티스토리 뷰

Cloud/Private Cloud

Packer on OpenStack

jacobbaek Jacob_baek 2021. 2. 19. 21:37

관련 테스트 환경

  • Packer version : Packer v1.7.0
  • OpenStack Version : Victoria

Packer의 기본 workflow

  1. Cloud 상에 instance 생성
  2. 생성된 instance에 ISO 파일(혹은 cloud image)로 booting
  3. 기본 설정(network, keypair, securitygroup 등)을 생성/설정 완료후 provisioner로 instance에 custom 한 환경 구성
  4. custom 한 환경이 구성된 instance를 image로 생성

template 생성

  • builder: VirtualBox나 AWS등과 같은 실제 Image를 만들기 위한 장소 정보
  • porvisioners: 원하는 환경 구성을 위한 명령들(apt-get 과 같은)로 shell script 부터 ansible 같은 provisioning tool이 사용됨
  • post-processors: image 생성 이후 (vagrant로 image를 만들수 있음. 이는 중간과정에서 테스트를 수행하는 단계로 활용) 액션으로 (ex.vagrant)
  • 출처 : https://www.cloudbees.com/blog/packer-vagrant-tutorial/

OpenStack provider

앞서 설명한 workflow에 기반해 provider중에 OpenStack은 어떻게 구성해야할지에 대해 알아보도록 하자.
구성전 Packer로 OpenStack에 접근해야 하기에 아래와 같은 정보를 사전에 확인해두자.

root@deploy:~# openstack network list
+--------------------------------------+------------------+--------------------------------------+
| ID                                   | Name             | Subnets                              |
+--------------------------------------+------------------+--------------------------------------+
| 4fe06e01-384a-4ce5-8cbd-ebb9c8f6018d | internal-network | 15505b3f-b2da-4f75-9f69-544213679420 |
| 9d49d048-bd00-4647-b827-519e0a891053 | provider         | 7ce5b899-58d7-41f3-aa6a-1d1c0be0a9c2 |
+--------------------------------------+------------------+--------------------------------------+
root@deploy:~# openstack flavor list
+----+-----------+------+------+-----------+-------+-----------+
| ID | Name      |  RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+------+------+-----------+-------+-----------+
| 0  | m1.nano   | 1024 |   10 |         0 |     1 | True      |
| 1  | m2.medium | 2048 |   20 |         0 |     2 | True      |
| 2  | m4.large  | 4096 |   40 |         0 |     4 | True      |
+----+-----------+------+------+-----------+-------+-----------+
root@deploy:~# openstack image list
+--------------------------------------+----------------+--------+
| ID                                   | Name           | Status |
+--------------------------------------+----------------+--------+
| 4ec2c135-ba64-4a66-9194-c8976238066e | ubuntu-img | active |
+--------------------------------------+----------------+--------+

packer를 이용한 build 및 upload (shell 기반 provisioning)

packer build 수행전 image list이다.

root@deploy:~# openstack image list
+--------------------------------------+-------------------+--------+
| ID                                   | Name              | Status |
+--------------------------------------+-------------------+--------+
| 4ec2c135-ba64-4a66-9194-c8976238066e | ubuntu-img        | active |
+--------------------------------------+-------------------+--------+

packer를 이용해 build 및 upload 해보자. 진행될 작업에 대한 script은 다음과 같다.

# clouds.yaml을 이용한 방식(즉, 해당 경로에 clouds.yaml 존재필요)
[root@localhost packer]# cat ubuntu-openstack.json
{
  "builders": [{
      "type": "openstack",
      "cloud": "jacob-openstack",
      "image_name": "packer-test-image",                           # build된후 openstack에 upload 될 이미지 
      "source_image": "4ec2c135-ba64-4a66-9194-c8976238066e",      # ubuntu 기반으로 할것이기에 기존 upload 되어 있는 glance image id추가
      "flavor": "1",
      "networks": "4fe06e01-384a-4ce5-8cbd-ebb9c8f6018d",          # 기존 network중 router에 interface가 추가되어 있는 즉,fip를 연결할수 있는 network ID를 추가, list로 다수를 입력할수 있음
      "floating_ip_network": "provider",
      "instance_floating_ip_net": "internal-network",              # 앞서 networks 에 추가되어 있는 network 중에 router에 interface가 추가되어 있는 network
      "security_groups": ["default","jacob-sg"],                   # security group은 ssh 접속이 가능한 security group이 추가되어야 함
      "ssh_username": "ubuntu"
    }
  ],
  "provisioners": [{
      "type": "shell",
      "inline": [
        "sleep 30",
        "sudo apt-get update",
        "sudo apt-get install -y nginx"
      ]
    }
  ]
}

