Imagine a world where the next meltdown level vulnerability is announced and you have to patch your image 5 minutes ago. You calmly run a script to force approve patches in your patch manager and 45 minutes later the base template you deploy from in vSphere is updated and all new machines are based on the new image, all while you drink coffee and play the Block Game. Sounds pretty cool right? It’s definitely better than the old school way of:
- Installing Windows or Linux to a new virtual machine
- Performing your organizations steps to customize it
- Install patches
- Stage the system for customization
- Shut it down
- Mark it as a template
While the steps may very slightly depending on the exact platform you are leveraging: Linux, Windows, KVM, Azure. Or maybe you’ve scripted some of the steps. No matter where your process stands, at the end of the day this activity is a huge time suck, a huge potential for mistakes, and in no way contributes to a cloud way of working, which results in your platform looking like a pretty poor option to those desiring to do “cloud first.” Not only that, how can you prove to yourself or auditors that a given image is properly built according to defined standards and controls?
There are potentially many tools out there to help automate the image build process, and like many things in life; some are better than others. I’m about to walk you through the recipe I settled on and I think is best. Your mileage may vary.
This is the second post of a planned 4 part series:
- Let’s Build an image pipeline! (part 1) – Setting up the Jenkins CICD pipeline
- Let’s Build an image pipeline! (part 1.5) – Jenkins needs some credentials!
- Let’s Build an image pipeline! (part 2) – Customizing the code to your environment
- Let’s Build an image pipeline! (part 3) – How does packer work?
- Let’s Build an image pipeline! (part 4) – How do I do some other cool stuff with packer?