HashiCorp Nomad and Vault: Dynamic Secrets
In a cloud-native environment, secrets management is a critical aspect of security. HashiCorp Vault is a popular tool for managing secrets and protecting
In our previous post about VMWare and Packer we already covered the build process of building packer images on VMWare vSphere. But this implementation had on major issue: You were forced to modify a ESXi host with a custom setting to enable the Packer VMWare build.
With Packer v1.5.2 the jetbrains vsphere builder was merged to the packer core.
The major change within this implementation is, that the official vCenter API is used and so no ESXi host modification is required. You are not limited in your builds to a dedicated host which had to be modified! With this implementation you a VM can be converted into a VM template without the need of running 2 post processors - it can be done by a single configuration option convert_to_template.
But on the other hand your vSphere installation must be quite up-to-date with at least version 6.5. Builds on lower versions may work, but due to some configuration options errors may come up because of the older vSphere API.
In our current definitions we replaced the builder to vsphere-iso to create new VMs from scratch and vsphere-clone builder to clone VMs from existing templates.
At the time writing this blog post ( packer v1.6.1 ), the existing examples do not work with the latest implementation. but the documentation is up-to-date and is very helpful.
1{% raw %}
2{
3 "builders": [
4 {
5 "type": "vsphere-iso",
6 "name": "Centos7",
7 "vm_name": "Centos7",
8 "guest_os_type": "centos7_64Guest",
9 "convert_to_template": true,
10 "CPUs": 2,
11 "RAM": 4096,
12 "storage": [
13 {
14 "disk_size": 20000,
15 "disk_thin_provisioned": true
16 }
17 ],
18 "network_adapters": [
19 {
20 "network": "VM Network",
21 "network_card": "vmxnet3"
22 }
23 ],
24 "boot_command": [
25 "<tab> text ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/centos7.cfg<enter><wait>"
26 ],
27 "boot_wait": "10s",
28 "iso_urls": [
29 "iso/CentOS-7-x86_64-Minimal-2003.iso",
30 "https://mirrors.mit.edu/centos/7/isos/x86_64/CentOS-7-x86_64-Minimal-2003.iso"
31 ],
32 "iso_checksum": "659691c28a0e672558b003d223f83938f254b39875ee7559d1a4a14c79173193",
33 "ssh_username": "vagrant",
34 "ssh_password": "vagrant",
35 "ssh_port": 22,
36 "ssh_wait_timeout": "10m",
37 "shutdown_command": "echo 'vagrant'|sudo -S /sbin/halt -h -p",
38
39 "vcenter_server": "{{user `vcenter_server` }}",
40 "host": "{{user `esxi_host` }}",
41 "username": "{{user `esxi_username` }}",
42 "password": "{{user `esxi_password` }}",
43 "cluster": "Test",
44 "datastore": "Local",
45 "insecure_connection": "true",
46
47 "http_directory": "preseeds",
48 "http_port_min": 9001,
49 "http_port_max": 9001
50 }
51 ],
52 "provisioners": [
53 {
54 "type": "shell",
55 "script": "scripts/setup.sh",
56 "execute_command": "echo 'vagrant' | {{.Vars}} sudo -S -E bash '{{.Path}}'"
57 },
58 {
59 "type": "ansible-local",
60 "playbook_dir": "ansible",
61 "clean_staging_directory": true,
62 "playbook_files": [
63 "ansible/main.yml"
64 ],
65 "extra_arguments": [
66 "--extra-vars \"vmware_build=yes\""
67 ]
68 },
69 {
70 "type": "shell",
71 "script": "scripts/cleanup.sh",
72 "execute_command": "echo 'vagrant' | {{.Vars}} sudo -S -E bash '{{.Path}}'"
73 }
74 ]
75}
76{% endraw %}
In this example we are using again a dedicated host assignment because we are not using DRS on this test system. If your are using DRS on your vSphere cluster you can replace the host parameter with resource_pool. The set of vsphere connection parameters is well documented.
You are interested in our courses or you simply have a question that needs answering? You can contact us at anytime! We will do our best to answer all your questions.
Contact us