Skip to content
shichangkuo edited this page Jul 7, 2023 · 13 revisions

HuaweiCloud Image Builder

Type: huaweicloud-ecs

Artifact BuilderId: huawei.huaweicloud

The huaweicloud-ecs Packer builder plugin is able to create new images with HuaweiCloud. The builder takes a source image, runs any provisioning necessary on the image after launching it, then converts it into a reusable image. This reusable image can then be used as the foundation of new servers that are launched within HuaweiCloud.

The builder does not manage images. Once it creates an image, it is up to you to use it or delete it.

Configuration Reference

There are many configuration options available for the builder. They are segmented below into two categories: required and optional parameters.

In addition to the options listed here, a communicator can be configured for this builder.

Required:

  • access_key (string) - The access key of the HuaweiCloud to use. If omitted, the HW_ACCESS_KEY environment variable is used.

  • secret_key (string) - The secret key of the HuaweiCloud to use. If omitted, the HW_SECRET_KEY environment variable is used.

  • region (string) - The HuaweiCloud region in which to launch the server to create the image. If omitted, the HW_REGION_NAME environment variable is used.

  • image_name (string) - The name of the packer image.
  • flavor (string) - The name for the desired flavor for the server to be created.

Optional:

  • image_description (string) - The description of the packer image.

  • image_type (string, Available in v1.0.1+) - The type of the packer image. Available values include: system, data-disk, system-data and full-ecs.

  • image_tags (map[string]string) - The tags of the packer image in key/value format.

  • image_members ([]string) - List of members to add to the image after creation. An image member is usually a project (also called the "tenant") with whom the image is shared.

  • wait_image_ready_timeout (duration string) - Timeout of creating the image. The timeout string is a possibly signed sequence of decimal numbers, each with optional fraction and a unit suffix, such as "40m", "1.5h" or "2h30m". The default timeout is "30m" which means 30 minutes.

  • enterprise_project_id (string) - The ID of Enterprise Project in which to create the image. If omitted, the HW_ENTERPRISE_PROJECT_ID environment variable is used.

  • availability_zone (string) - The availability zone to launch the server in. If omitted, a random availability zone in the region will be used.

  • source_image (string) - The ID of the base image to use. This is the image that will be used to launch a new server and provision it. Unless you specify completely custom SSH settings, the source image must have cloud-init installed so that the keypair gets assigned properly.

  • source_image_name (string) - The name of the base image to use. This is an alternative way of providing source_image and only either of them can be specified.

  • source_image_filter (ImageFilter) - Filters used to populate filter options. Example:

    {
        "source_image_filter": {
            "filters": {
                "name": "Ubuntu 20.04 server 64bit",
                "visibility": "public",
            },
            "most_recent": true
        }
    }

    This selects the most recent production Ubuntu 20.04 shared to you by the given owner.

    NOTE: This will fail unless exactly one image is returned, or most_recent is set to true. In the example of multiple returned images, most_recent will cause this to succeed by selecting the newest image of the returned images.

    • filters (ImageFilterOptions) - filters used to select a source_image. The following filters are valid:

      • name (string) - The image name. Exact matching is used.
      • owner (string) - The owner to which the image belongs.
      • visibility (string) - The visibility of the image. Available values include: public, private, market, and shared.
      • tag (string) - Specifies a tag added to an image. Tags can be used as a filter to query images.
    • most_recent (boolean) - Selects the newest created image when true. This is most useful for selecting a daily distro build.

    You may set use this in place of source_image if source_image_filter is provided alongside source_image, the source_image will override the filter. The filter will not be used in this case.

  • floating_ip (string) - A specific EIP ID to assign to this instance.

  • reuse_ips (bool) - Whether or not to attempt to reuse existing unassigned floating ips in the project before allocating a new one. Note that it is not possible to safely do this concurrently, so if you are running multiple builds concurrently, or if other processes are assigning and using floating IPs in the same project while packer is running, you should not set this to true. Defaults to false.

  • eip_type (string) - The type of EIP. See the api doc to get the value.

