Repository files navigation

Create VM templates with Packer for usage with Libvirt/KVM virtualization : AlmaLinux 9, Almalinux 10, Rocky 9, Rocky 10, Fedora 40, Noble (Ubuntu 2404), Debian 12 (Bookworm).

Only for education and learning purposes. Do not use it in production.

Packer is an open source tool for creating identical machine images for multiple platforms from a single source configuration called a template. (Introduction to Packer, What is Packer?). It uses different plugins as builders, provisioners or post-processors.

While the JSON format template is still supported, certain new features in the Packer core will only be implemented for the newer HCL2 format. Therefore, this project has been updated toHCL2.

Builders are responsible for creating machines and generating images from them for various platforms. For example, there are separate builders for EC2, VMware, VirtualBox, Qemu, etc. Packer comes with many builders by default, and can also be extended to add new builders. (Builders)

Packer can enable an http server to serve kickstart, preseed or cloud-init configuration files at boot.

Provisioners use builtin and third-party software to install and configure the machine image after booting. (Provisioners)

Post-processors run after the image is built by the builder and provisioned by the provisioner(s). (Post-Processors)

This is a Packer "Proof of Concept" with :

• qemu/kvm as imagebuilder (qcow2)
• "shell" and "ansible-local" asprovisionners
• "shell-local" aspost-processor to generate agns3a appliance file, checksum and upload to a server

Optionnal :

• run this inside a docker container
• build your own container

Enjoy those images with :

• Libvirt native tools
• Terraform as IaC tool with a third party Libvirtd Provider plugin

The built images are intended to be published on a S3 bucket.

The run this project with success, you need a virtualization server and some softwares installed :

• Libvirt/KVM, Packer and aws s3 cli
• Docker (to run the build inside a container)

Use./setup.sh for a quick setup of Libvirt/KVM, Packer andaws s3 cli but please read before the following manual instructions.

For Docker usage, install it and put your aws S3 credits in your~/.profile.

Anyway, you can remove the post-processor in your image JSON template to avoid S3 upload attemps.

Configure your S3 credits :

echo"export AWS_ACCESS_KEY=<your AWS_ACCESS_KEY>">>~/.profileecho"export AWS_SECRET_KEY=<your AWS_SECRET_KEY>">>~/.profilesource~/.profile

Install Livirt/KVM on your server :

if [-f /etc/debian_version ];thenapt-get update&& apt-get -y upgradeapt-get -y install qemu-kvm libvirt-dev virtinst virt-viewer libguestfs-tools virt-manager uuid-runtime curl linux-source libosinfo-binvirsh net-start defaultvirsh net-autostart defaultelif [-f /etc/redhat-release ];thenyum -y install epel-releaseyum -y upgradeyum -y group install"Virtualization Host"yum -y install virt-manager libvirt virt-install qemu-kvm xauth dejavu-lgc-sans-fonts virt-top libguestfs-tools virt-viewer virt-manager curlln -s /usr/libexec/qemu-kvm /usr/bin/qemu-system-x86_64fi

Install the Packer binary :

yum -y install wget unzip|| apt update&& apt -y install wget unziplatest=$(curl -L -s https://releases.hashicorp.com/packer| grep'packer_'| sed's/^.*<.*\">packer_\(.*\)<\/a>/\1/'| head -1)wget https://releases.hashicorp.com/packer/${latest}/packer_${latest}_linux_amd64.zipunzip packer*.zipchmod +x packermv packer /usr/local/bin/

Install the plugins:

packer plugins install github.com/hashicorp/qemupacker plugins install github.com/hashicorp/ansible

Get Docker and docker-compose :

curl -fsSL https://get.docker.com -o get-docker.sh&& sh get-docker.shif [-f /etc/debian_version ];thenapt-get update&& apt-get -y install python3-pipelif [-f /etc/redhat-release ];thenyum -y install python3-pipfipip3 install docker-compose

Each HCL file is a template for a distribution :

• almalinux9.pkr.hcl
• almalinux10.pkr.hcl
• centos10.pkr.hcl
• rocky9.pkr.hcl
• rocky10.pkr.hcl
• centos9.pkr.hcl
• fedora40.pkr.hcl
• ubuntu2404.pkr.hcl
• debian12.pkr.hcl

For example :

packer build almalinux9.pkr.hcl

nota bene: those file are generated by the ansible playbookbuild-packer-templates.yaml.

goffinet/packer-qemu is a Docker image for building qemu images with packer and is available on Docker Hub.

docker run --rm \  -e PACKER_LOG=1 \  -e PACKER_LOG_PATH="packer-docker.log" \  -it \  --privileged \  --cap-add=ALL -v /lib/modules:/lib/modules \  -v`pwd`:/opt/ \  -e AWS_ACCESS_KEY=$AWS_ACCESS_KEY \  -e AWS_SECRET_KEY=$AWS_SECRET_KEY \  -w /opt/ goffinet/packer-qemu build almalinux9.pkr.hcl

The scriptbuild.sh do it with the template filename as first argument.

./build.sh almalinux9.pkr.hcl

To build the image localy with theDockerfile :

docker build -t packer-qemu.

Packer use VNC to launch a temporary VM, you can check this window with a VNC client likevinagre.

