Skip to content

Configure Your Environment

Example Variables

The project includes example variables files that you can use as a starting point for your own configuration.

The variables are defined in .pkrvars.hcl files.

Run the config script ./config.sh to copy the .pkrvars.hcl.example files to a config directory.

./config.sh

The config/ folder is the default folder. You can override the default by passing an alternate value as the first argument.

You can set the region for your configuration and build scripts by passing the region code as an argument to the scripts. Here are examples for two regions:

  1. For San Francisco, CA (us-west-1), run:

    ./config.sh us-west-1
    ./build.sh us-west-1
    
  2. For Los Angeles, CA (us-west-2), run:

    ./config.sh us-west-2
    ./build.sh us-west-2
    

Configuration Variables

Build

Edit the config/build.pkrvars.hcl file to configure the credentials for the default account on machine images.

Example Passwords and Keys.

Replace the example passwords and keys.

config/build.pkrvars.hcl
1
2
3
4
5
// Default Account Credentials
build_username           = "packer"
build_password           = "VMw@re123!"
build_password_encrypted = "$6$KspR8KgZFVxDOiiF$n4hhyeSGgamrz25mqvOfnK5xm6blwDJftlQZy0H60pwRdPKXsf996/lLzFrfW0H/ZHoE.jEPgVmFZpmgce6jX0"
build_key                = "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBADwXV3rbRCWwhSr6aMkHukV5O7OGAEyUtAerj2anJHm3mwbOxlBU/uO4f0ELqo2GJcTALMC0aFrbvu9qonIH5VF7wBBfCP1cS5B92sUagVV9ldI/uo89e/7dVYC9maPsFaZq2G0/PLU0hZKOohq99Oxc2RMSiJaaenX/hNqx5xYSaK+CA== packer@example.com"

You can also override the build_key value with contents of a file.

config/build.pkrvars.hcl
build_key = file("${path.root}/config/ssh/build_id_ecdsa.pub")

Generate a SHA-512 encrypted password for the build_password_encrypted using OpenSSL.

SALT=$(openssl rand -base64 6); \
ENCRYPTED_PASSWORD=$(echo -n "<your_password>" | openssl passwd -6 -stdin -salt $SALT); \
echo "Generated Salt: $SALT"; \
echo "Encrypted Password: $ENCRYPTED_PASSWORD"

The following output is displayed:

Generated Salt: <generated_salt>
Encrypted Password: <encrypted_password>

Generate a public key for the build_key for public key authentication.

ssh-keygen -t ecdsa -b 521 -C "<name@example.com>"

The following output is displayed:

Generating public/private ecdsa key pair.
Enter file in which to save the key (/Users/example/.ssh/id_ecdsa):
Enter passphrase (empty for no passphrase): **************
Enter same passphrase again: **************
Your identification has been saved in /Users/example/.ssh/id_ecdsa.
Your public key has been saved in /Users/example/.ssh/id_ecdsa.pub.

The content of the public key, build_key, is added the key to the ~/.ssh/authorized_keys file of the build_username on the Linux guest operating systems.

Ansible

Edit the config/ansible.pkrvars.hcl file to configure the credentials for the Ansible account on Linux machine images.

config/ansible.pkrvars.hcl
ansible_username = "ansible"
ansible_key      = "<public_key>"
Ansible User Password

A random password is auto-generated for the Ansible user.

You can also override the ansible_key value with contents of a file, if required.

config/ansible.pkrvars.hcl
ansible_key = file("${path.root}/config/ssh/ansible_id_ecdsa.pub")

Common

Edit the config/common.pkrvars.hcl file to configure the following common variables:

config/common.pkrvars.hcl
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
// Virtual Machine Settings
common_vm_version           = 19
common_tools_upgrade_policy = true
common_remove_cdrom         = true

// Template and Content Library Settings
common_template_conversion         = false
common_content_library             = "sfo-w01-lib01"
common_content_library_enabled     = true
common_content_library_ovf         = true
common_content_library_destroy     = true
common_content_library_skip_export = false

// OVF Export Settings
common_ovf_export_enabled   = false
common_ovf_export_overwrite = true

// Removable Media Settings
common_iso_datastore               = "sfo-w01-cl01-ds-nfs01"
common_iso_content_library         = "sfo-w01-lib01"
common_iso_content_library_enabled = false

// Boot and Provisioning Settings
common_data_source       = "http"
common_http_ip           = null
common_http_port_min     = 8000
common_http_port_max     = 8099
common_ip_wait_timeout   = "20m"
common_ip_settle_timeout = "5s"
common_shutdown_timeout  = "15m"

// HCP Packer
common_hcp_packer_registry_enabled = false

Data Source

The default provisioning data source for Linux machine image builds is http. This is used to serve the kickstart files to the Linux guest operating system during the build.

config/common.pkrvars.hcl
common_data_source = "http"
IPTables

Packer includes a built-in HTTP server that is used to serve the kickstart files for Linux machine image builds.

