HashiCorp의 제품은 설치형과 더불어 SaaS 모델로도 사용가능한 모델이 제공됩니다. 여기에는 지금까지 Terraform Cloud, HCP Vault, HCP Consul 이 제공되었습니다. HCP는 HashiCorp Cloud Platform의 약자 입니다.
여기에 최근 HCP Packer가 공식적으로 GA(General Available)되었습니다. HashiCorp의 솔루션들에 대해서 우선 OSS(Open Source Software)로 떠올려 볼 수 있지만 기업을 위해 기능이 차별화된 설치형 엔터프라이즈와 더불어 클라우드형 서비스도 제공되고 있으며 향후 새로운 솔루션들이 추가될 전망입니다.
vault()는 vault 연동시 사용가능 : https://www.packer.io/docs/templates/hcl_templates/functions/contextual/vault# packer build -force .
locals {
access_key = vault("/kv-v2/data/alicloud", "access_key")
secret_key = vault("/kv-v2/data/alicloud", "secret_key")
}
variable "region" {
default = "ap-southeast-1"
description = "https://www.alibabacloud.com/help/doc-detail/40654.htm"
}
source "alicloud-ecs" "basic-example" {
access_key = local.access_key
secret_key = local.secret_key
region = var.region
image_name = "ssh_otp_image_1_5"
source_image = "centos_7_9_x64_20G_alibase_20210623.vhd"
ssh_username = "root"
instance_type = "ecs.n1.tiny"
io_optimized = true
internet_charge_type = "PayByTraffic"
image_force_delete = true
}
build {
sources = ["sources.alicloud-ecs.basic-example"]
provisioner "file" {
source = "./files/"
destination = "/tmp"
}
# Vault OTP
provisioner "shell" {
inline = [
"cp /tmp/sshd /etc/pam.d/sshd",
"cp /tmp/sshd_config /etc/ssh/sshd_config",
"mkdir -p /etc/vault.d",
"cp /tmp/vault.hcl /etc/vault.d/vault.hcl",
"cp /tmp/vault-ssh-helper /usr/bin/vault-ssh-helper",
"/usr/bin/vault-ssh-helper -verify-only -config=/etc/vault.d/vault.hcl -dev",
"sudo adduser test",
"echo password | passwd --stdin test",
"echo 'test ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers",
"sudo sed -ie 's/SELINUX=enforcing/SELINUX=disabled /g' /etc/selinux/config"
]
}
# Apache
provisioner "shell" {
inline = [
"sudo yum -y update",
"sleep 15",
"sudo yum -y update",
"sudo yum -y install httpd",
"sudo systemctl enable httpd",
"sudo systemctl start httpd",
"chmod +x /tmp/deploy_app.sh",
"PLACEHOLDER=${var.placeholder} WIDTH=600 HEIGHT=800 PREFIX=gs /tmp/deploy_app.sh",
# "sudo firewall-cmd --zone=public --permanent --add-port=80/tcp",
# "sudo firewall-cmd --reload",
]
}
}
variable "placeholder" {
default = "placekitten.com"
description = "Image-as-a-service URL. Some other fun ones to try are fillmurray.com, placecage.com, placebeard.it, loremflickr.com, baconmockup.com, placeimg.com, placebear.com, placeskull.com, stevensegallery.com, placedog.net"
}
vault()는 vault 연동시 사용가능 : https://www.packer.io/docs/templates/hcl_templates/functions/contextual/vault# packer init -upgrade .
