Community

»HuaweiCloud Image Builder

Type: huaweicloud-ecs Artifact BuilderId: huawei.huaweicloud

The huaweicloud-ecs Packer builder plugin is able to create new images with HuaweiCloud. The builder takes a source image, runs any provisioning necessary on the image after launching it, then converts it into a reusable image. This reusable image can then be used as the foundation of new servers that are launched within HuaweiCloud.

The builder does not manage images. Once it creates an image, it is up to you to use it or delete it.

»Configuration Reference

There are many configuration options available for the builder. They are segmented below into two categories: required and optional parameters.

In addition to the options listed here, a communicator can be configured for this builder.

»Required:

  • access_key (string) - The access key of the HuaweiCloud to use. If omitted, the HW_ACCESS_KEY environment variable is used.

  • secret_key (string) - The secret key of the HuaweiCloud to use. If omitted, the HW_SECRET_KEY environment variable is used.

  • region (string) - Specifies the HuaweiCloud region in which to launch the server to create the image. If omitted, the HW_REGION_NAME environment variable is used.

  • image_name (string) - The name of the resulting image.
  • flavor (string) - The ID or name for the desired flavor for the server to be created.

»Optional:

  • project_name (string) - The Name of the project to login with. If omitted, the HW_PROJECT_NAME environment variable or Region is used.

  • project_id (string) - The ID of the project to login with. If omitted, the HW_PROJECT_ID environment variable is used.

  • auth_url (string) - The Identity authentication URL. If omitted, the HW_AUTH_URL environment variable is used. This is not required if you use HuaweiCloud.

  • insecure (bool) - Trust self-signed SSL certificates. By default this is false.

  • image_description (string) - Specifies the image description.

  • image_members ([]string) - List of members to add to the image after creation. An image member is usually a project (also called the "tenant") with whom the image is shared.

  • image_auto_accept_members (bool) - When true, perform the image accept so the members can see the image in their project. This requires a user with priveleges both in the build project and in the members provided. Defaults to false.

  • image_min_disk (int) - Minimum disk size needed to boot image, in gigabytes.

  • image_tags (map[string]string) - The tags of the image in key/pair format.

  • ssh_interface (string) - The type of interface to connect via SSH, valid values are "public" and "private", and the default behavior is to connect via whichever is returned first from the HuaweiCloud API.

  • ssh_ip_version (string) - The IP version to use for SSH connections, valid values are 4 and 6. Useful on dual stacked instances where the default behavior is to connect via whichever IP address is returned first from the HuaweiCloud API.

  • source_image (string) - The ID of the base image to use. This is the image that will be used to launch a new server and provision it. Unless you specify completely custom SSH settings, the source image must have cloud-init installed so that the keypair gets assigned properly.

  • source_image_name (string) - The name of the base image to use. This is an alternative way of providing source_image and only either of them can be specified.

  • source_image_filter (ImageFilter) - Filters used to populate filter options. Example:

        "source_image_filter": {
            "filters": {
                "name": "Ubuntu 18.04 server 64bit",
                "visibility": "public",
            },
            "most_recent": true
        }
    }
    
        "source_image_filter": {        "filters": {            "name": "Ubuntu 18.04 server 64bit",            "visibility": "public",        },        "most_recent": true    }}

    This selects the most recent production Ubuntu 16.04 shared to you by the given owner. NOTE: This will fail unless exactly one image is returned, or most_recent is set to true. In the example of multiple returned images, most_recent will cause this to succeed by selecting the newest image of the returned images.

    • filters (map of strings) - filters used to select a source_image. NOTE: This will fail unless exactly one image is returned, or most_recent is set to true. The following filters are valid:

      -   name (string)
      -   owner (string)
      -   visibility (string)
      -   properties (map of strings to strings)
      
      -   name (string)-   owner (string)-   visibility (string)-   properties (map of strings to strings)
    • most_recent (boolean) - Selects the newest created image when true. This is most useful for selecting a daily distro build.

    You may set use this in place of source_image If source_image_filter is provided alongside source_image, the source_image will override the filter. The filter will not be used in this case.

  • availability_zone (string) - The availability zone to launch the server in. If omitted, a random availability zone in the region will be used.

  • floating_ip (string) - A specific floating IP to assign to this instance.

  • reuse_ips (bool) - Whether or not to attempt to reuse existing unassigned floating ips in the project before allocating a new one. Note that it is not possible to safely do this concurrently, so if you are running multiple builds concurrently, or if other processes are assigning and using floating IPs in the same project while packer is running, you should not set this to true. Defaults to false.

  • eip_type (string) - The type of eip. See the api doc to get the value.

  • eip_bandwidth_size (int) - The size of eip bandwidth.

  • security_groups ([]string) - A list of security groups by name to add to this instance.

  • networks ([]string) - A list of networks by UUID to attach to this instance.