If iptables is enabled on your Packer host, you will need to open common_http_port_min through common_http_port_max ports.

iptables -A INPUT -p tcp --match multiport --dports 8000:8099 -j ACCEPT

You can change the common_data_source from http to disk to build supported Linux machine images without the need to use Packer's HTTP server. This is useful for environments that may not be able to route back to the system from which Packer is running. For example, building a machine image in VMware Cloud on AWS.

config/common.pkrvars.hcl
common_data_source = "disk"

The Packer plugin's cd_content option is used when selecting disk unless the distribution does not support a secondary CD-ROM. For distributions that do not support a secondary CD-ROM the floppy_content option is used.

HTTP Binding

If you need to define a specific IPv4 address from your host for Packer's built-in HTTP server, modify the common_http_ip variable from null to a string value that matches an IP address on your Packer host.

config/common.pkrvars.hcl
common_http_ip = "172.16.11.254"

Proxy (Optional)

Edit the config/proxy.pkrvars.hcl file to configure the following:

config/proxy.pkrvars.hcl
1
2
3
4
5
// Proxy Credentials
// communicator_proxy_host     = "proxy.example.com"
// communicator_proxy_port     = 8080
// communicator_proxy_username = "packer"
// communicator_proxy_password = "_P@cker_Ex#mple$_"

VMware vSphere

Edit the builds/vsphere.pkrvars.hcl file to configure the following:

config/vsphere.pkrvars.hcl
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
// vSphere Credentials
vsphere_endpoint            = "sfo-w01-vc01.example.com"
vsphere_username            = "svc-packer-vsphere@example.com"
vsphere_password            = "VMw@re123!"
vsphere_insecure_connection = false

// vSphere Settings
vsphere_datacenter                     = "sfo-w01-dc01"
vsphere_cluster                        = "sfo-w01-cl01"
//vsphere_host                         = "sfo-w01-esx01"
vsphere_datastore                      = "sfo-w01-cl01-ds-vsan01"
vsphere_network                        = "sfo-w01-seg-dhcp"
vsphere_folder                         = "sfo-w01-fd-templates"
//vsphere_resource_pool                = "sfo-w01-rp01"
vsphere_set_host_for_datastore_uploads = false
vSphere Distributed Resource Scheduler Disabled or Standalone ESXi Hosts

When targeting standalone ESXi hosts or vSphere clusters with vSphere DRS disabled, you must set the vsphere_host variable.

Example (vSphere Clusters with vSphere DRS Disabled):

config/vsphere.pkrvars.hcl
...
vsphere_datacenter = "sfo-w01-dc01"
vsphere_cluster    = "sfo-w01-cl01"
vsphere_host       = "sfo-w01-esx01"
vsphere_folder     = "sfo-w01-fd-templates"
...

Example (Standalone ESXi Host Managed by vCenter Server):

For a standalone ESXi host, managed by vCenter Server, comment or remove vsphere_cluster.

config/vsphere.pkrvars.hcl
...
vsphere_datacenter = "sfo-w01-dc01"
//vsphere_cluster  = "sfo-w01-cl01"
vsphere_host       = "sfo-w01-esx01"
vsphere_folder     = "sfo-w01-fd-templates"
vsphere_datacenter = "sfo-w01-dc01"
//vsphere_cluster  = "sfo-w01-cl01"
vsphere_host       = "sfo-w01-esx01"
vsphere_folder     = "sfo-w01-fd-templates"

Machine Images

Edit each config/<type>-<build>-<version>.pkrvars.hcl files to configure the following virtual machine hardware settings, as required:

config/linux-photon-5.pkrvars.hcl
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
// Guest Operating System Metadata
vm_guest_os_name    = "photon"
vm_guest_os_version = "5.0"

// Virtual Machine Guest Operating System Setting
vm_guest_os_type      = "vmwarePhoton64Guest"

// Virtual Machine Hardware Settings
vm_firmware              = "efi-secure"

// Removable Media Settings
iso_datastore_path       = "iso/linux/photon"
iso_content_library_item = "photon-5.0-dde71ec57.x86_64"
iso_file                 = "photon-5.0-dde71ec57.x86_64.iso"
Note