# packer build -force .
locals {
client_id = vault("/kv/data/azure", "client_id")
client_secret = vault("/kv/data/azure", "client_secret")
tenant_id = vault("/kv/data/azure", "tenant_id")
subscription_id = vault("/kv/data/azure", "subscription_id")
resource_group_name = var.resource_name
virtual_network_name = "kbid-d-krc-vnet-002"
virtual_network_subnet_name = "d-mgmt-snet-001"
virtual_network_resource_group_name = "kbid-d-krc-mgmt-rg"
timestamp = formatdate("YYYYMMDD_hhmmss", timeadd(timestamp(), "9h")) #생성되는 이미지 이름을 time 기반으로 생성
}
variable "placeholder" {
default = "placekitten.com"
description = "Image-as-a-service URL. Some other fun ones to try are fillmurray.com, placecage.com, placebeard.it, loremflickr.com, baconmockup.com, placeimg.com, placebear.com, placeskull.com, stevensegallery.com, placedog.net"
}
# Basic example : https://www.packer.io/docs/builders/azure/arm#basic-example
# MS Guide : https://docs.microsoft.com/ko-kr/azure/virtual-machines/linux/build-image-with-packer
source "azure-arm" "basic-example" {
client_id = local.client_id
client_secret = local.client_secret
subscription_id = local.subscription_id
tenant_id = local.tenant_id
# shared_image_gallery {
# subscription = local.subscription_id
# resource_group = "myrg"
# gallery_name = "GalleryName"
# image_name = "gs_pkr_${local.timestamp}"
# image_version = "1.0.0"
# }
managed_image_resource_group_name = local.resource_group_name
managed_image_name = "${var.image_name}-${local.timestamp}"
os_type = "Linux"
# az vm image list-publishers --location koreacentral --output table
image_publisher = "RedHat"
# az vm image list-offers --location koreacentral --publisher RedHat --output table
image_offer = "RHEL"
# az vm image list-skus --location koreacentral --publisher RedHat --offer RHEL --output table
image_sku = "8_4"
azure_tags = {
dept = "KBHC Terraform POC"
}
# az vm list-skus --location koreacentral --all --output table
build_resource_group_name = local.resource_group_name
#########################################
# 기존 생성되어있는 network 를 사용하기 위한 항목 #
#########################################
virtual_network_name = local.virtual_network_name
virtual_network_subnet_name = local.virtual_network_subnet_name
virtual_network_resource_group_name = local.virtual_network_resource_group_name
# location = "koreacentral"
vm_size = "Standard_A2_v2"
}
build {
sources = ["sources.azure-arm.basic-example"]
provisioner "file" {
source = "./files/"
destination = "/tmp"
}
# Vault OTP
provisioner "shell" {
inline = [
"sudo cp /tmp/sshd /etc/pam.d/sshd",
"sudo cp /tmp/sshd_config /etc/ssh/sshd_config",
"sudo mkdir -p /etc/vault.d",
"sudo cp /tmp/vault.hcl /etc/vault.d/vault.hcl",
"sudo cp /tmp/vault-ssh-helper /usr/bin/vault-ssh-helper",
"echo \"=== Vault_Check ===\"",
"curl http://10.0.9.10:8200",
"/usr/bin/vault-ssh-helper -verify-only -config=/etc/vault.d/vault.hcl -dev",
"echo \"=== Add User ===\"",
"sudo adduser jboss",
"echo password | sudo passwd --stdin jboss",
"echo 'jboss ALL=(ALL) NOPASSWD: ALL' | sudo tee -a /etc/sudoers",
"echo \"=== SELINUX DISABLE ===\"",
"sudo sed -ie 's/SELINUX=enforcing/SELINUX=disabled /g' /etc/selinux/config"
]
}
# Apache
provisioner "shell" {
inline = [
"sudo yum -y update",
"sleep 15",
"sudo yum -y update",
"sudo yum -y install httpd",
"sudo systemctl enable httpd",
"sudo systemctl start httpd",
"chmod +x /tmp/deploy_app.sh",
"sudo PLACEHOLDER=${var.placeholder} WIDTH=600 HEIGHT=800 PREFIX=gs /tmp/deploy_app.sh",
"sudo firewall-cmd --zone=public --permanent --add-port=80/tcp",
"sudo firewall-cmd --reload",
]
}
}
variable "base_image" {
default = "ubuntu-1804-bionic-v20210415"
}
variable "project" {
default = "gs-test-282101"
}
variable "region" {
