Building Windows images with Packer

Hi, folks!

Sometimes you need to create a base or custom image to use one in any kind of automated deployments (CD pipelines, Dev, QA  and etc.) in cloud or on-premises environments. Then, you might start searching for a good solution to make your task easier. Built-in sysprep?  Well, it’s a classic way for Windows without any additional functionality that might be required especially for clouds. So, what can be used for such task?  Definitely, Packer from HashiCorp would be one of the best tool. It allows you to build your custom image from Marketplace image (as for example) and place that image to the Azure Images for further usage.

In the JSON-example below, Packer uses provided options for authentication (variable section) and passes them to the Azure Resource Manager builder section. Packer supports a bunch of builders such as Azure, Hyper-V, VMware or AWS . In my case, Packer uses Azure RM and it’s Windows Server 2019-Datacenter marketplace image, creates a VM, connects to the VM via communicator (see communicator subsection), and then prepares image by running scripts and actions defined in the provisioners section.  I’m using here two PowerShell scripts for installing IIS role and OS sysprepping at the end of customization. Also, packer automatically updates OS and restarts it if necessary (custom windows-update and built-in windows-restart provisioners)

{
    "variables": {
        "client_id": "service principal|id here",
        "client_secret": "service principal| secret here",
        "tenant_id": "AD tenant's id here",
        "subscription_id": "subscription's id here"
    },
    "builders": [
        {
            "type": "azure-arm",
            "client_id": "{{user `client_id`}}",
            "client_secret": "{{user `client_secret`}}",
            "tenant_id": "{{user `tenant_id`}}",
            "subscription_id": "{{user `subscription_id`}}",
            "os_type": "Windows",
            "image_publisher": "MicrosoftWindowsServer",
            "image_offer": "WindowsServer",
            "image_sku": "2019-Datacenter",
            "image_version": "latest",
            "managed_image_resource_group_name": "TestRG",
            "managed_image_name": "ws2019-iis",
            "disk_caching_type": "ReadWrite",
            "communicator": "winrm",
            "winrm_use_ssl": true,
            "winrm_insecure": true,
            "winrm_timeout": "20m",
            "winrm_username": "packer",
            "location": "West Europe",
            "vm_size": "Standard_A2_v2",
            "azure_tags": {
                "dept": "IT"
            }
        }
    ],
    "provisioners": [
        {
            "type": "powershell",
            "inline": [
                "Write-Host 'Configuring IIS Role and sysprepping...'"
            ]
        },
        {
            "type": "powershell",
            "script": "./scripts/iis-install.ps1"
        },
        {
            "type": "windows-update"
        },
        {
            "type": "windows-restart"
        },
        {
            "type": "powershell",
            "script": "./scripts/iis-sysprep.ps1"
        }
    ]
}

When you end up with the configuration file, run packer build and wait while customization steps finish. Packer’s basic steps for a build are:

  • Create a resource group.
  • Validate and deploy a VM template.
  • Execute provision – defined by the user; typically shell commands.
  • Power off and capture the VM.
  • Delete the resource group.
  • Delete the temporary VM’s OS disk.

As a result, image with the name defined in the managed_image_name option will be added to Azure Images service:

packer azure images

Scripts and other stuff will be available on my GitHub soon. Stay tuned.

The Azure RM template deployment is not valid. See inner errors for details.

When you test your ARM template using PowerShell or other techniques  before the deployment, you can receive an error: “The template deployment ‘xxxx-xxx-xxx’ is not valid according to the validation procedure. The tracking id is ‘xxxx-xxxx-xxxx’. See inner errors for details.”, and then you may ask yourself – “how to get that inner errors for details?”.

The following PS one-liner can rescue you:

(Get-AzLog -CorrelationId trackingIDhere).Properties.Content.Values

arm template deployment error

If you don’t have Az module installed, you may use Azure RM module and cmdlet Get-AzureRMLog with the same parameters as for Get-AzLog.