HashiCorp Packer in Production by John Boero

Author:John Boero
Language: eng
Format: epub
Publisher: Packt
Published: 2023-03-15T00:00:00+00:00

Pitfalls and things to avoid

A lot of example templates in GitHub and community resources only build one item at a time. It’s actually more helpful to build everything you can in one template and run just the builds you need. Unfortunately, Packer doesn’t combine all HCL files or all files in the current directory as Terraform does. This means you need to put all sources and build combinations in one file, which can be problematic as templates grow. Unfortunately, you also can’t include or refer to other templates, which might distribute complexity among other files. What you can do is make use of HCL2’s language features.

Luckily, there are a few tools that HCL2 or JSON in Packer 1.7+ give you to simplify complex builds. Dynamic features aren’t available in JSON templates, but you can actually use the HCL2 for_each construct. for_each in HCL2 isn’t quite like any other foreach in a language you’ve used before. HCL2’s for_each tends to be a dynamic code block that basically copies and pastes itself for each of the items in a list or array you give it. Instead, here, you need to prepare for what it represents via an example:

build { source "vsphere-clone.delta" { for_each = local.similar_builds vm_name = value.vm_name } }

This tricky bit of code uses a nested value, build.source.for_each, to replicate the actual source. This essentially builds a complex set of code using a parallel array. Each element in the local similar_builds variable (which is a list/array) creates an instance source. Unfortunately, HCL2’s dynamic code construct isn’t very helpful in its current state.

HCL2 does not currently support any embed, include, or requires construct to share common HCL2 files, so you must include all of your code in a single file. This can often result in very large unmanageable Packer templates. Using build automation can assist with this, and it’s easy to combine multiple files into one template for each run and eliminate duplicate code.

Here’s an example:

$ cat aws.hcl az.hcl build.hcl pro_app1.hcl > combined.hcl $ packer build combined.hcl

This technique can be used in situations where HCL2 can’t be combined by the tool or parser, but multiple files are distinct in the access or development cycle. Another technique is to use JSON templates and combine multiple JSON documents. We will cover a bit more of this next in Chapter 7, Building an Image Hierarchy.

Vault also has some things to consider when integrating with Packer. Beware that Packer’s vault function performs a read even during validation. This means that if you include a Vault lookup, it will be read with every packer validate instance. If you use dynamic secrets, this could potentially result in a newly generated secret with each validation, so be careful when using automation to validate templates.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.