  • eip_bandwidth_size (int) - The size of EIP bandwidth.

  • ssh_ip_version (string) - The IP version to use for SSH connections, valid values are 4 and 6.

  • vpc_id (string) - A vpc id to attach to this instance.

  • subnets ([]string) - A list of subnets by UUID to attach to this instance.

  • security_groups ([]string) - A list of security groups by name to add to this instance.

  • user_data (string) - User data to apply when launching the instance. Note that you need to be careful about escaping characters due to the templates being JSON. It is often more convenient to use user_data_file, instead. Packer will not automatically wait for a user script to finish before shutting down the instance this must be handled in a provisioner.

  • user_data_file (string) - Path to a file that will be used for the user data when launching the instance.

  • instance_name (string) - Name that is applied to the server instance created by Packer. If this isn't specified, the default is same as image_name.

  • instance_metadata (map[string]string) - Metadata that is applied to the server instance created by Packer. Also called server properties in some documentation. The strings have a max size of 255 bytes each.

  • spot_pricing (bool, Available in v1.0.3+) - If set to true, the ECS will be billed in spot price mode. This mode is more cost-effective than pay-per-use, and the spot price will be adjusted based on supply-and-demand changes.

  • spot_maximum_price (string, Available in v1.0.3+) - The highest price you are willing to pay for an ECS. This price is not lower than the current market price and not higher than the pay-per-use price. When the market price is higher than your quoting or the inventory is insufficient, the spot ECS will be terminated.

  • volume_type (string) - The system disk type of the instance. Defaults to SSD. For details about disk types, see Disk Types and Disk Performance. Available values include:

    • SAS: high I/O disk type.
    • SSD: ultra-high I/O disk type.
    • GPSSD: general purpose SSD disk type.
    • ESSD: Extreme SSD type.
  • volume_size (int) - The system disk size in GB. If this parameter is not specified, it is set to the minimum value of the system disk in the source image.

  • kms_key_id (string, Available in v1.0.3+) - The ID of a KMS key used to encrypt the system disk. This parameter is only supported in some regions, such as ap-southeast-3.

  • data_disks ([]DataVolume) - Add one or more data disks to the instance before creating the image. Usage example:

    {
      "data_disks": [
        {
          "volume_size": 100,
          "volume_type": "GPSSD"
        }
      ]
    }

    The data_disks allow for the following argument:

    • volume_size (int) - The data disk size in GB.
    • data_image_id (string) - The ID of the data disk image.
    • snapshot_id (string) - The ID of the snapshot.
    • volume_id (string) - The ID of an existing volume.
    • volume_type (string) - The data disk type of the instance. Defaults to SSD. Available values include: SAS, SSD, GPSSD, and ESSD.
    • kms_key_id (string, Available in v1.0.3+) - The ID of a KMS key used to encrypt when creatig a new data disk.
  • vault_id (string) - The ID of the vault to which the instance is to be added. This parameter is mandatory when creating a full-ECS image from the instance.

  • project_name (string) - The name of the project to login with. If omitted, the HW_PROJECT_NAME environment variable or region is used.

  • project_id (string) - The ID of the project to login with. If omitted, the HW_PROJECT_ID environment variable is used.

  • security_token (string) - The security token to authenticate with a temporary security credential. If omitted, the HW_SECURITY_TOKEN environment variable is used.

  • auth_url (string) - The Identity authentication URL. If omitted, the HW_AUTH_URL environment variable is used. This is not required if you use HuaweiCloud.

  • insecure (bool) - Trust self-signed SSL certificates. By default this is false.

Communicator Configuration

In addition to the above options, a communicator can be configured for this builder.

Optional:

  • communicator (string) - Packer currently supports three kinds of communicators:

    • none - No communicator will be used. If this is set, most provisioners also can't be used.

    • ssh - An SSH connection will be established to the machine. This is usually the default.

    • winrm - A WinRM connection will be established.

    In addition to the above, some builders have custom communicators they can use. For example, the Docker builder has a "docker" communicator that uses docker exec and docker cp to execute scripts and copy files.

