Repository files navigation

This repository contains examples to help you get started with automating the creation of virtual machine (VM) templates in aVMware Cloud on AWSsoftware-defined datacenter (SDDC) (orvSphere cluster) withHashiCorpPacker. Each example leverages thevsphere-iso builder and includes the high performancevmxnet3 network adapter and NVMe controller. TheVMware Paravirtual SCSI controller was tested with these too though.

Of note, the prerequisites and default variable values in the exampledefinition files are oriented to aVMware Cloud on AWSsoftware-defined datacenter (SDDC), but these examples should also be usable in most VMware vSphere environments with little to no modifications required.

• The example definition files provide the minimum necessary configuration for demonstration purposes. These VM templates are not hardened or otherwise intended for production purposes as-is. Building production-grade VM templates is possible, but out of scope for this project.
• Since these are examples, the host-based firewall is disabled and unconfigured. Additionally, since the intended use case isVMware Cloud on AWS, the expectation is that the NSX-Tgateway anddistributed firewalls would be used instead.
• A timestamp is appended to the VM template name so that you know exactly when it was built, and to prevent name collisions for subsequent builds.
• The AWS CLI is installed to provide an example of installing a package during theprovisioners phase, but it's not necessary.

• As of 2020-09-04, Canonical's new automated Ubuntu server installation system that leveragescloud-init configuration,Subiquity, is not interoperable with VMware'sguest customization feature. VMware has an existingopen source project for providing some interoperability withcloud-init. If guest customization is a requirement for your environment, use theubuntu-server-legacy template instead, which leverages the legacydebian-installer preseeding system.

• Sysprep (generalize) is not run at the end of the build because the expectation is that the security identity (SID) will be reset via theguest customization specification created in the prerequisites below.
• Chocolatey is installed for programmatically installing software packages, but its not necessary.
• TheOpenSSH Server feature is installed as a remote management option for your VMs, but this isn't necessary either.

• Packer v1.6.3 or greater if building with the NVMe storage controllers
  • Each Packer template was tested with Packer v1.6.2 when building with theVMware Paravirtual SCSI controller.

• AVMware Cloud on AWSsoftware-defined datacenter (SDDC) (or avSpherecluster)
• Anetwork segment (orport group) withDHCP and internet connectivity
  • Note: If specific destinations and ports are needed for building outbound firewall policy, please refer to the definition files as these may change over time, and the definition files will always be authoritative.
• Packer installed in a location with the following connectivity:
  • HTTPS (443/tcp) connectivity tovCenter
  • SSH (22/tcp) connectivity to the target network segment listed above for communicating with the VM during theprovisioners phase
  • WinRM-HTTPS (5986/tcp) connectivity to the target network segment listed above for communicating with Windows VMs during theprovisioners phase
• Sufficient storage capacity for storing the VM guest operating sytem installationISO image files, as well as the VM templates' virtual hard disks and other files in yourvSANWorkloadDatastore (or a writeabledatastore)
  • Note: As of 2020-08-24, thevsphere-iso builder supportscontent libraries as a source location for ISO files. This feature isn't well-documented yet, but was released as part ofv1.6.2.
• vCenter credentials withcloudadmin (oradministrative) rights
  • Custom fine-grained permissions are possible, but beyond the scope of this project

• Create a Linux guest customization specification.

• Create a Windows guest customization specification that generates a new security identity (SID).
• On a Windows server or client where you have administrative rights...
  • Download the latestWindows Assessment and Deployment Kit (Windows ADK).
    • Note: Only theDeployment tools feature that includes the Windows System Image Manager (SIM) is necessary.

• Download the ISO image files for the VM template(s) that you want to build:

  • Examples:
    • ubuntu-server
      • Ubuntu Server 20.04.1 LTS
    • ubuntu-server-legacy
      • Ubuntu Server 20.04.1 LTS (legacy Debian installer)
    • windows-server
      • Windows Server 2019
      • VMware Tools 11.1.0 (orwhichever version is appropriate for your vSphere cluster)

• Upload the VM guest operating system installation ISO files to a directory/folder namedISO in the target datastore

• Create one or more.pkrvars.hcl variable definition files for defining values for variables that you want to persist between builds

• Example variable definition file for building an Ubuntu Server 18.04 LTS VM template with theubuntu-server-legacy.pkr.hcl definition file:

  # ./ubuntu-server-18-legacy.pkrvars.hcl# http://cdimage.ubuntu.com/releases/18.04/release/ubuntu-18.04.5-server-amd64.isoiso_filename ="ubuntu-18.04.5-server-amd64.iso"vm_name ="template-ubuntu-server-18.04-amd64-legacy"

.├── http/│   ├── scripts/│   │   └── linux/│   │       └── awscli.sh│   └── ubuntu-server/│       ├── meta-data│       └── user-data└── ubuntu-server.pkr.hcl

• Note: The./http/ubuntu-server/user-data and./http/ubuntu-server/meta-data are thecloud-init configuration files that are used to provide all of the input necessary to build the VM template without manual intervention, and./http/ubuntu-server/meta-data file is supposed to be empty.

