diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md new file mode 100644 index 000000000..e0c51bc78 --- /dev/null +++ b/.github/CONTRIBUTING.md @@ -0,0 +1,217 @@ +# Contributing to Packer + +**First:** if you're unsure or afraid of _anything_, just ask or submit the +issue or pull request anyways. You won't be yelled at for giving your best +effort. The worst that can happen is that you'll be politely asked to change +something. We appreciate any sort of contributions, and don't want a wall of +rules to get in the way of that. + +However, for those individuals who want a bit more guidance on the best way to +contribute to the project, read on. This document will cover what we're looking +for. By addressing all the points we're looking for, it raises the chances we +can quickly merge or address your contributions. + +## Issues + +### Reporting an Issue + +* Make sure you test against the latest released version. It is possible we + already fixed the bug you're experiencing. + +* Run the command with debug output with the environment variable `PACKER_LOG`. + For example: `PACKER_LOG=1 packer build template.json`. Take the _entire_ + output and create a [gist](https://gist.github.com) for linking to in your + issue. Packer should strip sensitive keys from the output, but take a look + through just in case. + +* Provide a reproducible test case. If a contributor can't reproduce an issue, + then it dramatically lowers the chances it'll get fixed. And in some cases, + the issue will eventually be closed. + +* Respond promptly to any questions made by the Packer team to your issue. Stale + issues will be closed. + +### Issue Lifecycle + +1. The issue is reported. + +2. The issue is verified and categorized by a Packer collaborator. + Categorization is done via tags. For example, bugs are marked as "bugs" and + easy fixes are marked as "easy". + +3. Unless it is critical, the issue is left for a period of time (sometimes many + weeks), giving outside contributors a chance to address the issue. + +4. The issue is addressed in a pull request or commit. The issue will be + referenced in the commit message so that the code that fixes it is clearly + linked. + +5. The issue is closed. + +## Setting up Go to work on Packer + +If you have never worked with Go before, you will have to complete the following +steps in order to be able to compile and test Packer. These instructions target +POSIX-like environments (Mac OS X, Linux, Cygwin, etc.) so you may need to +adjust them for Windows or other shells. + +1. [Download](https://golang.org/dl) and install Go. The instructions below are + for go 1.7. Earlier versions of Go are no longer supported. + +2. Set and export the `GOPATH` environment variable and update your `PATH`. For + example, you can add the following to your `.bash_profile` (or comparable + shell startup scripts): + +``` +export GOPATH=$HOME/go +export PATH=$PATH:$GOPATH/bin +``` + +3. Download the Packer source (and its dependencies) by running + `go get github.com/hashicorp/packer`. This will download the Packer source to + `$GOPATH/src/github.com/hashicorp/packer`. + +4. When working on Packer, first `cd $GOPATH/src/github.com/hashicorp/packer` + so you can run `make` and easily access other files. Run `make help` to get + information about make targets. + +5. Make your changes to the Packer source. You can run `make` in + `$GOPATH/src/github.com/hashicorp/packer` to run tests and build the Packer + binary. Any compilation errors will be shown when the binaries are + rebuilding. If you don't have `make` you can simply run + `go build -o bin/packer .` from the project root. + +6. After running building Packer successfully, use + `$GOPATH/src/github.com/hashicorp/packer/bin/packer` to build a machine and + verify your changes work. For instance: + `$GOPATH/src/github.com/hashicorp/packer/bin/packer build template.json`. + +7. If everything works well and the tests pass, run `go fmt` on your code before + submitting a pull-request. + +### Opening an Pull Request + +Thank you for contributing! When you are ready to open a pull-request, you will +need to [fork +Packer](https://github.com/hashicorp/packer#fork-destination-box), push your +changes to your fork, and then open a pull-request. + +For example, my github username is `cbednarski`, so I would do the following: + +``` +git checkout -b f-my-feature +# Develop a patch. +git push https://github.com/cbednarski/Packer f-my-feature +``` + +From there, open your fork in your browser to open a new pull-request. + +**Note:** Go infers package names from their file paths. This means `go build` +will break if you `git clone` your fork instead of using `go get` on the main +Packer project. + +### Pull Request Lifecycle + +1. You are welcome to submit your pull request for commentary or review before + it is fully completed. Please prefix the title of your pull request with + "[WIP]" to indicate this. It's also a good idea to include specific questions + or items you'd like feedback on. + +1. Once you believe your pull request is ready to be merged, you can remove any + "[WIP]" prefix from the title and a core team member will review. + +1. One of Packer's core team members will look over your contribution and + either provide comments letting you know if there is anything left to do. We + do our best to provide feedback in a timely manner, but it may take some time + for us to respond. + +1. Once all outstanding comments and checklist items have been addressed, your + contribution will be merged! Merged PRs will be included in the next + Packer release. The core team takes care of updating the CHANGELOG as they + merge. + +1. In rare cases, we might decide that a PR should be closed. We'll make sure to + provide clear reasoning when this happens. + +### Tips for Working on Packer + +#### Working on forks + +The easiest way to work on a fork is to set it as a remote of the Packer +project. After following the steps in "Setting up Go to work on Packer": + +1. Navigate to `$GOPATH/src/github.com/hashicorp/packer` +2. Add the remote by running + `git remote add `. For example: + `git remote add mwhooker https://github.com/mwhooker/packer.git`. +3. Checkout a feature branch: `git checkout -b new-feature` +4. Make changes +5. (Optional) Push your changes to the fork: + `git push -u new-feature` + +This way you can push to your fork to create a PR, but the code on disk still +lives in the spot where the go cli tools are expecting to find it. + +#### Govendor + +If you are submitting a change that requires new or updated dependencies, please +include them in `vendor/vendor.json` and in the `vendor/` folder. This helps +everything get tested properly in CI. + +Note that you will need to use [govendor](https://github.com/kardianos/govendor) +to do this. This step is recommended but not required; if you don't use govendor +please indicate in your PR which dependencies have changed and to what versions. + +Use `govendor fetch ` to add dependencies to the project. See +[govendor quick start](https://github.com/kardianos/govendor#quick-start-also-see-the-faq) +for examples. + +Please only apply the minimal vendor changes to get your PR to work. Packer does +not attempt to track the latest version for each dependency. + +#### Running Unit Tests + +You can run tests for individual packages using commands like this: + +``` +make test TEST=./builder/amazon/... +``` + +#### Running Acceptance Tests + +Packer has [acceptance tests](https://en.wikipedia.org/wiki/Acceptance_testing) +for various builders. These typically require an API key (AWS, GCE), or +additional software to be installed on your computer (VirtualBox, VMware). + +If you're working on a new builder or builder feature and want verify it is +functioning (and also hasn't broken anything else), we recommend running the +acceptance tests. + +**Warning:** The acceptance tests create/destroy/modify _real resources_, which +may incur costs for real money. In the presence of a bug, it is possible that +resources may be left behind, which can cost money even though you were not +using them. We recommend running tests in an account used only for that purpose +so it is easy to see if there are any dangling resources, and so production +resources are not accidentally destroyed or overwritten during testing. + +To run the acceptance tests, invoke `make testacc`: + +``` +make testacc TEST=./builder/amazon/ebs +... +``` + +The `TEST` variable lets you narrow the scope of the acceptance tests to a +specific package / folder. The `TESTARGS` variable is recommended to filter down +to a specific resource to test, since testing all of them at once can sometimes +take a very long time. + +To run only a specific test, use the `-run` argument: + +``` +make