  • pause_before_connecting (duration string | ex: "1h5m2s") - We recommend that you enable SSH or WinRM as the very last step in your guest's bootstrap script, but sometimes you may have a race condition where you need Packer to wait before attempting to connect to your guest.

    If you end up in this situation, you can use the template option pause_before_connecting. By default, there is no pause. For example if you set pause_before_connecting to 10m Packer will check whether it can connect, as normal. But once a connection attempt is successful, it will disconnect and then wait 10 minutes before connecting to the guest and beginning provisioning.

  • ssh_host (string) - The address to SSH to. This usually is automatically configured by the builder.

  • ssh_port (int) - The port to connect to SSH. This defaults to 22.

  • ssh_username (string) - The username to connect to SSH with. Required if using SSH.

  • ssh_password (string) - A plaintext password to use to authenticate with SSH.

  • ssh_ciphers ([]string) - This overrides the value of ciphers supported by default by golang. The default value is [ "[email protected]", "[email protected]", "aes128-ctr", "aes192-ctr", "aes256-ctr", ]

    Valid options for ciphers include: "aes128-ctr", "aes192-ctr", "aes256-ctr", "[email protected]", "[email protected]", "arcfour256", "arcfour128", "arcfour", "aes128-cbc", "3des-cbc",

  • ssh_clear_authorized_keys (bool) - If true, Packer will attempt to remove its temporary key from ~/.ssh/authorized_keys and /root/.ssh/authorized_keys. This is a mostly cosmetic option, since Packer will delete the temporary private key from the host system regardless of whether this is set to true (unless the user has set the -debug flag). Defaults to "false"; currently only works on guests with sed installed.

  • ssh_key_exchange_algorithms ([]string) - If set, Packer will override the value of key exchange (kex) algorithms supported by default by golang. Acceptable values include: "[email protected]", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group14-sha1", and "diffie-hellman-group1-sha1".

  • ssh_certificate_file (string) - Path to user certificate used to authenticate with SSH. The ~ can be used in path and will be expanded to the home directory of current user.

  • ssh_pty (bool) - If true, a PTY will be requested for the SSH connection. This defaults to false.

  • ssh_timeout (duration string | ex: "1h5m2s") - The time to wait for SSH to become available. Packer uses this to determine when the machine has booted so this is usually quite long. Example value: 10m. This defaults to 5m, unless ssh_handshake_attempts is set.

  • ssh_disable_agent_forwarding (bool) - If true, SSH agent forwarding will be disabled. Defaults to false.

  • ssh_handshake_attempts (int) - The number of handshakes to attempt with SSH once it can connect. This defaults to 10, unless a ssh_timeout is set.

  • ssh_bastion_host (string) - A bastion host to use for the actual SSH connection.

  • ssh_bastion_port (int) - The port of the bastion host. Defaults to 22.

  • ssh_bastion_agent_auth (bool) - If true, the local SSH agent will be used to authenticate with the bastion host. Defaults to false.

  • ssh_bastion_username (string) - The username to connect to the bastion host.

  • ssh_bastion_password (string) - The password to use to authenticate with the bastion host.

  • ssh_bastion_interactive (bool) - If true, the keyboard-interactive used to authenticate with bastion host.

  • ssh_bastion_private_key_file (string) - Path to a PEM encoded private key file to use to authenticate with the bastion host. The ~ can be used in path and will be expanded to the home directory of current user.

  • ssh_bastion_certificate_file (string) - Path to user certificate used to authenticate with bastion host. The ~ can be used in path and will be expanded to the home directory of current user.

  • ssh_file_transfer_method (string) - scp or sftp - How to transfer files, Secure copy (default) or SSH File Transfer Protocol.

  • ssh_proxy_host (string) - A SOCKS proxy host to use for SSH connection

  • ssh_proxy_port (int) - A port of the SOCKS proxy. Defaults to 1080.

  • ssh_proxy_username (string) - The optional username to authenticate with the proxy server.

  • ssh_proxy_password (string) - The optional password to use to authenticate with the proxy server.