  • ports ([]string) - A list of ports by UUID to attach to this instance.

  • vpc_id (string) - A vpc id to attach to this instance.

  • subnets ([]string) - A list of subnets by UUID to attach to this instance.

  • user_data (string) - User data to apply when launching the instance. Note that you need to be careful about escaping characters due to the templates being JSON. It is often more convenient to use user_data_file, instead. Packer will not automatically wait for a user script to finish before shutting down the instance this must be handled in a provisioner.

  • user_data_file (string) - Path to a file that will be used for the user data when launching the instance.

  • instance_name (string) - Name that is applied to the server instance created by Packer. If this isn't specified, the default is same as image_name.

  • instance_metadata (map[string]string) - Metadata that is applied to the server instance created by Packer. Also called server properties in some documentation. The strings have a max size of 255 bytes each.

  • force_delete (bool) - Whether to force the HuaweiCloud instance to be forcefully deleted. This is useful for environments that have reclaim / soft deletion enabled. By default this is false.

  • config_drive (bool) - Whether or not nova should use ConfigDrive for cloud-init metadata.

  • use_blockstorage_volume (bool) - Use Block Storage service volume for the instance root volume instead of Compute service local volume, this value is always true.

  • volume_name (string) - Name of the Block Storage service volume. If this isn't specified, random string will be used.

  • volume_type (string) - Type of the Block Storage service volume.

  • volume_size (int) - Size of the Block Storage service volume in GB. If this isn't specified, it is set to source image min disk value (if set) or calculated from the source image bytes size. Note that in some cases this needs to be specified, if use_blockstorage_volume is true.

»Communicator Configuration

In addition to the above options, a communicator can be configured for this builder.

»Optional:

  • communicator (string) - Packer currently supports three kinds of communicators:

    • none - No communicator will be used. If this is set, most provisioners also can't be used.

    • ssh - An SSH connection will be established to the machine. This is usually the default.

    • winrm - A WinRM connection will be established.

    In addition to the above, some builders have custom communicators they can use. For example, the Docker builder has a "docker" communicator that uses docker exec and docker cp to execute scripts and copy files.

  • pause_before_connecting (duration string | ex: "1h5m2s") - We recommend that you enable SSH or WinRM as the very last step in your guest's bootstrap script, but sometimes you may have a race condition where you need Packer to wait before attempting to connect to your guest.

    If you end up in this situation, you can use the template option pause_before_connecting. By default, there is no pause. For example if you set pause_before_connecting to 10m Packer will check whether it can connect, as normal. But once a connection attempt is successful, it will disconnect and then wait 10 minutes before connecting to the guest and beginning provisioning.

  • ssh_host (string) - The address to SSH to. This usually is automatically configured by the builder.

  • ssh_port (int) - The port to connect to SSH. This defaults to 22.

  • ssh_username (string) - The username to connect to SSH with. Required if using SSH.

  • ssh_password (string) - A plaintext password to use to authenticate with SSH.

  • ssh_ciphers ([]string) - This overrides the value of ciphers supported by default by golang. The default value is [ "aes128-gcm@openssh.com", "chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", ]

    Valid options for ciphers include: "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "chacha20-poly1305@openssh.com", "arcfour256", "arcfour128", "arcfour", "aes128-cbc", "3des-cbc",

  • ssh_clear_authorized_keys (bool) - If true, Packer will attempt to remove its temporary key from ~/.ssh/authorized_keys and /root/.ssh/authorized_keys. This is a mostly cosmetic option, since Packer will delete the temporary private key from the host system regardless of whether this is set to true (unless the user has set the -debug flag). Defaults to "false"; currently only works on guests with sed installed.

  • ssh_key_exchange_algorithms ([]string) - If set, Packer will override the value of key exchange (kex) altorighms supported by default by golang. Acceptable values include: "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group14-sha1", and "diffie-hellman-group1-sha1".

  • ssh_certificate_file (string) - Path to user certificate used to authenticate with SSH. The ~ can be used in path and will be expanded to the home directory of current user.

  • ssh_pty (bool) - If true, a PTY will be requested for the SSH connection. This defaults to false.

  • ssh_timeout (duration string | ex: "1h5m2s") - The time to wait for SSH to become available. Packer uses this to determine when the machine has booted so this is usually quite long. Example value: 10m.

  • ssh_disable_agent_forwarding (bool) - If true, SSH agent forwarding will be disabled. Defaults to false.

  • ssh_handshake_attempts (int) - The number of handshakes to attempt with SSH once it can connect. This defaults to 10.

  • ssh_bastion_host (string) - A bastion host to use for the actual SSH connection.

  • ssh_bastion_port (int) - The port of the bastion host. Defaults to 22.

  • ssh_bastion_agent_auth (bool) - If true, the local SSH agent will be used to authenticate with the bastion host. Defaults to false.