packer를 통한 build는 다음과 같이 수행할수 있다.

[root@localhost packer]# packer build ubuntu-openstack.json
openstack: output will be in this color.

==> openstack: Loading flavor: 1
    openstack: Verified flavor. ID: 1
==> openstack: Creating temporary keypair: packer_602f4e90-7dc1-5077-ef09-22d2f5782eab ...
==> openstack: Created temporary keypair: packer_602f4e90-7dc1-5077-ef09-22d2f5782eab
==> openstack: Launching server...
==> openstack: Launching server...
    openstack: Server ID: 58fc3496-6a87-4495-b64e-cf3f701f35a0
==> openstack: Waiting for server to become ready...
==> openstack: Creating floating IP using network 9d49d048-bd00-4647-b827-519e0a891053 ...
    openstack: Created floating IP: '0537c2ea-a6a4-4cd0-895d-00a692259e25' (172.16.100.227)
==> openstack: Associating floating IP '0537c2ea-a6a4-4cd0-895d-00a692259e25' (172.16.100.227) with instance port...
    openstack: Added floating IP '0537c2ea-a6a4-4cd0-895d-00a692259e25' (172.16.100.227) to instance!
==> openstack: Using ssh communicator to connect: 172.16.100.227
==> openstack: Waiting for SSH to become available...
==> openstack: Connected to SSH!
==> openstack: Provisioning with shell script: /tmp/packer-shell778059699
    openstack: Get:1 http://security.ubuntu.com/ubuntu focal-security InRelease [109 kB]
    openstack: Hit:2 http://nova.clouds.archive.ubuntu.com/ubuntu focal InRelease
    openstack: Get:3 http://nova.clouds.archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]
    openstack: Get:4 http://nova.clouds.archive.ubuntu.com/ubuntu focal-backports InRelease [101 kB]
    openstack: Get:5 http://nova.clouds.archive.ubuntu.com/ubuntu focal/universe amd64 Packages [8628 kB]
    openstack: Get:6 http://nova.clouds.archive.ubuntu.com/ubuntu focal/universe Translation-en [5124 kB]
    openstack: Get:7 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages [497 kB]
    openstack: Get:8 http://nova.clouds.archive.ubuntu.com/ubuntu focal/universe amd64 c-n-f Metadata [265 kB]
    openstack: Get:9 http://nova.clouds.archive.ubuntu.com/ubuntu focal/multiverse amd64 Packages [144 kB]
    openstack: Get:10 http://nova.clouds.archive.ubuntu.com/ubuntu focal/multiverse Translation-en [104 kB]
    openstack: Get:11 http://nova.clouds.archive.ubuntu.com/ubuntu focal/multiverse amd64 c-n-f Metadata [9136 B]
    openstack: Get:12 http://security.ubuntu.com/ubuntu focal-security/main Translation-en [109 kB]
    openstack: Get:13 http://security.ubuntu.com/ubuntu focal-security/main amd64 c-n-f Metadata [7060 B]
    openstack: Get:14 http://security.ubuntu.com/ubuntu focal-security/universe amd64 Packages [541 kB]
    openstack: Get:15 http://nova.clouds.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages [814 kB]
    openstack: Get:16 http://security.ubuntu.com/ubuntu focal-security/universe Translation-en [77.3 kB]
    openstack: Get:17 http://nova.clouds.archive.ubuntu.com/ubuntu focal-updates/main Translation-en [197 kB]
    openstack: Get:18 http://nova.clouds.archive.ubuntu.com/ubuntu focal-updates/main amd64 c-n-f Metadata [12.7 kB]