  • ssh_keep_alive_interval (duration string | ex: "1h5m2s") - How often to send "keep alive" messages to the server. Set to a negative value (-1s) to disable. Example value: 10s. Defaults to 5s.

  • ssh_read_write_timeout (duration string | ex: "1h5m2s") - The amount of time to wait for a remote command to end. This might be useful if, for example, packer hangs on a connection after a reboot. Example: 5m. Disabled by default.

  • ssh_remote_tunnels ([]string) -

  • ssh_local_tunnels ([]string) -

  • temporary_key_pair_type (string) - dsa | ecdsa | ed25519 | rsa ( the default )

    Specifies the type of key to create. The possible values are 'dsa', 'ecdsa', 'ed25519', or 'rsa'.

  • temporary_key_pair_bits (int) - Specifies the number of bits in the key to create. For RSA keys, the minimum size is 1024 bits and the default is 4096 bits. Generally, 3072 bits is considered sufficient. DSA keys must be exactly 1024 bits as specified by FIPS 186-2. For ECDSA keys, bits determines the key length by selecting from one of three elliptic curve sizes: 256, 384 or 521 bits. Attempting to use bit lengths other than these three values for ECDSA keys will fail. Ed25519 keys have a fixed length and bits will be ignored.

  • ssh_keypair_name (string) - If specified, this is the key that will be used for SSH with the machine. The key must match a key pair name loaded up into the remote. By default, this is blank, and Packer will generate a temporary keypair unless ssh_password is used. ssh_private_key_file or ssh_agent_auth must be specified when ssh_keypair_name is utilized.

  • ssh_private_key_file (string) - Path to a PEM encoded private key file to use to authenticate with SSH. The ~ can be used in path and will be expanded to the home directory of current user.

  • ssh_agent_auth (bool) - If true, the local SSH agent will be used to authenticate connections to the source instance. No temporary keypair will be created, and the values of ssh_password and ssh_private_key_file will be ignored. The environment variable SSH_AUTH_SOCK must be set for this option to work properly.

Basic Example

Here is a basic example for HuaweiCloud.

HCL2

variable "access_key" {
  type = string
}
variable "secret_key" {
  type = string
}
variable "source_image_id" {
  type = string
}

source "huaweicloud-ecs" "basic-example" {
  region             = "cn-north-1"
  access_key         = var.access_key
  secret_key         = var.secret_key
  flavor             = "s6.large.2"
  image_name         = "packer-image"
  source_image       = var.source_image_id
  security_groups    = ["default"]
  eip_bandwidth_size = 5
  eip_type           = "5_bgp"
  ssh_ip_version     = "4"
  ssh_username       = "root"
}

build {
  sources = ["source.huaweicloud-ecs.basic-example"]

  provisioner "shell" {
    inline = [
      "echo \"start install nginx, sleep 20s first\"",
      "sleep 20",
      "echo \"run install\"",
      "apt install -y nginx",
      "echo \"enable nginx\"",
      "systemctl enable nginx.service",
      "echo \"install nginx done\""
    ]
  }
}

JSON

{
    "builders": [
        {
            "type": "huaweicloud-ecs",
            "access_key": "{{ my-access-key }}",
            "secret_key": "{{ my-secret-key }}",
            "region": "cn-north-1",
            "image_name": "{{ image_name }}",
            "source_image": "{{ source_image }}",
            "flavor": "s6.large.2",
            "security_groups": [
              "{{ security_group }}"
            ],
            "eip_type": "5_bgp",
            "eip_bandwidth_size": 2,
            "ssh_username": "root",
            "ssh_ip_version": "4",
        }
    ],

    "provisioners": [
        {
            "type": "shell",
            "inline": [
                "echo \"start install nginx, sleep 20s first\"",
                "sleep 20",
                "echo \"run install\"",
                "yum -y install nginx",
                "echo \"enable nginx\"",
                "systemctl enable nginx.service",
                "echo \"install nginx done\""
            ]
        }
    ]
}
Clone this wiki locally