default = "asia-northeast2"
}
variable "zone" {
default = "asia-northeast2-a"
}
variable "image_name" {
}
variable "placeholder" {
default = "placekitten.com"
description = "Image-as-a-service URL. Some other fun ones to try are fillmurray.com, placecage.com, placebeard.it, loremflickr.com, baconmockup.com, placeimg.com, placebear.com, placeskull.com, stevensegallery.com, placedog.net"
}
source "googlecompute" "basic-example" {
project_id = var.project
source_image = var.base_image
ssh_username = "ubuntu"
zone = var.zone
disk_size = 10
disk_type = "pd-ssd"
image_name = var.image_name
}
build {
name = "packer"
source "sources.googlecompute.basic-example" {
name = "packer"
}
provisioner "file"{
source = "./files"
destination = "/tmp/"
}
provisioner "shell" {
inline = [
"sudo apt-get -y update",
"sleep 15",
"sudo apt-get -y update",
"sudo apt-get -y install apache2",
"sudo systemctl enable apache2",
"sudo systemctl start apache2",
"sudo chown -R ubuntu:ubuntu /var/www/html",
"chmod +x /tmp/files/*.sh",
"PLACEHOLDER=${var.placeholder} WIDTH=600 HEIGHT=800 PREFIX=gs /tmp/files/deploy_app.sh",
]
}
}
# packer init client.pkr.hcl
# packer build -force .
variable "region" {
default = "ap-northeast-2"
}
variable "cni-version" {
default = "1.0.1"
}
packer {
required_plugins {
amazon = {
version = ">= 0.0.2"
source = "github.com/hashicorp/amazon"
}
}
}
source "amazon-ebs" "example" {
ami_name = "gs_demo_ubuntu_{{timestamp}}"
instance_type = "t3.micro"
region = var.region
source_ami_filter {
filters = {
name = "ubuntu/images/*ubuntu-bionic-18.04-amd64-server-*"
root-device-type = "ebs"
virtualization-type = "hvm"
}
most_recent = true
owners = ["099720109477"]
}
ssh_username = "ubuntu"
}
build {
sources = ["source.amazon-ebs.example"]
provisioner "file" {
source = "./file/"
destination = "/tmp"
}
provisioner "shell" {
inline = [
"set -x",
"echo Connected via Consul/Nomad client at \"${build.User}@${build.Host}:${build.Port}\"",
"sudo apt-get update",
"sudo apt-get install -y apt-transport-https ca-certificates curl gnupg lsb-release",
"sudo apt-get update",
"curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -",
"sudo apt-add-repository \"deb [arch=amd64] https://apt.releases.hashicorp.com bionic main\"",
"sudo apt-get update && sudo apt-get -y install consul nomad netcat nginx",
"curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -",
"sudo add-apt-repository \"deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable\"",
"sudo apt-get update",
"sudo apt-get install -y docker-ce openjdk-11-jdk",
"curl -sL -o cni-plugins.tgz https://github.com/containernetworking/plugins/releases/download/v${var.cni-version}/cni-plugins-linux-amd64-v${var.cni-version}.tgz",
"sudo mkdir -p /opt/cni/bin",
"sudo tar -C /opt/cni/bin -xzf cni-plugins.tgz",
]
}
}
variable "region" {
default = "ap-northeast-2"
}
variable "cni-version" {
default = "1.0.1"
}
locals {
nomad_url = "https://releases.hashicorp.com/nomad/1.2.3/nomad_1.2.3_windows_amd64.zip"
consul_url = "https://releases.hashicorp.com/consul/1.11.1/consul_1.11.1_windows_amd64.zip"
jre_url = "https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.13%2B8/OpenJDK11U-jre_x64_windows_hotspot_11.0.13_8.zip"
}
packer {
required_plugins {
amazon = {
version = ">= 0.0.2"
source = "github.com/hashicorp/amazon"
}
}
}
source "amazon-ebs" "example" {
ami_name = "gs_demo_windows_{{timestamp}}"
communicator = "winrm"
instance_type = "t2.micro"
region = var.region
source_ami_filter {
filters = {
name = "*Windows_Server-2019-English-Full-Base*"
root-device-type = "ebs"
virtualization-type = "hvm"
}
most_recent = true
owners = ["amazon"]
}
user_data_file = "./bootstrap_win.txt"
winrm_password = "SuperS3cr3t!!!!"