• Create a password hash with mkpasswd

  • Example:

    $ mkpasswd --method=SHA-512 --rounds=4096Password:[password hash]

• In the./http/ubuntu-server/user-data file, set the password for theubuntu user account:

  # ./http/ubuntu-server/user-dataautoinstall:identity:password:[password hash]

.├── http/│   ├── scripts/│   │   └── linux/│   │       └── awscli.sh│   └── ubuntu-server-legacy/│       └── ubuntu-server-legacy.seed└── ubuntu-server-legacy.pkr.hcl

• Note: The./http/ubuntu-server-legacy/ubuntu-server-legacy.seed file is thedebian-installer preseed configuration file that is used to provide all of the input necessary to build the VM template without manual intervention.

• Create a password hash with mkpasswd

  • Example:

    $ mkpasswd --method=SHA-512 --rounds=4096Password:[password hash]

• In the./http/ubuntu-server-legacy/ubuntu-server-legacy.seed file, set the password for theubuntu user account:

  # ./http/ubuntu-server-legacy/ubuntu-server-legacy.seedd-i passwd/user-password-crypted password [password hash]

.├── http/│   ├── scripts/│   │   └── windows/│   │       ├── Initialize-WinRM.ps1│   │       ├── Install-AWSCLI.ps1│   │       ├── Install-Chocolatey.ps1│   │       ├── Install-OpenSSHServer.ps1│   │       └── Reset-AutoLogonCount.ps1│   └── windows-server/│       └── 2019/│           ├── autounattend.xml│           └── install_Windows Server 2019 SERVERDATACENTER.clg└── windows-server.pkr.hcl

• Note: The example answer file (./http/scripts/windows-server/autounattend.xml) and catalog file (./http/scripts/windows-server/install_Windows Server 2019 SERVERDATACENTER.clg) are configured for a silent install of Windows Server 2019 Datacenter Evaluation Edition that also installs VMware Tools and temporarily enables WinRM (for the Packer provisioner phase). When you want to programmatically build other types of Windows VMs, please checkout theUnattended Windows Setup Reference.
• In Window System Image Manager, go toFile > Open Select Windows Image... and open./http/windows-server/2019/install_Windows Server 2019 SERVERDATACENTER.clg
• Then go toFile > Open Answer File... and open the example answer file:./http/windows-server/2019/autounattend.xml
• In the Windows Image pane, expandamd64_Microsoft-Windows-Shell-Setup_10.0.17763.1_neutral > UserAccounts, then right-clickAdministratorPassword and selectAdd Setting to Pass 7 oobeSystem, and thenset the password
  • Value = [desired password]
    • Note: By default, the passwords will be masked when saved via a hash.
• In the Windows Image pane, expandamd64_Microsoft-Windows-Shell-Setup_10.0.17763.1_neutral > AutoLogon, then right-clickPassword and selectAdd Setting to Pass 7 oobeSystem, and thenset the password
  • Value = [desired password]
• Then go toFile > Save Answer File to save the changes

• Runpacker build with the appropriate parameters

  • Example:

    packer build -var-file='./sddc.pkrvars.hcl' -var-file='./ubuntu.pkrvars.hcl''./ubuntu-server.pkr.hcl'

• A few minutes later, you'll have a fresh, new VM template.

• Voila! You're done.

• Please seeDebugging Packer Builds.

• Deploy a VM from your new VM template(s) and apply your guest customization specification that you created in the prerequisites (except when building with theubuntu-server definition files due to the guest customization issue mentioned above)
• Customize the definition files and build new VM templates.
• Start building all of your VM templates programmatically!

• ubuntu-server:cloud-init documentation
• ubuntu-server-legacy:debian-installer preseed documentation
• windows-server:Unattended Windows Setup

SeeCONTRIBUTING for more information.

This library is licensed under the MIT-0 License. See the LICENSE file.