    openstack: Get:19 http://nova.clouds.archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages [745 kB]
    openstack: Get:20 http://nova.clouds.archive.ubuntu.com/ubuntu focal-updates/universe Translation-en [154 kB]
    openstack: Get:21 http://security.ubuntu.com/ubuntu focal-security/universe amd64 c-n-f Metadata [10.3 kB]
    openstack: Get:22 http://nova.clouds.archive.ubuntu.com/ubuntu focal-updates/universe amd64 c-n-f Metadata [16.0 kB]
    openstack: Get:23 http://nova.clouds.archive.ubuntu.com/ubuntu focal-updates/multiverse amd64 Packages [16.9 kB]
    openstack: Get:24 http://nova.clouds.archive.ubuntu.com/ubuntu focal-updates/multiverse Translation-en [5076 B]
    openstack: Get:25 http://nova.clouds.archive.ubuntu.com/ubuntu focal-updates/multiverse amd64 c-n-f Metadata [536 B]
    openstack: Get:26 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64 Packages [10.4 kB]
    openstack: Get:27 http://security.ubuntu.com/ubuntu focal-security/multiverse Translation-en [2876 B]
    openstack: Get:28 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64 c-n-f Metadata [284 B]
    openstack: Get:29 http://nova.clouds.archive.ubuntu.com/ubuntu focal-backports/main amd64 c-n-f Metadata [112 B]
    openstack: Get:30 http://nova.clouds.archive.ubuntu.com/ubuntu focal-backports/restricted amd64 c-n-f Metadata [116 B]
    openstack: Get:31 http://nova.clouds.archive.ubuntu.com/ubuntu focal-backports/universe amd64 Packages [4032 B]
    openstack: Get:32 http://nova.clouds.archive.ubuntu.com/ubuntu focal-backports/universe Translation-en [1448 B]
    openstack: Get:33 http://nova.clouds.archive.ubuntu.com/ubuntu focal-backports/universe amd64 c-n-f Metadata [224 B]
    openstack: Get:34 http://nova.clouds.archive.ubuntu.com/ubuntu focal-backports/multiverse amd64 c-n-f Metadata [116 B]
    openstack: Fetched 17.8 MB in 29s (623 kB/s)
    openstack: Reading package lists...
    openstack: Reading package lists...
    openstack: Building dependency tree...
    openstack: Reading state information...
    openstack: The following additional packages will be installed:
    openstack:   fontconfig-config fonts-dejavu-core libfontconfig1 libgd3 libjbig0
    openstack:   libjpeg-turbo8 libjpeg8 libnginx-mod-http-image-filter
    openstack:   libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream libtiff5
    openstack:   libwebp6 libxpm4 nginx-common nginx-core
    openstack: Suggested packages:
    openstack:   libgd-tools fcgiwrap nginx-doc ssl-cert
    openstack: The following NEW packages will be installed:
    openstack:   fontconfig-config fonts-dejavu-core libfontconfig1 libgd3 libjbig0
    openstack:   libjpeg-turbo8 libjpeg8 libnginx-mod-http-image-filter
    openstack:   libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream libtiff5
    openstack:   libwebp6 libxpm4 nginx nginx-common nginx-core
    openstack: 0 upgraded, 17 newly installed, 0 to remove and 6 not upgraded.
    openstack: Need to get 2431 kB of archives.
