Book Image

HashiCorp Packer in Production

By : John Boero
Book Image

HashiCorp Packer in Production

By: John Boero

Overview of this book

Creating machine images can be time-consuming and error-prone when done manually. HashiCorp Packer enables you to automate this process by defining the configuration in a simple, declarative syntax. This configuration is then used to create machine images for multiple environments and cloud providers. The book begins by showing you how to create your first manifest while helping you understand the available components. You’ll then configure the most common built-in builder options for Packer and use runtime provisioners to reconfigure a source image for desired tasks. You’ll also learn how to control logging for troubleshooting errors in complex builds and explore monitoring options for multiple logs at once. As you advance, you’ll build on your initial manifest for a local application that’ll easily migrate to another builder or cloud. The chapters also help you get to grips with basic container image options in different formats while scaling large builds in production. Finally, you’ll develop a life cycle and retention policy for images, automate packer builds, and protect your production environment from nefarious plugins. By the end of this book, you’ll be equipped to smoothen collaboration and reduce the risk of errors by creating machine images consistently and automatically based on your defined configuration.
Table of Contents (18 chapters)
Part 1: Packer’s Beginnings
Part 2: Managing Large Environments
Part 3: Advanced Customized Packer

Using HashiCorp Vault integration for automation

When you use Packer in pipelines it may be useful to add HashiCorp Vault for short-lived credentials. When building cloud images, shouldn’t each build pipeline use its own cloud credentials and purge them afterward? What if Packer or part of the pipeline fails and doesn’t get a chance to revoke any credentials used? HashiCorp Vault is there to rotate and revoke your unused credentials.

If the runner service you select is a VM within the cloud, then Packer may automatically use the service account presented to the VM itself. In this case, there may be no need to use Vault credentials. AWS, Azure, and GCP all support this option. If you are using a local runner or building for multicloud, Vault is the best way to provide secure credentials for Packer pipelines.

This section builds on the Vault discussions from Chapter 3, Configuring Builders and Sources. It assumes a basic knowledge of HashiCorp Vault but focuses solely...