All variables.auto.pkrvars.hcl default to using:

  • VMware Paravirtual SCSI controller storage device
  • VMXNET 3 network card device
  • EFI Secure Boot firmware
  • Cloud Init
  • CD-ROM Type
  • CD-ROM Count
  • CPU Core and Count
  • Memory size
  • Disk Drive Size
  • Communicator Port (22 SSH, 5985 RDP)

Linux Specific

Additional Packages

Edit the config/linux-<build>-<version>.pkrvars.hcl file to configure the additional packages to be installed on the Linux guest operating system during the build.

config/linux-ubuntu.pkrvars.hcl
// Additional Settings
additional_packages = ["git", "make", "vim"]

Red Hat Subscription Manager

Edit the config/redhat.pkrvars.hcl file to configure the credentials for your Red Hat Subscription Manager account.

config/rhsm.pkrvars.hcl
1
2
3
// Red Hat Subscription Manager Credentials
rhsm_username = "packer"
rhsm_password = "VMw@re123!"

These variables are only used if you are performing a Red Hat Enterprise Linux Server build and are used to register the image with Red Hat Subscription Manager during the build for system updates and package installation.

Before the build completes, the machine image is unregistered from Red Hat Subscription Manager.

SUSE Customer Connect

Edit the config/scc.pkrvars.hcl file to configure the following credentials for your SUSE Customer Connect account.

config/scc.pkrvars.hcl
1
2
3
// SUSE Customer Center Credentials
scc_email = "packer@example.com"
scc_code  = "VMw@re123!"

These variables are only used if you are performing a SUSE Linux Enterprise Server build and are used to register the image with SUSE Customer Connect during the build for system updates and package installation.

Before the build completes, the machine image is unregistered from SUSE Customer Connect.

Network Customization

Note

Static IP assignment is available for certain Linux machine images.

For details on which distributions are compatible, please refer to the Linux Distributions table.

Edit the config/network.pkrvars.hcl file to configure a static IP address:

  • IPv4 address, netmask, and gateway.
  • DNS list.

By default, the network is set to use DHCP for its configuration.

config/network.pkrvars.hcl
vm_ip_address = "172.16.100.192"
vm_ip_netmask = 24
vm_ip_gateway = "172.16.100.1"
vm_dns_list   = [ "172.16.11.4", "172.16.11.5" ]

Storage Customization

Note

Storage settings are available for certain Linux machine images.

For details on which distributions are compatible, please refer to the Linux Distributions table.

Edit the config/linux-storage.pkrvars.hcl file to configure a partitioning scheme:

  • Disk device and whether to use a swap partition.
  • Disk partitions and related settings.
  • Logical volumes and related settings (optional).
config/linux-storage.pkrvars.hcl
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
// VM Storage Settings
vm_disk_device   = "sda"
vm_disk_use_swap = true
vm_disk_partitions = [
  {
    name = "efi"
    size = 1024,
    format = {
      label  = "EFIFS",
      fstype = "fat32",
    },
    mount = {
      path    = "/boot/efi",
      options = "",
    },
    volume_group = "",
  },
  {
    name = "boot"
    size = 1024,
    format = {
      label  = "BOOTFS",
      fstype = "xfs",
    },
    mount = {
      path    = "/boot",
      options = "",
    },
    volume_group = "",
  },
  {
    name = "sysvg"
    size = -1,
    format = {
      label  = "",
      fstype = "",
    },
    mount = {
      path    = "",
      options = "",
    },
    volume_group = "sysvg",
  },
]
vm_disk_lvm = [
  {
    name : "sysvg",
    partitions : [
      {
        name = "lv_swap",
        size = 1024,
        format = {
          label  = "SWAPFS",
          fstype = "swap",
        },
        mount = {
          path    = "",
          options = "",
        },
      },
      {
        name = "lv_root",
        size = 15360,
        format = {
          label  = "ROOTFS",
          fstype = "xfs",
        },
        mount = {
          path    = "/",
          options = "",
        },
      },
      {
        name = "lv_home",
        size = 4096,
        format = {
          label  = "HOMEFS",
          fstype = "xfs",
        },
        mount = {
          path    = "/home",
          options = "nodev,nosuid",
        },
      },
      {
        name = "lv_opt",
        size = 2048,
        format = {
          label  = "OPTFS",
          fstype = "xfs",
        },
Note

Setting size = -1 can also be used for the last partition (Logical Volume) of vm_disk_lvm so that it fills the remaining space of the Volume Group.