testacc TEST=./builder/amazon/ebs TESTARGS="-run TestBuilderAcc_forceDeleteSnapshot" +``` + +Acceptance tests typically require other environment variables to be set for +things such as API tokens and keys. Each test should error and tell you which +credentials are missing, so those are not documented here. diff --git a/.travis.yml b/.travis.yml index 26877142c..2bac499b3 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,8 +6,10 @@ sudo: false language: go go: - - 1.8.3 - - 1.9 + - 1.8.x + - 1.9.x + - 1.x + install: - make deps diff --git a/CHANGELOG.md b/CHANGELOG.md index 838f58d43..c29039f87 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,23 +1,387 @@ -## UNRELEASED - -### IMPROVEMENTS: - -* builder/googlecompute: Support setting labels on the resulting image. [GH-5356] -* builder/amazon: Support template functions in tag keys. [GH-5381] -* core: releases will now be build for ppc64le -* builder/amazon-instance: Add `.Token` as a variable in the `BundleUploadCommand` template. [GH-5288] -* builder/amazon: Output AMI Name during prevalidation. [GH-5389] -* builder/docker: Add option to set `--user` flag when running `exec`. [GH-5406] -* post-processor/vagrant: When building from a builder/hyper-v artifact, link instead of copy when available. [GH-5207] -* builder/amazon: Add `temporary_security_group_source_cidr` option to control ingress to source instances. [GH-5384] -* builder/vmware: Add `disable_vnc` option to prevent VNC connections from being made. [GH-5436] +## 1.2.3 (April 25, 2018) + +### BUG FIXES: + +* builder/azure: Azure CLI may now be logged into several accounts. [GH-6087] +* builder/ebssurrogate: Snapshot all launch devices. [GH-6056] +* builder/hyper-v: Fix CopyExportedVirtualMachine script so it works with + links. [GH-6082] +* builder/oracle-classic: Fix panics when cleaning up resources that haven't + been created. [GH-6095] +* builder/parallels: Allow user to cancel build while the OS is starting up. + [GH-6166] +* builder/qemu: Avoid warning when using raw format. [GH-6080] +* builder/scaleway: Fix compilation issues on solaris/amd64. [GH-6069] +* builder/virtualbox: Fix broken scancodes in boot_command. [GH-6067] +* builder/vmware-iso: Fail in validation if user gives wrong remote_type value. + [GH-4563] +* builder/vmware: Fixed a case-sensitivity issue when determing the network + type during the cloning step in the vmware-vmx builder. [GH-6057] +* builder/vmware: Fixes the DHCP lease and configuration pathfinders for VMware + Player. [GH-6096] +* builder/vmware: Multi-disk VM's can be properly handled by the compacting + stage. [GH-6074] +* common/bootcommand: Fix numerous bugs in the boot command code, and make + supported features consistent across builders. [GH-6129] +* communicator/ssh: Stop trying to discover whether destination is a directory + from uploader. [GH-6124] +* post-processor/vagrant: Large VMDKs should no longer show a 0-byte size on OS + X. [GH-6084] +* post-processor/vsphere: Fix encoding of spaces in passwords for upload. + [GH-6110] +* provisioner/ansible: Pass the inventory_directory configuration option to + ansible -i when it is set. [GH-6065] +* provisioner/powershell: fix bug with SSH communicator + cygwin. [GH-6160] +* provisioner/powershell: The {{.WinRMPassword}} template variable now works + with parallel builders. [GH-6144] + +### IMPROVEMENTS: + +* builder/alicloud: Update aliyungo common package. [GH-6157] +* builder/amazon: Expose more source ami data as template variables. [GH-6088] +* builder/amazon: Setting `force_delete` will only delete AMIs owned by the + user. This should prevent failures where we try to delete an AMI with a + matching name, but owned by someone else. [GH-6111] +* builder/azure: Users of Powershell provisioner may access the randomly- + generated winrm password using the template variable {{.WinRMPassword}}. + [GH-6113] +* builder/google: Users of Powershell provisioner may access the randomly- + generated winrm password using the template variable {{.WinRMPassword}}. + [GH-6141] +* builder/hyper-v: User can now configure hyper-v disk block size. [GH-5941] +* builder/openstack: Add configuration option for `instance_name`. [GH-6041] +* builder/oracle-classic: Better validation of destination image name. + [GH-6089] +* builder/oracle-oci: New config options for user data and user data file. + [GH-6079] +* builder/oracle-oci: use the official OCI sdk instead of handcrafted client. + [GH-6142] +* builder/triton: Add support to Skip TLS Verification of Triton Certificate. + [GH-6039] +* provisioner/ansible: Ansible users may provide a custom inventory file. + [GH-6107] +* provisioner/file: New `generated` tag allows users to upload files created + during Packer run. [GH-3891] + +## 1.2.2 (March 26, 2018) + +### BUG FIXES: + +* builder/amazon: Fix AWS credential defaulting [GH-6019] +* builder/LXC: make sleep timeout easily configurable [GH-6038] +* builder/virtualbox: Correctly send multi-byte scancodes when typing boot + command. [GH-5987] +* builder/virtualbox: Special boot-commands no longer overwrite previous + commands [GH-6002] +* builder/vmware: Default to disabling XHCI bus for USB on the vmware-iso + builder. [GH-5975] +* builder/vmware: Handle multiple devices per VMware network type [GH-5985] +* communicator/ssh: Handle errors uploading files more gracefully [GH-6033] +* provisioner/powershell: Fix environment variable file escaping. [GH-5973] + + +### IMPROVEMENTS: + +* builder/amazon: Added new region `cn-northwest-1`. [GH-5960] +* builder/amazon: Users may now access the amazon-generated administrator + password [GH-5998] +* builder/azure: Add support concurrent deployments in the same resource group. + [GH-6005] +* builder/azure: Add support for building with additional disks. [GH-5944] +* builder/azure: Add support for marketplace plan information. [GH-5970] +* builder/azure: Make all command output human readable. [GH-5967] +* builder/azure: Respect `-force` for managed image deletion. [GH-6003] +* builder/google: Add option to specify a service account, or to run without + one. [GH-5991] [GH-5928] +* builder/oracle-oci: Add new "use_private_ip" option. [GH-5893] +* post-processor/vagrant: Add LXC support. [GH-5980] +* provisioner/salt-masterless: Added Windows support. [GH-5702] +* provisioner/salt: Add windows support to salt provisioner [GH-6012] [GH-6012] + + +## 1.2.1 (February 23, 2018) + +### BUG FIXES: + +* builder/amazon: Fix authorization using assume role. [GH-5914] +* builder/hyper-v: Fix command collisions with VMWare PowerCLI. [GH-5861] +* builder/vmware-iso: Fix panic when building on esx5 remotes. [GH-5931] +* builder/vmware: Fix issue detecting host IP. [GH-5898] [GH-5900] +* provisioner/ansible-local: Fix conflicting escaping schemes for vars provided + via `--extra-vars`. [GH-5888] + +### IMPROVEMENTS: + +* builder/oracle-classic: Add `snapshot_timeout` option to control how long we + wait for the snapshot to be created. [GH-5932] +* builder/oracle-classic: Add support for WinRM connections. [GH-5929] + + +## 1.2.0 (February 9, 2018) + +### BACKWARDS INCOMPATIBILITIES: + +* 3rd party plugins: We have moved internal dependencies, meaning your 3rd + party plugins will no longer compile (however existing builds will still + work fine); the work to fix them is minimal and documented in GH-5810. + [GH-5810] +* builder/amazon: The `ssh_private_ip` option has been removed. Instead, please + use `"ssh_interface": "private"`. A fixer has been written for this, which + can be invoked with `packer fix`. [GH-5876] +* builder/openstack: Extension support has been removed. To use OpenStack + builder with the OpenStack Newton (Oct 2016) or earlier, we recommend you + use Packer v1.1.2 or earlier version. +* core: Affects Windows guests: User variables containing Powershell special + characters no longer need to be escaped.