builder/azure: Delete readme
Duplicated in packer.io docs
This commit is contained in:
Paul Meyer
GitHub
parent
97f5d9fcc3
commit
cb6db06d11
|
|
@ -1,191 +0,0 @@
|
|||
# packer-azure-arm
|
||||
|
||||
The ARM flavor of packer-azure utilizes the
|
||||
[Azure Resource Manager APIs](https://msdn.microsoft.com/en-us/library/azure/dn790568.aspx).
|
||||
Please see the
|
||||
[overview](https://azure.microsoft.com/en-us/documentation/articles/resource-group-overview/)
|
||||
for more information about ARM as well as the benefit of ARM.
|
||||
|
||||
## Device Login vs. Service Principal Name (SPN)
|
||||
|
||||
There are two ways to get started with packer-azure. The simplest is device login, and only requires a Subscription ID.
|
||||
Device login is only supported for Linux based VMs. The second is the use of an SPN. We recommend the device login
|
||||
approach for those who are first time users, and just want to ''kick the tires.'' We recommend the SPN approach if you
|
||||
intend to automate Packer, or you are deploying Windows VMs.
|
||||
|
||||
## Device Login
|
||||
|
||||
A sample template for device login is show below. There are three pieces of information
|
||||
you must provide to enable device login mode.
|
||||
|
||||
1. SubscriptionID
|
||||
1. Resource Group - parent resource group that Packer uses to build an image.
|
||||
1. Storage Account - storage account where the image will be placed.
|
||||
|
||||
> Device login mode is enabled by not setting client_id, client_secret, and tenant_id.
|
||||
|
||||
The device login flow asks that you open a web browser, navigate to http://aka.ms/devicelogin, and input the supplied
|
||||
code. This authorizes the Packer for Azure application to act on your behalf. An OAuth token will be created, and
|
||||
stored in the user's home directory (~/.azure/packer/oauth-TenantID.json, and TenantID will be replaced with the actual
|
||||
Tenant ID). This token is used if it exists, and refreshed as necessary.
|
||||
|
||||
```json
|
||||
{
|
||||
"variables": {
|
||||
"sid": "your_subscription_id",
|
||||
"rgn": "your_resource_group",
|
||||
"sa": "your_storage_account"
|
||||
},
|
||||
"builders": [
|
||||
{
|
||||
"type": "azure-arm",
|
||||
|
||||
"subscription_id": "{{user `sid`}}",
|
||||
|
||||
"resource_group_name": "{{user `rgn`}}",
|
||||
"storage_account": "{{user `sa`}}",
|
||||
|
||||
"capture_container_name": "images",
|
||||
"capture_name_prefix": "packer",
|
||||
|
||||
"os_type": "Linux",
|
||||
"image_publisher": "Canonical",
|
||||
"image_offer": "UbuntuServer",
|
||||
"image_sku": "14.04.3-LTS",
|
||||
|
||||
"location": "South Central US",
|
||||
"vm_size": "Standard_A2"
|
||||
}
|
||||
],
|
||||
"provisioners": [
|
||||
{
|
||||
"execute_command": "chmod +x {{ .Path }}; {{ .Vars }} sudo -E sh '{{ .Path }}'",
|
||||
"inline": [
|
||||
"apt-get update",
|
||||
"apt-get upgrade -y",
|
||||
|
||||
"/usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync"
|
||||
],
|
||||
"inline_shebang": "/bin/sh -x",
|
||||
"type": "shell"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
## Service Principal Name
|
||||
|
||||
The ARM APIs use OAUTH to authenticate, and requires an SPN. The following articles
|
||||
are a good starting points for creating a new SPN.
|
||||
|
||||
* [Automating Azure on your CI server using a Service Principal](http://blog.davidebbo.com/2014/12/azure-service-principal.html)
|
||||
* [Authenticating a service principal with Azure Resource Manager](https://azure.microsoft.com/en-us/documentation/articles/resource-group-authenticate-service-principal/)
|
||||
|
||||
There are three (four in the case of Windows) pieces of configuration you need to note
|
||||
after creating an SPN.