    openstack: After this operation, 7891 kB of additional disk space will be used.
    openstack: Get:1 http://nova.clouds.archive.ubuntu.com/ubuntu focal/main amd64 fonts-dejavu-core all 2.37-1 [1041 kB]
    openstack: Get:2 http://nova.clouds.archive.ubuntu.com/ubuntu focal/main amd64 fontconfig-config all 2.13.1-2ubuntu3 [28.8 kB]
    openstack: Get:3 http://nova.clouds.archive.ubuntu.com/ubuntu focal/main amd64 libfontconfig1 amd64 2.13.1-2ubuntu3 [114 kB]
    openstack: Get:4 http://nova.clouds.archive.ubuntu.com/ubuntu focal-updates/main amd64 libjpeg-turbo8 amd64 2.0.3-0ubuntu1.20.04.1 [117 kB]
    openstack: Get:5 http://nova.clouds.archive.ubuntu.com/ubuntu focal/main amd64 libjpeg8 amd64 8c-2ubuntu8 [2194 B]
    openstack: Get:6 http://nova.clouds.archive.ubuntu.com/ubuntu focal/main amd64 libjbig0 amd64 2.1-3.1build1 [26.7 kB]
    openstack: Get:7 http://nova.clouds.archive.ubuntu.com/ubuntu focal/main amd64 libwebp6 amd64 0.6.1-2 [185 kB]
    openstack: Get:8 http://nova.clouds.archive.ubuntu.com/ubuntu focal/main amd64 libtiff5 amd64 4.1.0+git191117-2build1 [161 kB]
    openstack: Get:9 http://nova.clouds.archive.ubuntu.com/ubuntu focal/main amd64 libxpm4 amd64 1:3.5.12-1 [34.0 kB]
    openstack: Get:10 http://nova.clouds.archive.ubuntu.com/ubuntu focal/main amd64 libgd3 amd64 2.2.5-5.2ubuntu2 [118 kB]
    openstack: Get:11 http://nova.clouds.archive.ubuntu.com/ubuntu focal-updates/main amd64 nginx-common all 1.18.0-0ubuntu1 [37.3 kB]
    openstack: Get:12 http://nova.clouds.archive.ubuntu.com/ubuntu focal-updates/main amd64 libnginx-mod-http-image-filter amd64 1.18.0-0ubuntu1 [14.3 kB]
    openstack: Get:13 http://nova.clouds.archive.ubuntu.com/ubuntu focal-updates/main amd64 libnginx-mod-http-xslt-filter amd64 1.18.0-0ubuntu1 [12.6 kB]
    openstack: Get:14 http://nova.clouds.archive.ubuntu.com/ubuntu focal-updates/main amd64 libnginx-mod-mail amd64 1.18.0-0ubuntu1 [42.3 kB]
    openstack: Get:15 http://nova.clouds.archive.ubuntu.com/ubuntu focal-updates/main amd64 libnginx-mod-stream amd64 1.18.0-0ubuntu1 [66.9 kB]
    openstack: Get:16 http://nova.clouds.archive.ubuntu.com/ubuntu focal-updates/main amd64 nginx-core amd64 1.18.0-0ubuntu1 [425 kB]
    openstack: Get:17 http://nova.clouds.archive.ubuntu.com/ubuntu focal-updates/main amd64 nginx all 1.18.0-0ubuntu1 [3624 B]
==> openstack: debconf: unable to initialize frontend: Dialog
==> openstack: debconf: (Dialog frontend will not work on a dumb terminal, an emacs shell buffer, or without a controlling terminal.)
==> openstack: debconf: falling back to frontend: Readline
==> openstack: debconf: unable to initialize frontend: Readline
==> openstack: debconf: (This frontend requires a controlling tty.)
==> openstack: debconf: falling back to frontend: Teletype
==> openstack: dpkg-preconfigure: unable to re-open stdin:
    openstack: Fetched 2431 kB in 3s (752 kB/s)
    openstack: Selecting previously unselected package fonts-dejavu-core.
    openstack: (Reading database ... 63409 files and directories currently installed.)
    openstack: Preparing to unpack .../00-fonts-dejavu-core_2.37-1_all.deb ...