  • ssh_bastion_username (string) - The username to connect to the bastion host.

  • ssh_bastion_password (string) - The password to use to authenticate with the bastion host.

  • ssh_bastion_interactive (bool) - If true, the keyboard-interactive used to authenticate with bastion host.

  • ssh_bastion_private_key_file (string) - Path to a PEM encoded private key file to use to authenticate with the bastion host. The ~ can be used in path and will be expanded to the home directory of current user.

  • ssh_bastion_certificate_file (string) - Path to user certificate used to authenticate with bastion host. The ~ can be used in path and will be expanded to the home directory of current user.

  • ssh_file_transfer_method (string) - scp or sftp - How to transfer files, Secure copy (default) or SSH File Transfer Protocol.

  • ssh_proxy_host (string) - A SOCKS proxy host to use for SSH connection

  • ssh_proxy_port (int) - A port of the SOCKS proxy. Defaults to 1080.

  • ssh_proxy_username (string) - The optional username to authenticate with the proxy server.

  • ssh_proxy_password (string) - The optional password to use to authenticate with the proxy server.

  • ssh_keep_alive_interval (duration string | ex: "1h5m2s") - How often to send "keep alive" messages to the server. Set to a negative value (-1s) to disable. Example value: 10s. Defaults to 5s.

  • ssh_read_write_timeout (duration string | ex: "1h5m2s") - The amount of time to wait for a remote command to end. This might be useful if, for example, packer hangs on a connection after a reboot. Example: 5m. Disabled by default.

  • ssh_remote_tunnels ([]string) -

  • ssh_local_tunnels ([]string) -

  • temporary_key_pair_type (string) - dsa | ecdsa | ed25519 | rsa ( the default )

    Specifies the type of key to create. The possible values are 'dsa', 'ecdsa', 'ed25519', or 'rsa'.

  • temporary_key_pair_bits (int) - Specifies the number of bits in the key to create. For RSA keys, the minimum size is 1024 bits and the default is 4096 bits. Generally, 3072 bits is considered sufficient. DSA keys must be exactly 1024 bits as specified by FIPS 186-2. For ECDSA keys, bits determines the key length by selecting from one of three elliptic curve sizes: 256, 384 or 521 bits. Attempting to use bit lengths other than these three values for ECDSA keys will fail. Ed25519 keys have a fixed length and bits will be ignored.

  • ssh_private_key_file (string) - Path to a PEM encoded private key file to use to authenticate with SSH. The ~ can be used in path and will be expanded to the home directory of current user.
  • ssh_agent_auth (bool) - If true, the local SSH agent will be used to authenticate connections to the source instance. No temporary keypair will be created, and the values of ssh_password and ssh_private_key_file will be ignored. The environment variable SSH_AUTH_SOCK must be set for this option to work properly.

»Basic Example

Here is a basic example for HuaweiCloud.

{
    "builders": [
        {
            "type": "huaweicloud-ecs",
            "access_key": "{{ my-access-key }}",
            "secret_key": "{{ my-secret-key }}",
            "region": "cn-north-1",
            "image_name": "{{ image_name }}",
            "source_image": "{{ source_image }}",
            "flavor": "s6.large.2",
            "vpc_id": "{{ vpc_id }}",
            "subnets": [
                "{{ subnet }}"
            ],
            "security_groups": [
              "{{ security_group }}"
            ],
            "eip_type": "5_bgp",
            "eip_bandwidth_size": 2,
            "ssh_username": "root",
            "ssh_ip_version": "4",
        }
    ],

    "provisioners": [
        {
            "type": "shell",
            "inline": [
                "echo \"start install nginx, sleep 20s first\"",
                "sleep 20",
                "echo \"run install\"",
                "yum -y install nginx",
                "echo \"enable nginx\"",
                "systemctl enable nginx.service",
                "echo \"install nginx done\""
            ]
        }
    ]
}
{    "builders": [        {            "type": "huaweicloud-ecs",            "access_key": "{{ my-access-key }}",            "secret_key": "{{ my-secret-key }}",            "region": "cn-north-1",            "image_name": "{{ image_name }}",            "source_image": "{{ source_image }}",            "flavor": "s6.large.2",            "vpc_id": "{{ vpc_id }}",            "subnets": [                "{{ subnet }}"            ],            "security_groups": [              "{{ security_group }}"            ],            "eip_type": "5_bgp",            "eip_bandwidth_size": 2,            "ssh_username": "root",            "ssh_ip_version": "4",        }    ],
    "provisioners": [        {            "type": "shell",            "inline": [                "echo \"start install nginx, sleep 20s first\"",                "sleep 20",                "echo \"run install\"",                "yum -y install nginx",                "echo \"enable nginx\"",                "systemctl enable nginx.service",                "echo \"install nginx done\""            ]        }    ]}