|
||||
|
||||
1. Client ID (aka Service Principal ID)
|
||||
1. Client Secret (aka Service Principal generated key)
|
||||
1. Client Tenant (aka Azure Active Directory tenant that owns the
|
||||
Service Principal)
|
||||
1. Object ID (Windows only) - a certificate is used to authenticate WinRM access, and the certificate is injected into
|
||||
the VM using Azure Key Vault. Access to the key vault is protected by an ACL associated with the SPN's ObjectID.
|
||||
Linux does not need nor use a key vault, so there's no need to know the ObjectID.
|
||||
|
||||
You will also need the following.
|
||||
|
||||
1. Subscription ID
|
||||
1. Resource Group
|
||||
1. Storage Account
|
||||
|
||||
Resource Group is where your storage account is located, and Storage
|
||||
Account is where the created packer image will be stored.
|
||||
|
||||
The Service Principal has been tested with the following [permissions](https://azure.microsoft.com/en-us/documentation/articles/role-based-access-control-configure/).
|
||||
Please review the document for the [built in roles](https://azure.microsoft.com/en-gb/documentation/articles/role-based-access-built-in-roles/)
|
||||
for more details.
|
||||
|
||||
* Owner
|
||||
|
||||
> NOTE: the Owner role is too powerful, and more explicit set of roles
|
||||
> is TBD. Issue #183 is tracking this work. Permissions can be scoped to
|
||||
> a specific resource group to further limit access.
|
||||
|
||||
### Sample Ubuntu
|
||||
|
||||
The following is a sample Packer template for use with the Packer
|
||||
Azure for ARM builder.
|
||||
|
||||
```json
|
||||
{
|
||||
"variables": {
|
||||
"cid": "your_client_id",
|
||||
"cst": "your_client_secret",
|
||||
"tid": "your_client_tenant",
|
||||
"sid": "your_subscription_id",
|
||||
|
||||
"rgn": "your_resource_group",
|
||||
"sa": "your_storage_account"
|
||||
},
|
||||
"builders": [
|
||||
{
|
||||
"type": "azure-arm",
|
||||
|
||||
"client_id": "{{user `cid`}}",
|
||||
"client_secret": "{{user `cst`}}",
|
||||
"subscription_id": "{{user `sid`}}",
|
||||
"tenant_id": "{{user `tid`}}",
|
||||
|
||||
"resource_group_name": "{{user `rgn`}}",
|
||||
"storage_account": "{{user `sa`}}",
|
||||
|
||||
"capture_container_name": "images",
|
||||
"capture_name_prefix": "packer",
|
||||
|
||||
"os_type": "Linux",
|
||||
"image_publisher": "Canonical",
|
||||
"image_offer": "UbuntuServer",
|
||||
"image_sku": "14.04.3-LTS",
|
||||
|
||||
"location": "South Central US",
|
||||
|
||||
"vm_size": "Standard_A2"
|
||||
}
|
||||
],
|
||||
"provisioners": [
|
||||
{
|
||||
"execute_command": "chmod +x {{ .Path }}; {{ .Vars }} sudo -E sh '{{ .Path }}'",
|
||||
"inline": [
|
||||
"apt-get update",
|
||||
"apt-get upgrade -y",
|
||||
|
||||
"/usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync"
|
||||
],
|
||||
"inline_shebang": "/bin/sh -x",
|
||||
"type": "shell"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
Using the above template, Packer would be invoked as follows.
|
||||
|
||||
> NOTE: the following variables must be **changed** based on your
|
||||
> subscription. These values are just dummy values, but they match
|
||||
> format of expected, e.g. if the value is a GUID the sample is a
|
||||
> GUID.
|
||||
|
||||
```bat
|
||||
packer build^
|
||||
-var cid="593c4dc4-9cd7-49af-9fe0-1ea5055ac1e4"^
|
||||
-var cst="GbzJfsfrVkqL/TLfZY8TXA=="^
|
||||
-var sid="ce323e74-56fc-4bd6-aa18-83b6dc262748"^
|
||||
-var tid="da3847b4-8e69-40bd-a2c2-41da6982c5e2"^
|
||||
-var rgn="My Resource Group"^
|
||||
-var sa="mystorageaccount"^
|
||||
c:\packer\ubuntu_14_LTS.json
|
||||
```
|
||||
|
||||
Please see the
|
||||
[config_sameples/arm](https://github.com/Azure/packer-azure/tree/master/config_examples)
|
||||
directory for more examples of usage.
|
||||
Loading…
Reference in New Issue