winrm_username = "Administrator"
}
build {
sources = ["source.amazon-ebs.example"]
provisioner "powershell" {
inline = [
"New-Item \"C:\\temp\" -ItemType Directory",
]
}
// provisioner "file" {
// source = "./file/"
// destination = "/tmp"
// }
provisioner "powershell" {
inline = [
"New-Item \"C:\\hashicorp\\jre\\\" -ItemType Directory",
"New-Item \"C:\\hashicorp\\consul\\bin\\\" -ItemType Directory",
"New-Item \"C:\\hashicorp\\consul\\data\\\" -ItemType Directory",
"New-Item \"C:\\hashicorp\\consul\\conf\\\" -ItemType Directory",
"New-Item \"C:\\hashicorp\\nomad\\bin\\\" -ItemType Directory",
"New-Item \"C:\\hashicorp\\nomad\\data\\\" -ItemType Directory",
"New-Item \"C:\\hashicorp\\nomad\\conf\\\" -ItemType Directory",
"Invoke-WebRequest -Uri ${local.jre_url} -OutFile $env:TEMP\\jre.zip",
"Invoke-WebRequest -Uri ${local.consul_url} -OutFile $env:TEMP\\consul.zip",
"Invoke-WebRequest -Uri ${local.nomad_url} -OutFile $env:TEMP\\nomad.zip",
"Expand-Archive $env:TEMP\\jre.zip -DestinationPath C:\\hashicorp\\jre\\",
"Expand-Archive $env:TEMP\\consul.zip -DestinationPath C:\\hashicorp\\consul\\bin\\",
"Expand-Archive $env:TEMP\\nomad.zip -DestinationPath C:\\hashicorp\\nomad\\bin\\",
"[Environment]::SetEnvironmentVariable(\"Path\", $env:Path + \";C:\\hashicorp\\jre\\jdk-11.0.13+8-jre\\bin;C:\\hashicorp\\nomad\\bin;C:\\hashicorp\\consul\\bin\", \"Machine\")",
// "$old = (Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\Environment' -Name path).path",
// "$new = \"$old;C:\\hashicorp\\jre\\jdk-11.0.13+8-jre\\bin;C:\\hashicorp\\nomad\\bin;C:\\hashicorp\\consul\\bin\"",
// "Set-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\Environment' -Name path -Value $new",
]
}
}
packer {
required_plugins {
ncloud = {
version = ">= 0.0.1"
source = "github.com/hashicorp/ncloud"
}
}
}
source "ncloud" "example-linux" {
access_key = var.access_key
secret_key = var.secret_key
server_image_product_code = "SPSW0LINUX000139"
server_product_code = "SPSVRGPUSSD00001"
server_image_name = var.image_name
server_image_description = "server image description"
region = "Korea"
communicator = "ssh"
ssh_username = "root"
}
build {
sources = ["source.ncloud.example-linux"]
provisioner "file" {
source = "jupyter.service"
destination = "/etc/systemd/system/jupyter.service"
}
provisioner "shell" {
inline = [
"yum clean all",
"yum -y install epel-release",
"yum -y install python3",
"yum -y install python-pip",
"pip3 install --upgrade pip",
"adduser jupyter",
"su - jupyter",
"pip3 install --user jupyter jupyter",
"systemctl enable jupyter",
"systemctl start jupyter"
]
}
}
variable "access_key" {
type = string
}
variable "secret_key" {
type = string
}
variable "image_name" {
type = string
default = "test"
}