[GH-5376] +* provisioner/file: We've made destination semantics more consistent across the + various communicators. In general, if the destination is a directory, files + will be uploaded into the directory instead of failing. This mirrors the + behavior of `rsync`. There's a chance some users might be depending on the + previous buggy behavior, so it's worth ensuring your configuration is + correct. [GH-5426] +* provisioner/powershell: Regression from v1.1.1 forcing extra escaping of + environment variables in the non-elevated provisioner has been fixed. + [GH-5515] [GH-5872] + +### IMPROVEMENTS: + +* **New builder:** `ncloud` for building server images using the NAVER Cloud + Platform. [GH-5791] +* **New builder:** `oci-classic` for building new custom images for use with + Oracle Cloud Infrastructure Classic Compute. [GH-5819] +* **New builder:** `scaleway` - The Scaleway Packer builder is able to create + new images for use with Scaleway BareMetal and Virtual cloud server. + [GH-4770] +* builder/amazon: Add `kms_key_id` option to block device mappings. [GH-5774] +* builder/amazon: Add `skip_metadata_api_check` option to skip consulting the + amazon metadata service. [GH-5764] +* builder/amazon: Add Paris region (eu-west-3) [GH-5718] +* builder/amazon: Give better error messages if we have trouble during + authentication. [GH-5764] +* builder/amazon: Remove Session Token (STS) from being shown in the log. + [GH-5665] +* builder/amazon: Replace `InstanceStatusOK` check with `InstanceReady`. This + reduces build times universally while still working for all instance types. + [GH-5678] +* builder/amazon: Report which authentication provider we're using. [GH-5764] +* builder/amazon: Timeout early if metadata service can't be reached. [GH-5764] +* builder/amazon: Warn during prepare if we didn't get both an access key and a + secret key when we were expecting one. [GH-5762] +* builder/azure: Add validation for incorrect VHD URLs [GH-5695] +* builder/docker: Remove credentials from being shown in the log. [GH-5666] +* builder/google: Support specifying licenses for images. [GH-5842] +* builder/hyper-v: Allow MAC address specification. [GH-5709] +* builder/hyper-v: New option to use differential disks and Inline disk + creation to improve build time and reduce disk usage [GH-5631] +* builder/qemu: Add Intel HAXM support to QEMU builder [GH-5738] +* builder/triton: Triton RBAC is now supported. [GH-5741] +* builder/triton: Updated triton-go dependencies, allowing better error + handling. [GH-5795] +* builder/vmware-iso: Add support for cdrom and disk adapter types. [GH-3417] +* builder/vmware-iso: Add support for setting network type and network adapter + type. [GH-3417] +* builder/vmware-iso: Add support for usb/serial/parallel ports. [GH-3417] +* builder/vmware-iso: Add support for virtual soundcards. [GH-3417] +* builder/vmware-iso: More reliably retrieve the guest networking + configuration. [GH-3417] +* builder/vmware: Add support for "super" key in `boot_command`. [GH-5681] +* communicator/ssh: Add session-level keep-alives [GH-5830] +* communicator/ssh: Detect dead connections. [GH-4709] +* core: Gracefully clean up resources on SIGTERM. [GH-5318] +* core: Improved error logging in floppy file handling. [GH-5802] +* core: Improved support for downloading and validating a uri containing a + Windows UNC path or a relative file:// scheme. [GH-2906] +* post-processor/amazon-import: Allow user to specify role name in amazon- + import [GH-5817] +* post-processor/docker: Remove credentials from being shown in the log. + [GH-5666] +* post-processor/google-export: Synchronize credential semantics with the + Google builder. [GH-4148] +* post-processor/vagrant: Add vagrant post-processor support for Google + [GH-5732] +* post-processor/vsphere-template: Now accepts artifacts from the vSphere post- + processor. [GH-5380] +* provisioner/amazon: Use Amazon SDK's InstanceRunning waiter instead of + InstanceStatusOK waiter [GH-5773] +* provisioner/ansible: Improve user retrieval. [GH-5758] +* provisioner/chef: Add support for 'trusted_certs_dir' chef-client + configuration option [GH-5790] +* provisioner/chef: Added Policyfile support to chef-client provisioner. + [GH-5831] + +### BUG FIXES: + +* builder/alicloud-ecs: Attach keypair before starting instance in alicloud + builder [GH-5739] +* builder/amazon: Fix tagging support when building in us-gov/china. [GH-5841] +* builder/amazon: NewSession now inherits MaxRetries and other settings. + [GH-5719] +* builder/virtualbox: Fix interpolation ordering so that edge cases around + guest_additions_url are handled correctly [GH-5757] +* builder/virtualbox: Fix regression affecting users running Packer on a + Windows host that kept Packer from finding Virtualbox guest additions if + Packer ran on a different drive from the one where the guest additions were + stored. [GH-5761] +* builder/vmware: Fix case where artifacts might not be cleaned up correctly. + [GH-5835] +* builder/vmware: Fixed file handle leak that may have caused race conditions + in vmware builder [GH-5767] +* communicator/ssh: Add deadline to SSH connection to prevent Packer hangs + after script provisioner reboots vm [GH-4684] +* communicator/winrm: Fix issue copying empty directories. [GH-5763] +* provisioner/ansible-local: Fix support for `--extra-vars` in + `extra_arguments`. [GH-5703] +* provisioner/ansible-remote: Fixes an error where Packer's private key can be + overridden by inherited `ansible_ssh_private_key` options. [GH-5869] +* provisioner/ansible: The "default extra variables" feature added in Packer + v1.0.1 caused the ansible-local provisioner to fail when an --extra-vars + argument was specified in the extra_arguments configuration option; this + has been fixed. [GH-5335] +* provisioner/powershell: Regression from v1.1.1 forcing extra escaping of + environment variables in the non-elevated provisioner has been fixed. + [GH-5515] [GH-5872] + + +## 1.1.3 (December 8, 2017) + +### IMPROVEMENTS: + +* builder/alicloud-ecs: Add security token support and set TLS handshake + timeout through environment variable. [GH-5641] +* builder/amazon: Add a new parameter `ssh_interface`. Valid values include + `public_ip`, `private_ip`, `public_dns` or `private_dns`. [GH-5630] +* builder/azure: Add sanity checks for resource group names [GH-5599] +* builder/azure: Allow users to specify an existing resource group to use, + instead of creating a new one for every run. [GH-5548] +* builder/hyper-v: Add support for differencing disk. [GH-5458] +* builder/vmware-iso: Improve logging of network errors. [GH-5456] +* core: Add new `packer_version` template engine. [GH-5619] +* core: Improve logic checking for downloaded ISOs in case where user has + provided more than one URL in `iso_urls` [GH-5632] +* provisioner/ansible-local: Add ability to clean staging directory. [GH-5618] + +### BUG FIXES: + +* builder/amazon: Allow `region` to appear in `ami_regions`. [GH-5660] +* builder/amazon: `C5` instance types now build more reliably. [GH-5678] +* builder/amazon: Correctly set AWS region if given in template along with a + profile. [GH-5676] +* builder/amazon: Prevent `sriov_support` and `ena_support` from being used + with spot instances, which would cause a build failure. [GH-5679] +* builder/hyper-v: Fix interpolation context for user variables in + `boot_command` [GH-5547] +* builder/qemu: Set default disk size to 40960 MB to prevent boot failures. + [GH-5588] +* builder/vmware: Correctly detect Windows boot on vmware workstation. + [GH-5672] +* core: Fix windows path regression when downloading ISOs. [GH-5591] +* provisioner/chef: Fix chef installs on Windows. [GH-5649] + +## 1.1.2 (November 15, 2017) + +### IMPROVEMENTS: + +* builder/amazon: Correctly deregister AMIs when `force_deregister` is set. + [GH-5525] +* builder/digitalocean: Add `ipv6` option to enable on droplet. [GH-5534] +* builder/docker: Add `aws_profile` option to control the aws profile for ECR. + [GH-5470] +* builder/google: Add `clean_image_name` template engine. [GH-5463] +* builder/google: Allow selecting container optimized images. [GH-5576] +* builder/google: Interpolate network and subnetwork values, rather than + relying on an API call that packer may not have permission for. [GH-5343] +* builder/hyper-v: Add `disk_additional_size` option to allow for up to 64 + additional disks. [GH-5491] +* builder/hyper-v: Also disable automatic checkpoints for gen 2 VMs. [GH-5517] +* builder/lxc: Add new `publish_properties` field to set image properties. + [GH-5475] +* builder/lxc: Add three new configuration option categories to LXC builder: + `create_options`, `start_options`, and `attach_options`. [GH-5530] +* builder/triton: Add `source_machine_image_filter` option to select an image + ID based on a variety of parameters. [GH-5538] +* builder/virtualbox-ovf: Error during prepare if source path doesn't exist. + [GH-5573] +* builder/virtualbox-ovf: Retry while removing VM to solve for transient + errors. [GH-5512] +* communicator/ssh: Add socks 5 proxy support. [GH-5439] +* core/iso_config: Support relative paths in checksum file. [GH-5578] +* core: Rewrite vagrantfile code to make cross-platform development easier. + [GH-5539] +* post-processor/docker-push: Add `aws_profile` option to control the aws + profile for ECR. [GH-5470] +* post-processor/vsphere: Properly capture `ovftool` output. [GH-5499] + +### BUG FIXES: + +* builder/amazon: Add a delay option to security group waiter. [GH-5536] +* builder/amazon: Fix regressions relating to spot instances and EBS volumes. + [GH-5495] +* builder/amazon: Set region from profile, if profile is set, rather than being + overridden by metadata. [GH-5562] +* builder/docker: Remove `login_email`, which no longer exists in the docker + client. [GH-5511] +* builder/hyperv: Fix admin check that was causing powershell failures. + [GH-5510] +* builder/oracle: Defaulting of OCI builder region will first check the packer + template and the OCI config file. [GH-5407] +* builder/triton: Fix a bug where partially created images can be reported as + complete. [GH-5566] +* post-processor/vsphere: Use the vm disk path information to re-create the vmx + datastore path. [GH-5567] +* provisioner/windows-restart: Wait for restart no longer endlessly loops if + user specifies a custom restart check command. [GH-5563] + +## 1.1.1 (October 13, 2017) + +### IMPROVEMENTS: + +* **New builder:** `hyperv-vmcx` for building images from existing VMs. + [GH-4944] [GH-5444] +* builder/amazon-instance: Add `.Token` as a variable in the + `BundleUploadCommand` template. [GH-5288] +* builder/amazon: Add `temporary_security_group_source_cidr` option to control + ingress to source instances. [GH-5384] +* builder/amazon: Output AMI Name during prevalidation. [GH-5389] +* builder/amazon: Support template functions in tag keys. [GH-5381] +* builder/amazon: Tag volumes on creation instead of as a separate step. + [GH-5417] +* builder/docker: Add option to set `--user` flag when running `exec`. + [GH-5406] +* builder/docker: Set file owner to container user when uploading. Can be + disabled by setting `fix_upload_owner` to `false`. [GH-5422] +* builder/googlecompute: Support setting labels on the resulting image. + [GH-5356] +* builder/hyper-v: Add `vhd_temp_path` option to control where the VHD resides + while it's being provisioned. [GH-5206] +* builder/hyper-v: Allow vhd or vhdx source images instead of just ISO. + [GH-4944] [GH-5444] +* builder/hyper-v: Disable automatic checkpoints. [GH-5374] +* builder/virtualbox-ovf: Add `keep_registered` option. [GH-5336] +* builder/vmware: Add `disable_vnc` option to prevent VNC connections from + being made. [GH-5436] +* core: Releases will now be built for ppc64le. +* post-processor/vagrant: When building from a builder/hyper-v artifact, link + instead of copy when available. [GH-5207] + ### BUG FIXES: -* builder/puppet-masterless: Make sure directories created with sudo are writable by the packer user. [GH-5351] * builder/cloudstack: Fix panic if build is aborted. [GH-5388] +* builder/hyper-v: Respect `enable_dynamic_memory` flag. [GH-5363] +* builder/puppet-masterless: Make sure directories created with sudo are + writable by the packer user. [GH-5351] +* provisioner/chef-solo: Fix issue installing chef-solo on Windows. [GH-5357] +* provisioner/powershell: Fix issue setting environment variables by writing + them to a file, instead of the command line. [GH-5345] +* provisioner/powershell: Fix issue where powershell scripts could hang. + [GH-5082] +* provisioner/powershell: Fix Powershell progress stream leak to stderr for + normal and elevated commands. [GH-5365] +* provisioner/puppet-masterless: Fix bug where `puppet_bin_dir` wasn't being + respected. [GH-5340] * provisioner/puppet: Fix setting facter vars on Windows. [GH-5341] + ## 1.1.0 (September 12, 2017) ### IMPROVEMENTS: @@ -148,7 +512,7 @@ * builder/cloudstack: Properly report back errors. [GH-5103] [GH-5123] * builder/docker: Fix windows filepath in docker-toolbox call [GH-4887] * builder/docker: Fix windows filepath in docker-toolbox call. [GH-4887] -* builder/hyperv: Use SID to verify membersip in Admin group, fixing for non- +* builder/hyperv: Use SID to verify membership in Admin group, fixing for non- english users. [GH-5022] * builder/hyperv: Verify membership in the group Hyper-V Administrators by SID not name. [GH-5022] @@ -174,7 +538,7 @@ * core: Remove logging that shouldn't be there when running commands. [GH-5042] * provisioner/shell: Fix bug where scripts were being run under `sh`. [GH-5043] -### IMRPOVEMENTS: +### IMPROVEMENTS: * provisioner/windows-restart: make it clear that timeouts come from the provisioner, not winrm. [GH-5040] @@ -395,7 +759,7 @@ * builder/amazon: Crashes when new EBS vols are used. [GH-4308] * builder/amazon: Fix crash in amazon-instance. [GH-4372] * builder/amazon: fix run volume tagging [GH-4420] -* builder/amazon: fix when using non-existant security\_group\_id. [GH-4425] +* builder/amazon: fix when using non-existent security\_group\_id. [GH-4425] * builder/amazon: Properly error if we don't have the ec2:DescribeSecurityGroups permission. [GH-4304] * builder/amazon: Properly wait for security group to exist. [GH-4369] @@ -1058,7 +1422,7 @@ * builder/parallels: Support Parallels Desktop 11. [GH-2199] * builder/openstack: Add `rackconnect_wait` for Rackspace customers to wait for RackConnect data to appear -* buidler/openstack: Add `ssh_interface` option for rackconnect for users that +* builder/openstack: Add `ssh_interface` option for rackconnect for users that have prohibitive firewalls * builder/openstack: Flavor names can be used as well as refs * builder/openstack: Add `availability_zone` [GH-2016] @@ -1089,7 +1453,7 @@ * core: Fix potential panic for post-processor plugin exits. [GH-2098] * core: `PACKER_CONFIG` may point to a non-existent file. [GH-2226] * builder/amazon: Allow spaces in AMI names when using `clean_ami_name` [GH-2182] -* builder/amazon: Remove deprecated ec2-upload-bundle paramger. [GH-1931] +* builder/amazon: Remove deprecated ec2-upload-bundle parameter. [GH-1931] * builder/amazon: Use IAM Profile to upload bundle if provided. [GH-1985] * builder/amazon: Use correct exit code after SSH authentication failed. [GH-2004] * builder/amazon: Retry finding created instance for eventual @@ -1172,7 +1536,7 @@ * builder/googlecompute: Support for ubuntu-os-cloud project * builder/googlecompute: Support for OAuth2 to avoid client secrets file -* builder/googlecompute: GCE image from persistant disk instead of tarball +* builder/googlecompute: GCE image from persistent disk instead of tarball * builder/qemu: Checksum type "none" can be used * provisioner/chef: Generate a node name if none available * provisioner/chef: Added ssl_verify_mode configuration @@ -1306,7 +1670,7 @@ * builder/docker: Can now specify login credentials to pull images. * builder/docker: Support mounting additional volumes. [GH-1430] * builder/parallels/all: Path to tools ISO is calculated automatically. [GH-1455] -* builder/parallels-pvm: `reassign_mac` option to choose wehther or not +* builder/parallels-pvm: `reassign_mac` option to choose whether or not to generate a new MAC address. [GH-1461] * builder/qemu: Can specify "none" acceleration type. [GH-1395] * builder/qemu: Can specify "tcg" acceleration type. [GH-1395] @@ -1335,7 +1699,7 @@ manager certs. [GH-1137] * builder/amazon/all: `delete_on_termination` set to false will work. * builder/amazon/all: Fix race condition on setting tags. [GH-1367] -* builder/amazon/all: More desctriptive error messages if Amazon only +* builder/amazon/all: More descriptive error messages if Amazon only sends an error code. [GH-1189] * builder/docker: Error if `DOCKER_HOST` is set. * builder/docker: Remove the container during cleanup. [GH-1206] @@ -1749,7 +2113,7 @@ * builder/digitalocean: scrub API keys from config debug output. [GH-516] * builder/virtualbox: error if VirtualBox version cant be detected. [GH-488] * builder/virtualbox: detect if vboxdrv isn't properly setup. [GH-488] -* builder/virtualbox: sleep a bit before export to ensure the sesssion +* builder/virtualbox: sleep a bit before export to ensure the session is unlocked. [GH-512] * builder/virtualbox: create SATA drives properly on VirtualBox 4.3. [GH-547] * builder/virtualbox: support user templates in SSH key path. [GH-539] @@ -1906,7 +2270,7 @@ * builder/virtualbox,vmware: Support SHA512 as a checksum type. [GH-356] * builder/vmware: The root hard drive type can now be specified with "disk_type_id" for advanced users. [GH-328] -* provisioner/salt-masterless: Ability to specfy a minion config. [GH-264] +* provisioner/salt-masterless: Ability to specify a minion config. [GH-264] * provisioner/salt-masterless: Ability to upload pillars. [GH-353] ### IMPROVEMENTS: @@ -1965,7 +2329,7 @@ * core: All HTTP downloads across Packer now support the standard proxy environmental variables (`HTTP_PROXY`, `NO_PROXY`, etc.) [GH-252] * builder/amazon: API requests will use HTTP proxy if specified by - enviromental variables. + environmental variables. * builder/digitalocean: API requests will use HTTP proxy if specified by environmental variables. @@ -2011,11 +2375,11 @@ * builder/amazon-instance: send IAM instance profile data. [GH-294] * builder/digitalocean: API request parameters are properly URL encoded. [GH-281] -* builder/virtualbox: dowload progress won't be