https://github.com/andif888/packer-windows-azure

This repository builds a Windows Master Image and publishes it to Azure Shared Image Gallery with a single run command. It nicely integrates Packer, Terraform and Ansible. Hook this thing into a real CI/CD pipeline and run it.
https://github.com/andif888/packer-windows-azure

ansible avd azure-devops azurerm packer terraform wvd

Last synced: 2 months ago
JSON representation

This repository builds a Windows Master Image and publishes it to Azure Shared Image Gallery with a single run command. It nicely integrates Packer, Terraform and Ansible. Hook this thing into a real CI/CD pipeline and run it.

• Host: GitHub
• URL: https://github.com/andif888/packer-windows-azure
• Owner: andif888
• Created: 2021-11-08T01:42:37.000Z (over 3 years ago)
• Default Branch: master
• Last Pushed: 2021-11-08T09:04:30.000Z (over 3 years ago)
• Last Synced: 2025-01-10T16:47:37.607Z (4 months ago)
• Topics: ansible, avd, azure-devops, azurerm, packer, terraform, wvd
• Language: HCL
• Homepage:
• Size: 15.6 KB
• Stars: 1
• Watchers: 3
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# packer-windows-azure

This repository builds Windows Master Images and publishes it to Azure Shared Image Gallery with a single [run command](./run.sh).\

It nicely integrates [Packer](https://www.packer.io/downloads), [Terraform](https://www.terraform.io/downloads.html) and [Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html). Hook this thing into a real CI/CD pipeline and run it.

An additional trick is: Variables from Terrafrom can be reused in Packer, because since Packer 1.5 

HCL2 templates are supported and HCL2 is by the way the preferred way to write Packer configurations.

This is why there is a **shared_vars.hcl** file.

**Terraform** is used to fulfill the pre-requesites in Azure.

Terraform creates:

- a resource group

- a shared image gallery

- a shared image definition

**Packer** is used to build the windows master image from a Windows Marketplace image. 

Packer is also responsible for versioning the master image and placing it into the share image gallery. 

To customize the master image, Packer runs **Ansible** and a specific [ansible playbook](./ansible/playbook.yml).\

The ansible playbook is quite basic, but this is the place to do the real customization of you windows master image.

## How to use this repo

### Pre-requesites

Make sure you have an azure service principal account. To create one you can use to following command in the azure command line tool. 

Replace your-azure-subscription-id with your real Scription ID. Feel free to also adjust the value of the `--name` attribute.\

Otherwise you can configure a service principal using the Azure Portal. Make sure it has `Contributor` role in your Azure subscription.

```bash

# Login

az login

# Create service principal with Contributor role

az ad sp create-for-rbac \

--name="packer_sp" \

--role="Contributor" \

--scope="/subscriptions/your-azure-subscription-id" \

--sdk-auth \

> az_client_credentials.json

```

### Step 1: Adjust variables

Rename the file [shared_vars.hcl.sample](./shared_vars.hcl.sample) to `shared_vars.hcl` and adjust the variables for your Azure environment. 

Documentation on each variable is inside the sample file.

```bash

# Rename the file

mv shared_vars.hcl.sample shared_vars.hcl

# Edit the file

nano shared_vars.hcl

```

Especially for each new run you should increment the version number in the variable `azure_shared_image_gallery_destination_image_version`.\

If you do not increment the version, then an existing image-version gets overridden. 

### Step 2: Make sure to enter you own SSH Public Key into openssh.ps1

Edit the file [./packer/setup/openssh.ps1](./packer/setup/openssh.ps1) and replace the existing SSH Public Key with your own.

Otherwise I have access to your machines :-)\

The relevant part is in **Line 24-27**.

```powershell

# Configure SSH public key

$content = @"

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRYCV99Ge9LI5Y61t95pkcG7trsDyg/eAHLfTGDMHOGxPDdXSk7wW/OCNsKWeJV20wjayoti2JYB+u4FRvsuyccjRZPlRTsul67QOJEzXfORCHD4EYDTR45l0n08zkUPRfs70yo5L5YG9HYgVr6+EK/F8fFReFDvhZwy8LW/hJSeyVCWlbszmuQYcHRmCkWBeAgEiPqx0Mx17txjw9p4RK/LbweYxN4fGu5Nh2Dz9uSBi2IfGds3rPcQvjnJBzt2GEDoZXdXgwXl4T5B0xEDJVMqS/Q+gArcL82cGsY7zpoWpKfOuVy88GD1qaHZgMvQ3LQRyxVysfhxvzSXRX0eF8518/8hGNLxmSak3dZyi5J2ojPdaYzOxtn4JTDFUKNCBQNLHJZCBl1J7HvilTnwQDbgWm0UoFB0dWG3fX4u1wGm11L9sX0kzQ+NZH2Q+9HVX+1vJWZJuNjlhogcsmXG1hecLZPD7WFl82nbmN7zBQwHtUbjUNERMHvXuUvjPnkjJh0avZVtUCRupJhNgyhTR0cWpzffmA2nzdQpIn6z93zVrgefwIpfr+Grk/XQTOXisIfYz/3sofQ9a2hTdPTj0UwKzULB0Pvsf/aYvVEG7zC0sRfPG/pj5cGeFnOB3Ar2/jd58EB7mLzm45MZ+ztSNRW+Eg32Lq1WgOJZ15TiH/pQ== prianto_autodeploy_id_2018

"@ 

```

If you don't need SSH Public Key Authentication, you can remove the whole part between Line 24 and 40.

### Step 3: Run

Run the [run.sh](./run.sh).

[run.sh](./run.sh) runs the [build.sh](./terraform/build.sh) in the [./terrform](./terraform) directory. 

After that it runs the [build.sh](./packer/build.sh) in the [./packer](./packer) directory.

```bash

./run.sh

```

----

## Cleanup

To cleanup everything in azure, make sure to manually delete all image-versions in the share image gallery. `terraform destroy` is not able to delete the image-version, because the image-versions have been built by packer. 

After you have cleanup any image-version in the share image gallery you can use the following terraform command to destroy everything.

```bash

# cd into terraform directory

cd ./terraform

# run terraform destroy

terraform destroy -var-file ../shared_vars.hcl

```

## Optional

### Install Windows Updates during build

You can optionally install Windows Updates during the build operation. 

If you would like this feature then you need to edit the [windows.pkr.hcl](./packer/windows.pkr.hcl) file before the build operation. Please uncomment the following sections:  

  

Line: 7-10

```hcl

    windows-update = {

      version = "0.14.0"

      source = "github.com/rgl/windows-update"

    }

```

Line: 217-224

```hcl

  provisioner "windows-update" {

    search_criteria = "IsInstalled=0"

    filters = [

      "exclude:$_.Title -like '*Preview*'",

      "include:$true",

    ]

    update_limit = 25

  }

```

If running windows updates during build, then it sometimes makes sense to reboot the machine 

before doing addition configuration tasks using ansible. There is a commented `pre_tasks` 

in the [ansible playbook](./ansible/playbook.yml) to do exactly this.\

Simply uncomment the relevant **line 18-22**.

```yaml

  pre_tasks:

    # If we have installed lots of windows update before running this playbook, then it makes sense to reboot first.

    - name: Reboot first

      win_reboot:

        reboot_timeout: 3600

        pre_reboot_delay: 10

        post_reboot_delay: 30

```