform helper tasks, like running provisioners.
Provisioners
Provisioners use built-in and third-party software to install and configure the machine image after booting.
DataSources
Let Packer fetch data to use in a template, including information defined outside of Packer.
Defining a .pkr.hcl file
Packer Block
1.
2.
Source Block
3.
Build Block
# Manizales Tech Talks
4.
Post-Processors Block
(Optional)
// Required Blocks to create a Golden Image with Packer
packer {
...
}
source {
...
}
build {
...
}Packer Template Composition
# Manizales Tech Talks
// Required Blocks to create a Golden Image with Packer
packer {
//configure some behaviors of Packer, plugins
//ensure that everyone is using a specific Packer version
...
}
source {
...
}
build {
...
}# Manizales Tech Talks
Packer Template Composition
// Required Blocks to create a Golden Image with Packer
packer {
required_plugins {
amazon = {
version = ">= 1.2.5 "
source = "github.com/hashicorp/amazon"
}
}
}
source {
...
}
build {
...
}Packer Template Composition
# Manizales Tech Talks
// Required Blocks to create a Golden Image with Packer
packer {
required_plugins {
amazon = {
version = ">= 1.2.5 "
source = "github.com/hashicorp/amazon"
}
digitalocean = {
version = ">= 1.0.4"
source = "github.com/digitalocean/digitalocean"
}
}
}
Packer Template Composition
# Manizales Tech Talks
// Required Blocks to create a Golden Image with Packer
packer {
//configure some behaviors of Packer
//ensure that everyone is using a specific Packer version
...
}
source {
//What is going to be our source, base image, vhd file
//ami id and so on..
...
}
build {
...
}Packer Template Composition
# Manizales Tech Talks
// Required Blocks to create a Golden Image with Packer
source "amazon-ebs" "this" {
profile = "profile"
region = "us-east-1"
ami_name = "ami-name"
ami_description = "AMI-Description"
source_ami_filter {
filters = {
virtualization-type = "hvm"
name = "ubuntu/images/ubuntu-xenial-16.04-amd64-server-*"
root-device-type = "ebs"
}
owners = ["099720109477"]
most_recent = true
}
instance_type = "t2.micro"
ssh_username = "ubuntu"
}
Packer Template Composition
# Manizales Tech Talks
// Required Blocks to create a Golden Image with Packer
build {
//Build configurations
//shell scripts
//Config management Cheff, Puppet, Ansible
//Copy of files
//set custom configurations
...
}Packer Template Composition
# Manizales Tech Talks
// Required Blocks to create a Golden Image with Packer
build {
sources = [ "source.amazon-ebs.this"]
provisioner "shell" {
script = "./provisioner.sh"
}
}
Packer Template Composition
# Manizales Tech Talks
// Required Blocks to create a Golden Image with Packer
build {
sources = [ "source.amazon-ebs.this"]
provisioner "shell" {
script = "./provisioner.sh"
}
provisioner "file" {
source = "app.tar.gz"
destination = "/tmp/app.tar.gz"
}
provisioner "shell-local" {
inline = ["echo foo"]
}
}
Packer Template Composition
# Manizales Tech Talks
// Required Blocks to create a Golden Image with Packer
build {
sources = [ "source.amazon-ebs.this"]
provisioner "ansible" {
playbook_file = "./playbook.yml"
}
provisioner "file" {
source = "app.tar.gz"
destination = "/tmp/app.tar.gz"
}
provisioner "shell-local" {
inline = ["echo foo"]
}
}
Packer Template Composition
# Manizales Tech Talks
1
Discovery of requirements and purpose to build the Golden Image.software stacks, and configurations needed for the target environment
2
Begin with a clean and minimal base image provided by the operating system vendor or a trusted source
3
Apply appropriate security measures to the golden image. This includes patching the operating system, installing security updates, also Remove any default or insecure configurations
5
Use Version Control Implement version control for golden images to track changes and facilitate rollbacks if needed
4
Install and configure necessary applications, libraries, and dependencies required by your target environment.
6
Automate Image Creation, use automation tools to do Image Size Optimization
Testing and Validation and do rollbacks
Demo Time!
What about CI/CD??
[*] https://hub.docker.com/r/hashicorp/packer
Demo Time!
[1] https://gitlab.com/h3ct0rjs/manizales-tech-talks-packer , check the reference section.
References
Got more questions ?
@h3ct0rjs @c1b3rh4ck
h@devops.com.co
www.devops.com.co
www.linkedin.com/in/h3ct0rjs/
Packer-Images
By Hector F. Jimenez Saldarriaga
Packer-Images
This presentation is for my talk Building AWS Golden Images using packer and Gitlab.