shown until download +* builder/virtualbox: download progress won't be shown until download actually starts. [GH-288] * builder/virtualbox: floppy files names of 13 characters are now properly written to the FAT12 filesystem. [GH-285] -* builder/vmware: dowload progress won't be shown until download +* builder/vmware: download progress won't be shown until download actually starts. [GH-288] * builder/vmware: interrupt works while typing commands over VNC. * builder/virtualbox: floppy files names of 13 characters are now properly @@ -2137,7 +2501,7 @@ ### BUG FIXES: * builder/amazon/all: Gracefully handle when AMI appears to not exist - while AWS state is propogating. [GH-207] + while AWS state is propagating. [GH-207] * builder/virtualbox: Trim carriage returns for Windows to properly detect VM state on Windows. [GH-218] * core: build names no longer cause invalid config errors. [GH-197] @@ -2162,7 +2526,7 @@ * Amazon EBS builder can now optionally use a pre-made security group instead of randomly generating one. * DigitalOcean API key and client IDs can now be passed in as - environmental variables. See the documentatin for more details. + environmental variables. See the documentation for more details. * VirtualBox and VMware can now have `floppy_files` specified to attach floppy disks when booting. This allows for unattended Windows installs. * `packer build` has a new `-force` flag that forces the removal of @@ -2219,7 +2583,7 @@ * core: Non-200 response codes on downloads now show proper errors. [GH-141] * amazon-ebs: SSH handshake is retried. [GH-130] -* vagrant: The `BuildName` template propery works properly in +* vagrant: The `BuildName` template property works properly in the output path. * vagrant: Properly configure the provider-specific post-processors so things like `vagrantfile_template` work. [GH-129] diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 000000000..216cce578 --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1,28 @@ +* @hashicorp/packer + +# builders + +/builder/alicloud/ dongxiao.zzh@alibaba-inc.com +/builder/amazon/ebssurrogate/ @jen20 +/builder/amazon/ebsvolume/ @jen20 +/builder/azure/ @boumenot +/builder/hyperv/ @taliesins +/builder/lxc/ @ChrisLundquist +/builder/lxd/ @ChrisLundquist +/builder/oneandone/ @jasmingacic +/builder/oracle/ @prydie @owainlewis +/builder/profitbricks/ @jasmingacic +/builder/triton/ @jen20 @sean- +/builder/ncloud/ @YuSungDuk +/builder/scaleway/ @dimtion @edouardb + +# provisioners + +/provisioner/ansible/ @bhcleek +/provisioner/converge/ @stevendborrelli + +# post-processors +/post-processor/alicloud-import/ dongxiao.zzh@alibaba-inc.com +/post-processor/checksum/ v.tolstov@selfip.ru +/post-processor/googlecompute-export/ crunkleton@google.com +/post-processor/vsphere-template/ nelson@bennu.cl diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md deleted file mode 100644 index acababe3f..000000000 --- a/CONTRIBUTING.md +++ /dev/null @@ -1,158 +0,0 @@ -# Contributing to Packer - -**First:** if you're unsure or afraid of _anything_, just ask -or submit the issue or pull request anyways. You won't be yelled at for -giving your best effort. The worst that can happen is that you'll be -politely asked to change something. We appreciate any sort of contributions, -and don't want a wall of rules to get in the way of that. - -However, for those individuals who want a bit more guidance on the -best way to contribute to the project, read on. This document will cover -what we're looking for. By addressing all the points we're looking for, -it raises the chances we can quickly merge or address your contributions. - -## Issues - -### Reporting an Issue - -* Make sure you test against the latest released version. It is possible - we already fixed the bug you're experiencing. - -* Run the command with debug ouput with the environment variable - `PACKER_LOG`. For example: `PACKER_LOG=1 packer build template.json`. Take - the *entire* output and create a [gist](https://gist.github.com) for linking - to in your issue. Packer should strip sensitive keys from the output, - but take a look through just in case. - -* Provide a reproducible test case. If a contributor can't reproduce an - issue, then it dramatically lowers the chances it'll get fixed. And in - some cases, the issue will eventually be closed. - -* Respond promptly to any questions made by the Packer team to your issue. - Stale issues will be closed. - -### Issue Lifecycle - -1. The issue is reported. - -2. The issue is verified and categorized by a Packer collaborator. - Categorization is done via tags. For example, bugs are marked as "bugs" - and easy fixes are marked as "easy". - -3. Unless it is critical, the issue is left for a period of time (sometimes - many weeks), giving outside contributors a chance to address the issue. - -4. The issue is addressed in a pull request or commit. The issue will be - referenced in the commit message so that the code that fixes it is clearly - linked. - -5. The issue is closed. - -## Setting up Go to work on Packer - -If you have never worked with Go before, you will have to complete the -following steps in order to be able to compile and test Packer. These instructions target POSIX-like environments (Mac OS X, Linux, Cygwin, etc.) so you may need to adjust them for Windows or other shells. - -1. [Download](https://golang.org/dl) and install Go. The instructions below - are for go 1.7. Earlier versions of Go are no longer supported. - -2. Set and export the `GOPATH` environment variable and update your `PATH`. For - example, you can add to your `.bash_profile`. - - ``` - export GOPATH=$HOME/go - export PATH=$PATH:$GOPATH/bin - ``` - -3. Download the Packer source (and its dependencies) by running `go get - github.com/hashicorp/packer`. This will download the Packer source to - `$GOPATH/src/github.com/hashicorp/packer`. - -4. When working on packer `cd $GOPATH/src/github.com/hashicorp/packer` so you - can run `make` and easily access other files. Run `make help` to get - information about make targets. - -5. Make your changes to the Packer source. You can run `make` in - `$GOPATH/src/github.com/hashicorp/packer` to run tests and build the packer - binary. Any compilation errors will be shown when the binaries are - rebuilding. If you don't have `make` you can simply run `go build -o bin/packer .` from the project root. - -6. After running building packer successfully, use - `$GOPATH/src/github.com/hashicorp/packer/bin/packer` to build a machine and - verify your changes work. For instance: `$GOPATH/src/github.com/hashicorp/packer/bin/packer build template.json`. - -7. If everything works well and the tests pass, run `go fmt` on your code - before submitting a pull-request. - -### Opening an Pull Request - -When you are ready to open a pull-request, you will need to [fork packer](https://github.com/hashicorp/packer#fork-destination-box), push your changes to your fork, and then open a pull-request. - -For example, my github username is `cbednarski` so I would do the following: - - git checkout -b f-my-feature - // develop a patch - git push https://github.com/cbednarski/packer f-my-feature - -From there, open your fork in your browser to open a new pull-request. - -**Note** Go infers package names from their filepaths. This means `go build` will break if you `git clone` your fork instead of using `go get` on the main packer project. - -### Tips for Working on Packer - -#### Working on forks - -The easiest way to work on a fork is to set it as a remote of the packer project. After following the steps in "Setting up Go to work on Packer": - -1. Navigate to $GOPATH/src/github.com/hashicorp/packer -2. Add the remote `git remote add `. For example `git remote add mwhooker https://github.com/mwhooker/packer.git`. -3. Checkout a feature branch: `git checkout -b new-feature` -4. Make changes -5. (Optional) Push your changes to the fork: `git push -u new-feature` - -This way you can push to your fork to create a PR, but the code on disk still lives in the spot where the go cli tools are expecting to find it. - -#### Govendor - -If you are submitting a change that requires new or updated dependencies, please include them in `vendor/vendor.json` and in the `vendor/` folder. This helps everything get tested properly in CI. - -Note that you will need to use [govendor](https://github.com/kardianos/govendor) to do this. This step is recommended but not required; if you don't use govendor please indicate in your PR which dependencies have changed and to what versions. - -Use `govendor fetch ` to add dependencies to the project. See -[govendor quick -start](https://github.com/kardianos/govendor#quick-start-also-see-the-faq) for -examples. - -Please only apply the minimal vendor changes to get