You can have more details from Packet with the env var configured :PACKER_LOG=1.

I build images for qemu/KVM with this project and Ipublish them for use in those other IaC projects:Kcli orTerraform with Libvirt/KVM provider.

• almalinux9.qcow2[md5sum][sha256sum]
• almalinux10.qcow2[md5sum][sha256sum]
• ubuntu2204.qcow2 (Jammy)[md5sum][sha256sum]
• rocky9.qcow2[md5sum][sha256sum]
• rocky10.qcow2[md5sum][sha256sum]
• fedora40.qcow2[md5sum][sha256sum]
• ubuntu2404.qcow2 (Noble)[md5sum][sha256sum]
• debian12.qcow2 (Bookworm)[md5sum][sha256sum]

You can easily download them to/var/lib/libvirt/images with this script :

curl -s -o /usr/local/bin/download-images.sh https://raw.githubusercontent.com/goffinet/virt-scripts/master/download-images.shchmod +x /usr/local/bin/download-images.shdownload-images.sh

How to exploit those built images?

• In the old way with Libvirt and some bash scripts
• In a beter way with a tool like Terraform

This is always beter to know how Libvirt is working. Can you read fundamentals aboutKVM virtualization in french.

Please use thekcli project.

For example:

image="almalinux10"# Get kcli toolcurl https://raw.githubusercontent.com/karmab/kcli/main/install.sh| sudo bash# Get the imagekcli download image -P url=http://download.goffinet.org/kvm/${image}.qcow2${image}# Create a test vmkcli create vm -i${image} -P memory=2048 -P numcpus=1 -P disks=[50]${image}# Test SSH connexion and delete the test VMchmod 600 sshkeys/id_rsasleep 30&&if ["$(kcli ssh -u root -i sshkeys/id_rsa${image}'echo test')"=="test"  ];thenecho SUCCESS;elseecho ERROR; kcli delete vm -y${image};fi

This section should be revised

https://github.com/goffinet/terraform-libvirt

Install Terraform 0.13 with a third party Libvirt provider plugin :

echo"security_driver =\"none\"">> /etc/libvirt/qemu.confsystemctl restart libvirtdsudo yum -y install wget unzip|| sudo apt update&& sudo apt -y install wget unzipwget https://releases.hashicorp.com/terraform/0.13.2/terraform_0.13.2_linux_amd64.zipunzip terraform_0.13.2_linux_amd64.zipchmod +x terraformmv terraform /usr/local/bin/wget https://github.com/dmacvicar/terraform-provider-libvirt/releases/download/v0.6.2/terraform-provider-libvirt-0.6.2+git.1585292411.8cbe9ad0.Ubuntu_18.04.amd64.tar.gztar xvf terraform-provider-libvirt-0.6.2+git.1585292411.8cbe9ad0.Ubuntu_18.04.amd64.tar.gzmkdir -p~/.local/share/terraform/plugins/registry.terraform.io/dmacvicar/libvirt/0.6.2/linux_amd64cp -r terraform-provider-libvirt~/.local/share/terraform/plugins/registry.terraform.io/dmacvicar/libvirt/0.6.2/linux_amd64/

Compose your libvirt infrastructure :

git clone https://github.com/goffinet/terraform-libvirtcd terraform-libvirt/ubuntu_cloudinitterraform plancd ../countterraform plan

Thescripts/push-image.sh generate somme meta-data and push the generated image to a pre-defined S3 Bucket.

To customize this process, you can change the content as it :

#!/bin/bashname=$IMAGE_NAMEversion=$IMAGE_VERSIONimage="${name}${version}"echo"artifacts/qemu/${image} post-processing ..."

Anyway, you can remove the post-processor in your image JSON template to avoid this script call.

To generate the ssh keys for provisionning and put it in thesshkeys/ folder :

ssh-keygen -q -t rsa -N'' -C'packer-kvm-default-key' -f sshkeys/id_rsa

To get the default ssh private key :

curl https://raw.githubusercontent.com/goffinet/packer-kvm/master/sshkeys/id_rsa

To get the default ssh public key :

curl https://raw.githubusercontent.com/goffinet/packer-kvm/master/sshkeys/id_rsa.pub

Anbuild-packer-templates.yaml Ansible playbook generates the files for each distribution using a custombuild_packer_templates role.

• unique model : for efficience, a unique template should be sufficient with a data source with these elements (https://devops.stackexchange.com/q/4312).
• random secret for provisonning (https://www.packer.io/docs/templates/engine#template-variables)
• remove swap post-processing
• add versions of post-processing and images meta-datas
• include Windows templates: seergl/windows-vagrant

Wath are the variants in those templates?

• theiso_urls and theiso_checksum template parameters
• thessh_username,ssh_password andssh_private_key_file template parameters as well assshkey in kickstart files.
• theboot_command and provisioner commands as template parameters
• the configuration file type : kickstart, preseed or cloud-init

• https://github.com/idi-ops/packer-kvm-centos
• https://github.com/jakobadam/packer-qemu-templates
• https://github.com/leonkyneur/packer-qemu
• https://github.com/kaorimatz/packer-templates
• https://github.com/bramford/packer-debian9
• https://github.com/bpetit/packer-templates
• https://github.com/NeCTAR-RC/nectar-images/