    openstack: Unpacking fonts-dejavu-core (2.37-1) ...
    openstack: Selecting previously unselected package fontconfig-config.
    openstack: Preparing to unpack .../01-fontconfig-config_2.13.1-2ubuntu3_all.deb ...
    openstack: Unpacking fontconfig-config (2.13.1-2ubuntu3) ...
    openstack: Selecting previously unselected package libfontconfig1:amd64.
    openstack: Preparing to unpack .../02-libfontconfig1_2.13.1-2ubuntu3_amd64.deb ...
    openstack: Unpacking libfontconfig1:amd64 (2.13.1-2ubuntu3) ...
    openstack: Selecting previously unselected package libjpeg-turbo8:amd64.
    openstack: Preparing to unpack .../03-libjpeg-turbo8_2.0.3-0ubuntu1.20.04.1_amd64.deb ...
    openstack: Unpacking libjpeg-turbo8:amd64 (2.0.3-0ubuntu1.20.04.1) ...
    openstack: Selecting previously unselected package libjpeg8:amd64.
    openstack: Preparing to unpack .../04-libjpeg8_8c-2ubuntu8_amd64.deb ...
    openstack: Unpacking libjpeg8:amd64 (8c-2ubuntu8) ...
    openstack: Selecting previously unselected package libjbig0:amd64.
    openstack: Preparing to unpack .../05-libjbig0_2.1-3.1build1_amd64.deb ...
    openstack: Unpacking libjbig0:amd64 (2.1-3.1build1) ...
    openstack: Selecting previously unselected package libwebp6:amd64.
    openstack: Preparing to unpack .../06-libwebp6_0.6.1-2_amd64.deb ...
    openstack: Unpacking libwebp6:amd64 (0.6.1-2) ...
    openstack: Selecting previously unselected package libtiff5:amd64.
    openstack: Preparing to unpack .../07-libtiff5_4.1.0+git191117-2build1_amd64.deb ...
    openstack: Unpacking libtiff5:amd64 (4.1.0+git191117-2build1) ...
    openstack: Selecting previously unselected package libxpm4:amd64.
    openstack: Preparing to unpack .../08-libxpm4_1%3a3.5.12-1_amd64.deb ...
    openstack: Unpacking libxpm4:amd64 (1:3.5.12-1) ...
    openstack: Selecting previously unselected package libgd3:amd64.
    openstack: Preparing to unpack .../09-libgd3_2.2.5-5.2ubuntu2_amd64.deb ...
    openstack: Unpacking libgd3:amd64 (2.2.5-5.2ubuntu2) ...
    openstack: Selecting previously unselected package nginx-common.
    openstack: Preparing to unpack .../10-nginx-common_1.18.0-0ubuntu1_all.deb ...
    openstack: Unpacking nginx-common (1.18.0-0ubuntu1) ...
    openstack: Selecting previously unselected package libnginx-mod-http-image-filter.
    openstack: Preparing to unpack .../11-libnginx-mod-http-image-filter_1.18.0-0ubuntu1_amd64.deb ...
    openstack: Unpacking libnginx-mod-http-image-filter (1.18.0-0ubuntu1) ...
    openstack: Selecting previously unselected package libnginx-mod-http-xslt-filter.
    openstack: Preparing to unpack .../12-libnginx-mod-http-xslt-filter_1.18.0-0ubuntu1_amd64.deb ...
    openstack: Unpacking libnginx-mod-http-xslt-filter (1.18.0-0ubuntu1) ...
    openstack: Selecting previously unselected package libnginx-mod-mail.
    openstack: Preparing to unpack .../13-libnginx-mod-mail_1.18.0-0ubuntu1_amd64.deb ...
    openstack: Unpacking libnginx-mod-mail (1.18.0-0ubuntu1) ...
