Skip to content

Packer configurations for building VM templates on Proxmox

License

Notifications You must be signed in to change notification settings

jbowdre/packer-proxmox-templates

Repository files navigation

Packer

Build Linux server templates on Proxmox with Packer (proxmox-iso)

Requirements

Blog posts

Vault layout

To minimize the effort required to tailor deployments to your environment, this Packer setup assumes that you're storing all of your environment-specific information (not just sensitive credentials!) in Vault. You shouldn't really need to modify any of the variables stored in the .hcl files to get a functional build.

You should use a kv_v2 secrets engine mounted at packer. It should contain two secrets with the following key/value pairs:

proxmox contains values related to the Proxmox environment:
Key Example value Description
api_url https://proxmox1.example.com:8006/api2/json URL to the Proxmox API
insecure_connection true set to false if your Proxmox host has a valid certificate
iso_path local:iso path for (existing) ISO storage
iso_storage_pool local pool for storing created/uploaded ISOs
network_bridge vmbr0 bridge the VM's NIC will be attached to
node proxmox1 node name where the VM will be built
token_id packer@pve!packer ID for an API token, in the form USERNAME@REALM!TOKENNAME
token_secret 3fc69f[...]d2077eda secret key for the token
vm_storage_pool zfs-pool storage pool where the VM will be created
linux holds values for the created VM template(s)
Key Example value Description
bootloader_password bootplease Grub bootloader password to set
password_hash $6$rounds=4096$NltiNLKi[...]a7Shax41 hash of the build account's password (example generated with mkpasswd -m sha512crypt -R 4096)
public_key ssh-ed25519 AAAAC3NzaC1[...]lXLUI5I40 admin@example.com SSH public key for the user
username admin build account username

Building

Currently-supported OS flavors:

Local

To run a build locally, you'll need to first export a few Vault-related environment variables:

export VAULT_ADDR="https://vault.example.com/"    # your Vault server
export VAULT_NAMESPACE=""                         # (only need if using namespaces in Vault Enterprise)
export VAULT_TOKEN="hvs.abcdefg"                  # insert a Vault token ID

Alternatively, put those same export commands into a script called vault-env.sh which will be sourced automatically as needed.

Then just run ./build.sh [BUILD], where [BUILD] is one of the descriptors listed above. For example, to build Ubuntu 22.04:

./build.sh ubuntu2204

GitHub Actions

This repo contains a sample GitHub Actions workflow for running automated builds on a self-hosted runner configured with rootless Docker. The runner will need to have connectivity to the Vault server to be able to retrieve secrets.

NOTE Self-hosted runners should only be used on private GitHub repos. You don't want a PR from a fork to trigger arbitrary code execution on your infrastructure. This public repo is where I share my code with you, but I actually run the workflows from a private repo which is an otherwise exact copy of this one. So if you'd like to use this code for your own automated build process, clone it locally then push it to your own private GitHub repo.

Okay with that disclaimer out of the way, see my notes on runner configuration here.

About

Packer configurations for building VM templates on Proxmox

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published