your PR to work. Packer does not attempt to track the latest version for each dependency. - -#### Running Unit Tests - -You can run tests for individual packages using commands like this: - - $ make test TEST=./builder/amazon/... - -#### Running Acceptance Tests - -Packer has [acceptance tests](https://en.wikipedia.org/wiki/Acceptance_testing) -for various builders. These typically require an API key (AWS, GCE), or -additional software to be installed on your computer (VirtualBox, VMware). - -If you're working on a new builder or builder feature and want verify it is functioning (and also hasn't broken anything else), we recommend running the -acceptance tests. - -**Warning:** The acceptance tests create/destroy/modify *real resources*, which -may incur costs for real money. In the presence of a bug, it is possible that resources may be left behind, which can cost money even though you were not using them. We recommend running tests in an account used only for that purpose so it is easy to see if there are any dangling resources, and so production resources are not accidentally destroyed or overwritten during testing. - -To run the acceptance tests, invoke `make testacc`: - - $ make testacc TEST=./builder/amazon/ebs - ... - -The `TEST` variable lets you narrow the scope of the acceptance tests to a -specific package / folder. The `TESTARGS` variable is recommended to filter -down to a specific resource to test, since testing all of them at once can -sometimes take a very long time. - -Acceptance tests typically require other environment variables to be set for -things such as API tokens and keys. Each test should error and tell you which -credentials are missing, so those are not documented here. diff --git a/Makefile b/Makefile index d7f3578ec..0ccd547b4 100644 --- a/Makefile +++ b/Makefile @@ -42,6 +42,7 @@ package: deps: @go get golang.org/x/tools/cmd/stringer + @go get -u github.com/mna/pigeon @go get github.com/kardianos/govendor @govendor sync @@ -51,8 +52,9 @@ dev: deps ## Build and install a development build exit 1; \ fi @mkdir -p pkg/$(GOOS)_$(GOARCH) + @mkdir -p bin @go install -ldflags '$(GOLDFLAGS)' - @cp $(GOPATH)/bin/packer bin + @cp $(GOPATH)/bin/packer bin/packer @cp $(GOPATH)/bin/packer pkg/$(GOOS)_$(GOARCH) fmt: ## Format Go code @@ -72,6 +74,8 @@ fmt-examples: # source files. generate: deps ## Generate dynamically generated code go generate . + gofmt -w common/bootcommand/boot_command.go + goimports -w common/bootcommand/boot_command.go gofmt -w command/plugin.go test: deps fmt-check ## Run unit tests @@ -90,7 +94,7 @@ testrace: deps ## Test for race conditions @go test -race $(TEST) $(TESTARGS) -timeout=2m updatedeps: - @echo "INFO: Packer deps are managed by govendor. See CONTRIBUTING.md" + @echo "INFO: Packer deps are managed by govendor. See .github/CONTRIBUTING.md" help: @grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' diff --git a/README.md b/README.md index 8dac199dc..b031d542e 100644 --- a/README.md +++ b/README.md @@ -9,10 +9,10 @@ [travis]: https://travis-ci.org/hashicorp/packer [appveyor-badge]: https://ci.appveyor.com/api/projects/status/miavlgnp989e5obc/branch/master?svg=true [appveyor]: https://ci.appveyor.com/project/hashicorp/packer -[godoc-badge]: https://godoc.org/github.com/mitchellh/packer?status.svg -[godoc]: https://godoc.org/github.com/mitchellh/packer -[report-badge]: https://goreportcard.com/badge/github.com/mitchellh/packer -[report]: https://goreportcard.com/report/github.com/mitchellh/packer +[godoc-badge]: https://godoc.org/github.com/hashicorp/packer?status.svg +[godoc]: https://godoc.org/github.com/hashicorp/packer +[report-badge]: https://goreportcard.com/badge/github.com/hashicorp/packer +[report]: https://goreportcard.com/report/github.com/hashicorp/packer * Website: https://www.packer.io * IRC: `#packer-tool` on Freenode @@ -23,24 +23,8 @@ from a single source configuration. Packer is lightweight, runs on every major operating system, and is highly performant, creating machine images for multiple platforms in parallel. Packer -comes out of the box with support for the following platforms: - -* Amazon EC2 (AMI). Both EBS-backed and instance-store AMIs -* Azure -* CloudStack -* DigitalOcean -* Docker -* Google Compute Engine -* Hyper-V -* 1&1 -* OpenStack -* Oracle Bare Metal Cloud Services -* Parallels -* ProfitBricks -* QEMU. Both KVM and Xen images. -* Triton (Joyent Public Cloud) -* VMware -* VirtualBox +comes out of the box with support for many platforms, the full list of which can +be found at https://www.packer.io/docs/builders/index.html. Support for other platforms can be added via plugins. @@ -59,8 +43,10 @@ for those with a bit more patience. Otherwise, the quick start below will get you up and running quickly, at the sacrifice of not explaining some key points. -First, [download a pre-built Packer binary](https://www.packer.io/downloads.html) -for your operating system or [compile Packer yourself](CONTRIBUTING.md#setting-up-go-to-work-on-packer). +First, [download a pre-built Packer +binary](https://www.packer.io/downloads.html) for your operating system or +[compile Packer +yourself](https://github.com/hashicorp/packer/blob/master/.github/CONTRIBUTING.md#setting-up-go-to-work-on-packer). After Packer is installed, create your first template, which tells Packer what platforms to build images for and how you want to build them. In our @@ -108,4 +94,7 @@ https://www.packer.io/docs ## Developing Packer -See [CONTRIBUTING.md](https://github.com/hashicorp/packer/blob/master/CONTRIBUTING.md) for best practices and instructions on setting up your development environment to work on Packer. +See +[CONTRIBUTING.md](https://github.com/hashicorp/packer/blob/master/.github/CONTRIBUTING.md) +for best practices and instructions on setting up your development environment +to work on Packer. diff --git a/Vagrantfile b/Vagrantfile index b61b3d209..dd6370f04 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -1,50 +1,84 @@ # -*- mode: ruby -*- # vi: set ft=ruby : -$script = <` tags to enclose any commands +that you would normally run in a Command Prompt window. See +[Running Commands on Your Windows Instance at Launch]( +http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-windows-user-data.html) +for more info about what's going on behind the scenes here. + +```powershell + +# Set administrator password net user Administrator SuperS3cr3t! wmic useraccount where "name='Administrator'" set PasswordExpires=FALSE -# First, make sure WinRM doesn't run and can't be connected to -netsh advfirewall firewall add rule name="WinRM" protocol=TCP dir=in localport=5985 action=block -net stop winrm +# First, make sure WinRM can't be connected to +netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new enable=yes action=block -# turn off PowerShell execution policy restrictions -Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope LocalMachine +# Delete any existing WinRM listeners +winrm delete winrm/config/listener?Address=*+Transport=HTTP 2>$Null +winrm delete winrm/config/listener?Address=*+Transport=HTTPS 2>$Null -# configure WinRM -winrm quickconfig -q +# Create a new WinRM listener and configure +winrm create winrm/config/listener?Address=*+Transport=HTTP winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="0"}' winrm set winrm/config '@{MaxTimeoutms="7200000"}' winrm set winrm/config/service '@{AllowUnencrypted="true"}' @@ -344,75 +394,137 @@ winrm set winrm/config/service '@{MaxConcurrentOperationsPerUser="12000"}' winrm set winrm/config/service/auth '@{Basic="true"}' winrm set winrm/config/client/auth '@{Basic="true"}' -net stop winrm -set-service winrm -startupType automatic +# Configure UAC to allow privilege elevation in remote shells +$Key = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' +$Setting = 'LocalAccountTokenFilterPolicy' +Set-ItemProperty -Path $Key -Name $Setting -Value 1 -Force -# Finally, allow WinRM connections and start the service -netsh advfirewall firewall set rule name="WinRM" new action=allow -net start winrm +# Configure and restart the WinRM Service; Enable the required firewall exception +Stop-Service -Name WinRM +Set-Service -Name WinRM -StartupType Automatic +netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new action=allow localip=any remoteip=any +Start-Service -Name WinRM + ``` +Save the above code in a file named `bootstrap_win.txt`. -Save the above code in a file named `bootstrap_win.txt`. +-> **A quick aside/warning:**
+Windows administrators in the know might be wondering why we haven't simply +used a `winrm quickconfig -q` command in the script above, as this would +*automatically* set up all of the required elements necessary for connecting +over WinRM. Why all the extra effort to configure things manually?
