Packer
Azure
@hashicorp
Packer can create Azure virtual machine images through variety of ways depending on the strategy that you want to use for building the images.
- Official
- HCP Ready
Updated 2 years ago
- GitHub(opens in new tab)
Azure
The Azure plugin can be used with HashiCorp Packer to create custom images on Azure. To do so, the plugin exposes multiple builders, among which you can choose the one most adapted to your workflow.
Components
Packer can create Azure virtual machine images through variety of ways depending on the strategy that you want to use for building the images.
Builders
- azure-arm - The Azure ARM builder supports building Virtual Hard Disks (VHDs) and Managed Images in Azure Resource Manager.
- azure-chroot - The Azure chroot builder supports building a managed disk image without launching a new Azure VM for every build, but instead use an already-running Azure VM.
- azure-dtl - The Azure DevTest Labs builder builds custom images and uploads them to DevTest Lab image repository automatically.
Provisioners
- azure-dtlartifact - The Azure DevTest Labs provisioner can be used to apply an artifact to a VM - See Add an artifact to a VM
Authentication
Config allows for various ways to authenticate Azure clients. When
client_id
and subscription_id
are specified in addition to one and only
one of the following: client_secret
, client_jwt
, client_cert_path
--
Packer will use the specified Azure Active Directory (AAD) Service Principal
(SP). If only use_interactive_auth
is specified, Packer will try to
interactively log on the current user (tokens will be cached). If none of
these options are specified, Packer will attempt to use the Managed Identity
and subscription of the VM that Packer is running on. This will only work if
Packer is running on an Azure VM with either a System Assigned Managed
Identity or User Assigned Managed Identity.
Managed Identity
If you're running Packer on an Azure VM with a managed identity you don't need to specify any additional configuration options. As Packer will attempt to use the Managed Identity and subscription of the VM that Packer is running on.
You can use a different subscription if you set subscription_id
. If your VM
has multiple user assigned managed identities you will need to set client_id
too.
Interactive User Authentication
To use interactive user authentication, you should specify
use_interactive_auth
only. Packer will use cached credentials or redirect you
to a website to log in.
Service Principal
To use a service principal
you should specify subscription_id
, client_id
and one of client_secret
,
client_cert_path
or client_jwt
.
subscription_id
(string) - Subscription under which the build will be performed. The service principal specified inclient_id
must have full access to this subscription, unless build_resource_group_name option is specified in which case it needs to have owner access to the existing resource group specified in build_resource_group_name parameter.client_id
(string) - The Active Directory service principal associated with your builder.client_secret
(string) - The password or secret for your service principal.client_cert_path
(string) - The location of a PEM file containing a certificate and private key for service principal.client_cert_token_timeout
(duration string | ex: "1h30m12s") - How long to set the expire time on the token created when usingclient_cert_path
.client_jwt
(string) - The bearer JWT assertion signed using a certificate associated with your service principal principal. See Azure Active Directory docs for more information.