    openstack: Selecting previously unselected package libnginx-mod-stream.
    openstack: Preparing to unpack .../14-libnginx-mod-stream_1.18.0-0ubuntu1_amd64.deb ...
    openstack: Unpacking libnginx-mod-stream (1.18.0-0ubuntu1) ...
    openstack: Selecting previously unselected package nginx-core.
    openstack: Preparing to unpack .../15-nginx-core_1.18.0-0ubuntu1_amd64.deb ...
    openstack: Unpacking nginx-core (1.18.0-0ubuntu1) ...
    openstack: Selecting previously unselected package nginx.
    openstack: Preparing to unpack .../16-nginx_1.18.0-0ubuntu1_all.deb ...
    openstack: Unpacking nginx (1.18.0-0ubuntu1) ...
    openstack: Setting up libxpm4:amd64 (1:3.5.12-1) ...
    openstack: Setting up nginx-common (1.18.0-0ubuntu1) ...
    openstack: debconf: unable to initialize frontend: Dialog
    openstack: debconf: (Dialog frontend will not work on a dumb terminal, an emacs shell buffer, or without a controlling terminal.)
    openstack: debconf: falling back to frontend: Readline
    openstack: Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /lib/systemd/system/nginx.service.
    openstack: Setting up libjbig0:amd64 (2.1-3.1build1) ...
    openstack: Setting up libnginx-mod-http-xslt-filter (1.18.0-0ubuntu1) ...
    openstack: Setting up libwebp6:amd64 (0.6.1-2) ...
    openstack: Setting up fonts-dejavu-core (2.37-1) ...
    openstack: Setting up libjpeg-turbo8:amd64 (2.0.3-0ubuntu1.20.04.1) ...
    openstack: Setting up libjpeg8:amd64 (8c-2ubuntu8) ...
    openstack: Setting up libnginx-mod-mail (1.18.0-0ubuntu1) ...
    openstack: Setting up fontconfig-config (2.13.1-2ubuntu3) ...
    openstack: Setting up libnginx-mod-stream (1.18.0-0ubuntu1) ...
    openstack: Setting up libtiff5:amd64 (4.1.0+git191117-2build1) ...
    openstack: Setting up libfontconfig1:amd64 (2.13.1-2ubuntu3) ...
    openstack: Setting up libgd3:amd64 (2.2.5-5.2ubuntu2) ...
    openstack: Setting up libnginx-mod-http-image-filter (1.18.0-0ubuntu1) ...
    openstack: Setting up nginx-core (1.18.0-0ubuntu1) ...
    openstack: Setting up nginx (1.18.0-0ubuntu1) ...
    openstack: Processing triggers for ufw (0.36-6) ...
    openstack: Processing triggers for systemd (245.4-4ubuntu3.4) ...
    openstack: Processing triggers for man-db (2.9.1-1) ...
    openstack: Processing triggers for libc-bin (2.31-0ubuntu9.2) ...
==> openstack: Stopping server: 58fc3496-6a87-4495-b64e-cf3f701f35a0 ...
    openstack: Waiting for server to stop: 58fc3496-6a87-4495-b64e-cf3f701f35a0 ...
==> openstack: Creating the image: packer-test-image
    openstack: Image: 58258c1d-0422-4a5d-a1ce-88675f5ea9b9
==> openstack: Waiting for image packer-test-image (image id: 58258c1d-0422-4a5d-a1ce-88675f5ea9b9) to become ready...
==> openstack: Deleted temporary floating IP '0537c2ea-a6a4-4cd0-895d-00a692259e25' (172.16.100.227)
==> openstack: Terminating the source server: 58fc3496-6a87-4495-b64e-cf3f701f35a0 ...
==> openstack: Deleting temporary keypair: packer_602f4e90-7dc1-5077-ef09-22d2f5782eab ...
Build 'openstack' finished after 7 minutes 42 seconds.

