Book Image

HashiCorp Packer in Production

By : John Boero
Book Image

HashiCorp Packer in Production

By: John Boero

Overview of this book

Creating machine images can be time-consuming and error-prone when done manually. HashiCorp Packer enables you to automate this process by defining the configuration in a simple, declarative syntax. This configuration is then used to create machine images for multiple environments and cloud providers. The book begins by showing you how to create your first manifest while helping you understand the available components. You’ll then configure the most common built-in builder options for Packer and use runtime provisioners to reconfigure a source image for desired tasks. You’ll also learn how to control logging for troubleshooting errors in complex builds and explore monitoring options for multiple logs at once. As you advance, you’ll build on your initial manifest for a local application that’ll easily migrate to another builder or cloud. The chapters also help you get to grips with basic container image options in different formats while scaling large builds in production. Finally, you’ll develop a life cycle and retention policy for images, automate packer builds, and protect your production environment from nefarious plugins. By the end of this book, you’ll be equipped to smoothen collaboration and reduce the risk of errors by creating machine images consistently and automatically based on your defined configuration.
Table of Contents (18 chapters)
Part 1: Packer’s Beginnings
Part 2: Managing Large Environments
Part 3: Advanced Customized Packer

Protecting Packer from bad plugins

The release cycle is important with plugins. Developing a plugin locally is one thing but using it in production should require a signed release. You can tag and release a version of your repo for the community to use. You should always sign releases to ensure malicious code doesn’t make its way into your plugin. GPG keys can be used to sign a release, and public keys can verify that the plugin matches what you shipped it with.

In addition to plugin signatures, it’s important to make sure your Packer template pins the correct, or at least minimal, release for your plugin in case the functionality changes. Remember, this can be specified at the top of a template. Also, for machines that don’t have the source code for building your plugin, it’s important to configure the source path. This will require a packer init command before the first build you attempt so that Packer can download the right release into the $HOME/...