+Well, long and short, use of the `winrm quickconfig -q` command can sometimes +cause the Packer build to fail shortly after the WinRM connection is +established. How?
+1. Among other things, as well as setting up the listener for WinRM, the +quickconfig command also configures the firewall to allow management messages +to be sent over HTTP.
+2. This undoes the previous command in the script that configured the +firewall to prevent this access.
+3. The upshot is that the system is configured and ready to accept WinRM +connections earlier than intended.
+4. If Packer establishes its WinRM connection immediately after execution of +the 'winrm quickconfig -q' command, the later commands within the script that +restart the WinRM service will unceremoniously pull the rug out from under +the connection.
+5. While Packer does *a lot* to ensure the stability of its connection in to +your instance, this sort of abuse can prove to be too much and *may* cause +your Packer build to stall irrecoverably or fail! -The example config below shows the two different ways of using the powershell -provisioner: `inline` and `script`. -The first example, `inline`, allows you to provide short snippets of code, and -will create the script file for you. The second example allows you to run more -complex code by providing the path to a script to run on the guest vm. +Now we've got the business of getting Packer connected to our instance +taken care of, let's get on with the *real* reason we're doing all this, +which is actually configuring and customizing the instance. Again, we do this +with [Provisioners](/docs/provisioners/index.html). -Here's an example of a `sample_script.ps1` that will work with the environment -variables we will set in our packer config; copy the contents into your own -`sample_script.ps1` and provide the path to it in your packer config: +The example config below shows the two different ways of using the [PowerShell +provisioner](/docs/provisioners/powershell.html): `inline` and `script`. +The first example, `inline`, allows you to provide short snippets of code, and +will create the script file for you. The second example allows you to run more +complex code by providing the path to a script to run on the guest VM. -``` -Write-Output("PACKER_BUILD_NAME is automatically set for you,) -Write-Output("or you can set it in your builder variables; ) -Write-Output("the default for this builder is: " + $Env:PACKER_BUILD_NAME ) -Write-Output("Remember that escaping variables in powershell requires backticks: ) -Write-Output("for example, VAR1 from our config is " + $Env:VAR1 ) -Write-Output("Likewise, VAR2 is " + $Env:VAR2 ) -Write-Output("and VAR3 is " + $Env:VAR3 ) +Here's an example of a `sample_script.ps1` that will work with the environment +variables we will set in our build template; copy the contents into your own +`sample_script.ps1` and provide the path to it in your build template: + +```powershell +Write-Host "PACKER_BUILD_NAME is an env var Packer automatically sets for you." +Write-Host "...or you can set it in your builder variables." +Write-Host "The default for this builder is:" $Env:PACKER_BUILD_NAME + +Write-Host "The PowerShell provisioner will automatically escape characters" +Write-Host "considered special to PowerShell when it encounters them in" +Write-Host "your environment variables or in the PowerShell elevated" +Write-Host "username/password fields." +Write-Host "For example, VAR1 from our config is:" $Env:VAR1 +Write-Host "Likewise, VAR2 is:" $Env:VAR2 +Write-Host "VAR3 is:" $Env:VAR3 +Write-Host "Finally, VAR4 is:" $Env:VAR4 +Write-Host "None of the special characters needed escaping in the template" ``` -Next you need to create a packer config that will use this bootstrap file. See -the example below, which contains examples of using source_ami_filter for -windows in addition to the powershell and windows-restart provisioners: +Finally, we need to create the actual [build template]( +/docs/templates/index.html). +Remember, this template is the core configuration file that Packer uses to +understand what you want to build, and how you want to build it. -``` +As mentioned earlier, the specific builder we are using in this example +is the [Amazon EBS builder](/docs/builders/amazon-ebs.html). +The template below demonstrates use of the [`source_ami_filter`]( +/docs/builders/amazon-ebs.html#source_ami_filter) configuration option +available within the builder for automatically selecting the *latest* +suitable source Windows AMI provided by Amazon. +We also use the `user_data_file` configuration option provided by the builder +to reference the bootstrap file we created earlier. As you will recall, our +bootstrap file contained all the commands we needed to supply in advance of +actually spinning up the instance, so that later on, our instance is +configured to allow Packer to connect in to it. + +The `"provisioners"` section of the template demonstrates use of the +[powershell](/docs/provisioners/powershell.html) and +[windows-restart](/docs/provisioners/windows-restart.html) provisioners to +customize and control the build process: + +```json { "variables": { - "aws_access_key": "{{env `AWS_ACCESS_KEY_ID`}}", - "aws_secret_key": "{{env `AWS_SECRET_ACCESS_KEY`}}", - "region": "us-east-1" + "aws_access_key": "{{env `AWS_ACCESS_KEY_ID`}}", + "aws_secret_key": "{{env `AWS_SECRET_ACCESS_KEY`}}", + "region": "us-east-1" }, "builders": [ - { - "type": "amazon-ebs", - "access_key": "{{ user `aws_access_key` }}", - "secret_key": "{{ user `aws_secret_key` }}", - "region": "us-east-1", - "instance_type": "m3.medium", - "source_ami_filter": { - "filters": { - "virtualization-type": "hvm", - "name": "*WindowsServer2012R2*", - "root-device-type": "ebs" + { + "type": "amazon-ebs", + "access_key": "{{ user `aws_access_key` }}", + "secret_key": "{{ user `aws_secret_key` }}", + "region": "{{ user `region` }}", + "instance_type": "t2.micro", + "source_ami_filter": { + "filters": { + "virtualization-type": "hvm", + "name": "*Windows_Server-2012-R2*English-64Bit-Base*", + "root-device-type": "ebs" + }, + "most_recent": true, + "owners": "amazon" }, - "most_recent": true, - "owners": "amazon" - }, - "ami_name": "packer-demo-{{timestamp}}", - "user_data_file": "./bootstrap_win.txt", - "communicator": "winrm", - "winrm_username": "Administrator", - "winrm_password": "SuperS3cr3t!" - }], + "ami_name": "packer-demo-{{timestamp}}", + "user_data_file": "./bootstrap_win.txt", + "communicator": "winrm", + "winrm_username": "Administrator", + "winrm_password": "SuperS3cr3t!" + } + ], "provisioners": [ { "type": "powershell", "environment_vars": ["DEVOPS_LIFE_IMPROVER=PACKER"], - "inline": "Write-Output(\"HELLO NEW USER; WELCOME TO $Env:DEVOPS_LIFE_IMPROVER\")" + "inline": [ + "Write-Host \"HELLO NEW USER; WELCOME TO $Env:DEVOPS_LIFE_IMPROVER\"", + "Write-Host \"You need to use backtick escapes when using\"", + "Write-Host \"characters such as DOLLAR`$ directly in a command\"", + "Write-Host \"or in your own scripts.