==> Wait completed after 7 minutes 42 seconds

==> Builds finished. The artifacts of successful builds are:
--> openstack: An image was created: 58258c1d-0422-4a5d-a1ce-88675f5ea9b9

Packer를 이용한 build 및 upload 과정이 완료된 후 아래와 같은 이미지가 추가된것을 확인할 수 있다.

root@deploy:~# openstack image list
+--------------------------------------+-------------------+--------+
| ID                                   | Name              | Status |
+--------------------------------------+-------------------+--------+
| 4ec2c135-ba64-4a66-9194-c8976238066e | ubuntu-img        | active |
| 58258c1d-0422-4a5d-a1ce-88675f5ea9b9 | packer-test-image | active |
+--------------------------------------+-------------------+--------+

packer를 이용한 build 및 upload (ansible 기반 provisioning)

ansible 기반으로 provisioning을 수행하는 과정에 대하여 알아보자.
앞서 shell 기반으로 배포할때와 동일한 builder를 선언하고 provisioners 만 ansible로 변경한다.

# clouds.yaml을 이용한 방식(즉, 해당 경로에 clouds.yaml 존재필요)
[root@localhost packer]# cat ubuntu-openstack-ansible.json
{
  "builders": [{
      "type": "openstack",
      "cloud": "jacob-openstack",
      "image_name": "packer-test-image-ansible",
      "source_image": "4ec2c135-ba64-4a66-9194-c8976238066e",
      "flavor": "1",
      "networks": "4fe06e01-384a-4ce5-8cbd-ebb9c8f6018d",
      "floating_ip_network": "provider",
      "instance_floating_ip_net": "internal-network",
      "security_groups": ["default","jacob-sg"],
      "ssh_username": "ubuntu"
    }
  ],
  "provisioners": [{
      "type": "ansible",
      "user": "ubuntu",
      "playbook_file": "./playbook.yml"
    }
  ]
}

아무래도 cloud image이기 때문에 직접적으로 root 로 접근이 불가하다. 하여 사용자를 지정해주고
package 설치와 같은 권한 상승이 필요한 경우에는 다음과 같은 sudo 에 대한 내용도 playbook내 들어가야 한다.

  • playbooks에 들어갈 내용

    hosts: all 
    gather_facts: no 
    become: yes 
    become_method: sudo
  • Packer build 시 사용될 json에 들어갈 내용

    {
      ...
      "provisioners": [{ 
        "type": "ansible",
        "user": "ubuntu",
        "playbook_file": "./playbook.yml"
      }]
    }

이후 shell 기반과 동일하게 build를 수행하면 image build 및 upload가 완료되어진다.

[root@localhost packer]# packer build ubuntu-openstack-ansible.json
openstack: output will be in this color.

==> openstack: Loading flavor: 1
    openstack: Verified flavor. ID: 1
==> openstack: Creating temporary keypair: packer_602fad10-7c66-7561-ad5b-e405db89ac7a ...
==> openstack: Created temporary keypair: packer_602fad10-7c66-7561-ad5b-e405db89ac7a
==> openstack: Launching server...
==> openstack: Launching server...
    openstack: Server ID: 32cdf04a-7aa8-45cc-a491-6428e34cd426
==> openstack: Waiting for server to become ready...

...

Build 'openstack' finished after 31 minutes 5 seconds.

==> Wait completed after 3 minutes 5 seconds

==> Builds finished. The artifacts of successful builds are:
--> openstack: An image was created: cb973c05-1f88-47ae-9376-5df48ba5388e

ansible-playbook 내에 hosts
ansible 을 packer와 같은 도구로 돌릴때 hosts 를 뭐로 주어야할지 고민이 된다.
아래링크를 참고하면 기본적으로는 all을 주면 되며 기존에 사용중이던 playbook을 그대로 사용하고자 할 경우는 사전에 정의되어 있는 group을 주어도 무방하다.

간단한 Ansible provisioning 방식
ansible provisioner는 local에서 ssh로 연결되는 proxy를 구성하여 연결 및 playbook을 통한 deploy를 수행한다.
실제 ansible-playbook 실행과함께 다음과 같은 log가 출력되고

    openstack: <127.0.0.1> ESTABLISH SSH CONNECTION FOR USER: ubuntu
    openstack: <127.0.0.1> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=45621 -o 'IdentityFile="/tmp/ansible-key864486461"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="ubuntu"' -o ConnectTimeout=10 '-o IdentitiesOnly=yes' -o ControlPath=/root/.ansible/cp/5d0e3e40eb -tt 127.0.0.1 '/bin/sh -c '"'"'sudo -H -S -n  -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-cpobeeiuobuvpicxfzjilwkpuoehoyai ; /usr/bin/python3 /home/ubuntu/.ansible/tmp/ansible-tmp-1613735284.9892166-26640-164669780770662/AnsiballZ_apt.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
    openstack: Escalation succeeded

당시 packer를 구동하는 서버에서 직접 port listen을 확인해보면 다음과 같이 packer에 의한 동일 port가 listen되게 된다.

[root@localhost ubuntu-20.04]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:45621         0.0.0.0:*               LISTEN      24093/packer

하여 임시로 생성하는 inventory 또한 ansible_host를 127.0.0.1로 잡게 되고 포트만 기본포트(22)가 아닌 별도의 port로 연결하게 된다.

