Packer
Outscale
@outscale
Use Packer to create Outscale OMIs.
- Partner
Updated 10 months ago
- GitHub(opens in new tab)
Outscale
The Outscale Packer Plugin is able to create Outscale OMIs. To achieve this, the plugin comes with multiple builders depending on the strategy you want to use to build the OMI. Packer supports the following builders at the moment:
Installation
To install this plugin, copy and paste this code into your Packer configuration, then run packer init
.
packer {
required_plugins {
outscale = {
version = "~> 1"
source = "github.com/outscale/outscale"
}
}
}
Alternatively, you can use packer plugins install
to manage installation of this plugin.
$ packer plugins install github.com/outscale/outscale
TLDR for Dev:
you can set environement variable PACKER_PLUGIN_PATH to outscale_packer_plugins directory.
If you do that, you can remove required_plugins
from packer file.
Components
Builders
Don't know which builder to use? If in doubt, use the osc-bsu builder. It is much easier to use and Outscale generally recommends BSU-backed images nowadays.
- outscale-bsu - Create BSU-backed OMIs by launching a source OMI and re-packaging it into a new OMI after provisioning. If in doubt, use this builder, which is the easiest to get started with.
- outscale-chroot - Create EBS-backed OMIs from an existing OUTSCALE VM by mounting the root device and using a Chroot environment to provision that device. This is an advanced builder and should not be used by newcomers. However, it is also the fastest way to build an EBS-backed OMI since no new OUTSCALE VM needs to be launched.
- outscale-bsusurrogate - Create BSU-backed OMIs from scratch. Works similarly to the
chroot
builder but does not require running in Outscale VM. This is an advanced builder and should not be used by newcomers. - outscale-bsuvolume - Create EBS volumes by launching a source OMI with block devices mapped. Provision the VM, then destroy it, retaining the EBS volumes.
Data Sources
- outscale-omi - The Outscale OMI Data source will filter and fetch an Outscale OMI.
Authentication
The OUTSCALE provider offers a flexible means of providing credentials for authentication. The following methods are supported, in this order, and explained below:
- Static credentials
- Environment variables
- Shared credentials file
- Outscale Role
Static Credentials
Static credentials can be provided in the form of an access key id and secret. These look like:
{
"access_key": "XXX_ACCESS_KEY_XXX",
"secret_key": "XXX_SECRET_KEY_XXX",
"region": "us-east-1",
"type": "outscale-bsu",
"custom_endpoint_oapi": "outscale.com/oapi/latest"
}
Environment variables
You can provide your credentials via the OUTSCALE_ACCESSKEYID
and
OUTSCALE_SECRETKEYID
, environment variables, representing your Outscale Access
Key and Outscale Secret Key, respectively. The OUTSCALE_REGION
and
OUTSCALE_OAPI_URL
environment variables are also used, if applicable:
Usage:
$ export OUTSCALE_ACCESSKEYID="XXX_ACCESS_KEY_XXX"
$ export OUTSCALE_SECRETKEYID="XXX_SECRET_KEY_XXX"
$ export OUTSCALE_REGION="eu-west-2"
$ packer build template.pkr.hcl
x509 Certificate Authentication
Outscale API now supports x509 Client certificate authentication, in addition of traditional AK/SK HMAC based auth.
This adds an additional layer of security, especially desirable on SecNumCloud compliant regions (cloudgouv-eu-west-1
).
You can set this certificates either by environment variables or by the static credentials inside the Packer configuration file.
Environment variables
export OUTSCALE_X509CERT="the/path/to/your/x509cert"
export OUTSCALE_X509KEY="the/path/to/your/x509key"
Static Credentials
{
"x509_cert_path": "the/path/to/your/x509cert",
"x509_key_path": "the/path/to/your/x509key",
"region": "cloudgouv-eu-west-1",
"type": "outscale-bsu"
}
Checking that system time is current
Outscale uses the current time as part of the request signing process. If your system clock is too skewed from the current time, your requests might fail. If that's the case, you might see an error like this:
==> outscale-bsu: Error querying OMI: AuthFailure: OUTSCALE was not able to validate the provided access credentials
If you suspect your system's date is wrong, you can compare it against
https://www.time.gov/. On Linux/OS X, you can run the date
command to get
the current time. If you're on Linux, you can try setting the time with ntp by
running sudo ntpd -q
.