\"" + ] }, { "type": "windows-restart" @@ -421,54 +533,77 @@ windows in addition to the powershell and windows-restart provisioners: "script": "./sample_script.ps1", "type": "powershell", "environment_vars": [ - "VAR1=A`$Dollar", - "VAR2=A``Backtick", - "VAR3=A`'SingleQuote" + "VAR1=A$Dollar", + "VAR2=A`Backtick", + "VAR3=A'SingleQuote", + "VAR4=A\"DoubleQuote" ] } ] } ``` -Then `packer build firstrun.json` +Save the build template as `firstrun.json`. + +Next we need to set things up so that Packer is able to access and use our +AWS account. Set your access key and id as environment variables, so we +don't need to pass them in through the command line: + +``` +export AWS_ACCESS_KEY_ID=MYACCESSKEYID +export AWS_SECRET_ACCESS_KEY=MYSECRETACCESSKEY +``` + +Finally, we can create our new AMI by running `packer build firstrun.json` You should see output like this: ``` amazon-ebs output will be in this color. -==> amazon-ebs: Prevalidating AMI Name: packer-demo-1507234504 - amazon-ebs: Found Image ID: ami-d79776ad -==> amazon-ebs: Creating temporary keypair: packer_59d692c8-81f9-6a15-2502-0ca730980bed -==> amazon-ebs: Creating temporary security group for this instance: packer_59d692f0-dd01-6879-d8f8-7765327f5365 -==> amazon-ebs: Authorizing access to port 5985 on the temporary security group... +==> amazon-ebs: Prevalidating AMI Name: packer-demo-1518111383 + amazon-ebs: Found Image ID: ami-013e197b +==> amazon-ebs: Creating temporary keypair: packer_5a7c8a97-f27f-6708-cc3c-6ab9b4688b13 +==> amazon-ebs: Creating temporary security group for this instance: packer_5a7c8ab5-444c-13f2-0aa1-18d124cdb975 +==> amazon-ebs: Authorizing access to port 5985 from 0.0.0.0/0 in the temporary security group... ==> amazon-ebs: Launching a source AWS instance... ==> amazon-ebs: Adding tags to source instance amazon-ebs: Adding tag: "Name": "Packer Builder" - amazon-ebs: Instance ID: i-04467596029d0a2ff -==> amazon-ebs: Waiting for instance (i-04467596029d0a2ff) to become ready... + amazon-ebs: Instance ID: i-0c8c808a3b945782a +==> amazon-ebs: Waiting for instance (i-0c8c808a3b945782a) to become ready... ==> amazon-ebs: Skipping waiting for password since WinRM password set... ==> amazon-ebs: Waiting for WinRM to become available... amazon-ebs: WinRM connected. ==> amazon-ebs: Connected to WinRM! ==> amazon-ebs: Provisioning with Powershell... -==> amazon-ebs: Provisioning with powershell script: /var/folders/8t/0yb5q0_x6mb2jldqq_vjn3lr0000gn/T/packer-powershell-provisioner079851514 +==> amazon-ebs: Provisioning with powershell script: /var/folders/15/d0f7gdg13rnd1cxp7tgmr55c0000gn/T/packer-powershell-provisioner943573503 amazon-ebs: HELLO NEW USER; WELCOME TO PACKER + amazon-ebs: You need to use backtick escapes when using + amazon-ebs: characters such as DOLLAR$ directly in a command + amazon-ebs: or in your own scripts. ==> amazon-ebs: Restarting Machine ==> amazon-ebs: Waiting for machine to restart... - amazon-ebs: WIN-164614OO21O restarted. + amazon-ebs: WIN-NI8N45RPJ23 restarted. ==> amazon-ebs: Machine successfully restarted, moving on ==> amazon-ebs: Provisioning with Powershell... -==> amazon-ebs: Provisioning with powershell script: ./scripts/sample_script.ps1 - amazon-ebs: PACKER_BUILD_NAME is automatically set for you, or you can set it in your builder variables; the default for this builder is: amazon-ebs - amazon-ebs: Remember that escaping variables in powershell requires backticks; for example VAR1 from our config is A$Dollar - amazon-ebs: Likewise, VAR2 is A`Backtick - amazon-ebs: and VAR3 is A'SingleQuote +==> amazon-ebs: Provisioning with powershell script: ./sample_script.ps1 + amazon-ebs: PACKER_BUILD_NAME is an env var Packer automatically sets for you. + amazon-ebs: ...or you can set it in your builder variables. + amazon-ebs: The default for this builder is: amazon-ebs + amazon-ebs: The PowerShell provisioner will automatically escape characters + amazon-ebs: considered special to PowerShell when it encounters them in + amazon-ebs: your environment variables or in the PowerShell elevated + amazon-ebs: username/password fields. + amazon-ebs: For example, VAR1 from our config is: A$Dollar + amazon-ebs: Likewise, VAR2 is: A`Backtick + amazon-ebs: VAR3 is: A'SingleQuote + amazon-ebs: Finally, VAR4 is: A"DoubleQuote + amazon-ebs: None of the special characters needed escaping in the template ==> amazon-ebs: Stopping the source instance... amazon-ebs: Stopping instance, attempt 1 ==> amazon-ebs: Waiting for the instance to stop... -==> amazon-ebs: Creating the AMI: packer-demo-1507234504 - amazon-ebs: AMI: ami-2970b753 +==> amazon-ebs: Creating the AMI: packer-demo-1518111383 + amazon-ebs: AMI: ami-f0060c8a ==> amazon-ebs: Waiting for AMI to become ready... ==> amazon-ebs: Terminating the source AWS instance... ==> amazon-ebs: Cleaning up any extra volumes... @@ -479,10 +614,31 @@ Build 'amazon-ebs' finished. ==> Builds finished. The artifacts of successful builds are: --> amazon-ebs: AMIs were created: -us-east-1: ami-2970b753 +us-east-1: ami-f0060c8a ``` -And if you navigate to your EC2 dashboard you should see your shiny new AMI. +And if you navigate to your EC2 dashboard you should see your shiny new AMI +listed in the main window of the Images -> AMIs section. +Why stop there though? + +As you'll see, with one simple change to the template above, it's +just as easy to create your own Windows 2008 or Windows 2016 AMIs. Just +set the value for the name field within `source_ami_filter` as required: + +For Windows 2008 SP2: + +``` + "name": "*Windows_Server-2008-SP2*English-64Bit-Base*", +``` + +For Windows 2016: + +``` + "name": "*Windows_Server-2016-English-Full-Base*", +``` + +The bootstrapping and sample provisioning should work the same across all +Windows server versions. [platforms]: /docs/builders/index.html diff --git a/website/source/layouts/docs.erb b/website/source/layouts/docs.erb index 596a122b7..552b154ab 100644 --- a/website/source/layouts/docs.erb +++ b/website/source/layouts/docs.erb @@ -111,6 +111,9 @@ > ISO + > + VMCX + > @@ -119,6 +122,9 @@ > LXD + > + NAVER Cloud + > Null @@ -128,8 +134,16 @@ > OpenStack - > - Oracle OCI + > + Oracle + > Parallels @@ -148,6 +162,9 @@ > QEMU + > + Scaleway + > Triton diff --git a/website/source/layouts/guides.erb b/website/source/layouts/guides.erb index f842f51a6..1d5653c04 100644 --- a/website/source/layouts/guides.erb +++ b/website/source/layouts/guides.erb @@ -4,6 +4,23 @@ > Veewee to Packer + > + Build Immutable Infrastructure with Packer in CI/CD + <% end %> diff --git a/website/source/layouts/layout.erb b/website/source/layouts/layout.erb index ab0f53361..90ab477e0 100644 --- a/website/source/layouts/layout.erb +++ b/website/source/layouts/layout.erb @@ -27,23 +27,18 @@ <%= title_for(current_page) %> + + <%= stylesheet_link_tag "application" %> - - <%= javascript_include_tag "application" %> + + + <%= javascript_include_tag "application", defer: true %> - - - - - - + + <%= yield_content :head %> @@ -118,17 +113,6 @@ - -