만약 troubleshooting이 필요한 경우라면 -debug 옵션을 packer build 명령과 같이 수행하면 아래와 같은 파일이 실제 ssh 연결과 함께 생성된다. 이는 private key로 ssh 접속테스트를 수행해볼수 있다.

참고사항

JSON vs HCL

현재 json으로 생성한 packer script은 hcl로 변환이 명령어 하나로 가능하다.

[root@localhost packer]# packer hcl2_upgrade ubuntu-openstack-ansible.json
Successfully created ubuntu-openstack-ansible.json.pkr.hcl

[root@localhost packer]# cat ubuntu-openstack-ansible.json.pkr.hcl

source "openstack" "autogenerated_1" {
  cloud                    = "kolla-openstack"
  flavor                   = "1"
  floating_ip_network      = "provider"
  image_name               = "packer-test-image-ansible"
  instance_floating_ip_net = "internal-network"
  networks                 = "4fe06e01-384a-4ce5-8cbd-ebb9c8f6018d"
  security_groups          = ["default", "jacob-sg"]
  source_image             = "4ec2c135-ba64-4a66-9194-c8976238066e"
  ssh_username             = "ubuntu"
}

build {
  sources = ["source.openstack.autogenerated_1"]

  provisioner "ansible" {
    playbook_file = "./playbook.yml"
    user          = "ubuntu"
  }

}

Hashicorp 전용 언어 이기에 hcl로 만드는것이 앞으로 지원여부에서 더 좋지 않을까 추측해본다.

ansible provisioner version issue

ansible provisioner의 경우 2.8 버전부터 packer로 build 시 task가 완료되지 않는 이슈가 있다.
하여 2.7.x로 downgrade 하여 사용하던지

shell_local을 통해 직접 ansible-playbook 명령을 수행하도록 해야 한다.
(아래 링크를 참고하여 hosts 파일을 생성하여 playbook 실행이 가능하도록 한다.)

shell_local을 사용하는 예제는 다음과 같다.
ansible.cfg 파일을 사전에 생성해놓는다.

[all:vars]
ansible_user=ubuntu
ansible_ssh_pass=password123

이후 packer json 파일을 아래와 같은 방식으로 작성한다.

  "builders": [{
      "type": "openstack",
      "cloud": "dev-stage",
      "image_name": "{{ user `image_name` }}",
      "source_image": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
      "flavor": "1",
      "networks": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
      "floating_ip_network": "provider",
      "instance_floating_ip_net": "internal-network",
      "security_groups": ["default","jacob-sg"],
      "user_data_file": "userdata",
      "ssh_username": "ubuntu",
      "ssh_password": "password123"
  ...
  "provisioners": [
    {
      "type": "shell",
      "inline": "curl -L http://169.254.169.254/2009-04-04/meta-data/public-ipv4 -o /tmp/floatingIP > /dev/null 2>&1"
    },
    {
      "type": "file",
      "direction": "download",
      "source": "/tmp/floatingIP",
      "destination": "hosts"
    },
    {
      "type": "shell-local",
      "environment_vars": ["IMAGENAME={{ user `image_name` }}"],
      "inline": [
        "echo \"\n\n[all:vars]\nansible_user=ubuntu\nansible_ssh_pass=password\" >> hosts",
        "ansible -i hosts -m ping all"]
    }
  ], 

아래는 userdata로 패스워드를 지정하는 부분이다.

#cloud-config
ssh_pwauth: true
users:
  - default
  - name: ubuntu
    sudo: ALL=(ALL) NOPASSWD:ALL
    groups: sudo
    shell: /bin/bash
chpasswd:
  list: |
    ubuntu:password123
  expire: False

참고로 위 과정을 거치기 위해서는 sshpass를 사전에 설치해야 한다.

참고사이트

'Cloud > Private Cloud' 카테고리의 다른 글

openstack instance build stuck  (0) 2021.02.24
kolla-ansible with elasticsearch  (0) 2021.02.23
Packer on OpenStack  (0) 2021.02.19
gophercloud sdk  (0) 2021.02.08
prometheus alertmanager workflow  (0) 2020.12.28
Jenkins pipeline for Terraform OpenStack  (0) 2020.11.04
댓글
댓글쓰기 폼