v1.0.0, added HCP packer integration (#1)

Signed-off-by: Glen Yu <glen.yu@gmail.com>

Author: Neutrollized

.github/workflows/packer.yaml

@@ -6,7 +6,11 @@ on:
     paths-ignore: ['**/README.md','**/CHANGELOG.md', 'terraform/*']
 
 env:
-  PRODUCT_VERSION: "1.9.5" # or: "latest"
+  PRODUCT_VERSION: "1.11.2" # or: "latest"
+  HCP_ORGANIZATION_ID: '${{ secrets.HCP_ORGANIZATION_ID }}'
+  HCP_PROJECT_ID: '${{ secrets.HCP_PROJECT_ID }}'
+  HCP_CLIENT_ID: '${{ secrets.HCP_CLIENT_ID }}'
+  HCP_CLIENT_SECRET: '${{ secrets.HCP_CLIENT_SECRET }}'
 
 
 jobs:

CHANGELOG.md

@@ -5,6 +5,20 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
 
+## [1.0.0] - 2024-12-13
+### Added
+- [HCP Packer integration](https://github.com/Neutrollized/packer-gcp-with-githubactions/blob/main/README.md#hcp-packer-integration)!  Now image metadata is being sent and stored in HCP Packer.
+### Changed
+- Updated Packer version from `1.9.5` to `1.11.2`
+- Updated `source_image_family` from `debian-11` to `debian-12`
+- Increasing the `pause_before` time from `10s` to `30s` to ensure sufficient wait time after reboots
+- Updated Consul version from `1.19.2` to `1.20.1`
+- Updated Nomad version from `1.8.4` to `1.9.3`
+- Updated Vault version from `1.17.6` to `1.18.2`
+- fluentd [Logging agent](https://cloud.google.com/logging/docs/agent/logging) in the Nomad client image is considered legacy and has been replaced by Ops Agent
+### Removed
+- Packer variable, `google_fluentd_version`
+
 ## [0.11.2] - 2024-09-30
 ### Changed
 - Updated Consul version from `1.19.1` to `1.19.2`

README.md

@@ -53,6 +53,19 @@ jobs:
 ```
 
 
+## HCP Packer integration
+- [What is HCP Packer?](https://developer.hashicorp.com/hcp/docs/packer)
+- [Setup / Requirements](https://developer.hashicorp.com/packer/tutorials/hcp-get-started/hcp-push-artifact-metadata#create-hcp-packer-registry)
+
+You will need to add the following secrets to GitHub:
+- `HCP_ORGANIZATION_ID`
+- `HCP_PROJECT_ID`
+- `HCP_CLIENT_ID`
+- `HCP_CLIENT_SECRET`
+
+**NOTE**: You can track up to [10 buckets (images) for free](https://www.hashicorp.com/products/packer/pricing), but if you do not wish to, you can always comment out `hcp_packer_registry` block from the image build template file(s).
+
+
 ## Run Locally
 If you wish to run this locally without using GitHub Actions, you can do the following:
 
@@ -62,6 +75,8 @@ gcloud auth application-default login
 ```
 
 ```console
+packer init base_docker.pkr.hcl
+
 PKR_VAR_access_token='xxxxxxxxxxxxx' packer build -var 'project_id=myproject-123' -var-file=variables.pkrvars.hcl base_docker.pkr.hcl`
 ```
 

base-docker/base_docker.pkr.hcl

@@ -34,12 +34,27 @@ source "googlecompute" "base-docker" {
 
   image_family      = var.image_family
   image_name        = "docker-${var.arch}-base-${local.datestamp}"
-  image_description = "Debian 11 image with Docker-CE installed"
+  image_description = "Debian 12 image with Docker-CE installed"
 
   tags = ["packer"]
 }
 
 build {
+  hcp_packer_registry {
+    bucket_name = "gcp-gce-images-docker-base"
+    description = "Base Debian image with Docker-CE installed"
+
+    bucket_labels = {
+      "os"         = "Debian",
+      "os-version" = "Bookworm 12",
+    }
+
+    build_labels = {
+      "build-time"   = timestamp()
+      "build-source" = basename(path.cwd)
+    }
+  }
+
   sources = ["sources.googlecompute.base-docker"]
 
   # https://discuss.hashicorp.com/t/how-to-fix-debconf-unable-to-initialize-frontend-dialog-error/39201/2
@@ -69,7 +84,8 @@ build {
       "cd dynmotd && sudo ./install.sh",
       "cd ~ && rm -Rf ./dynmotd/"
     ]
-    pause_before = "10s"
+    pause_before = "30s"
+    max_retries  = 1
   }
 
   provisioner "shell" {
@@ -81,9 +97,10 @@ build {
       "echo '=============================================='",
       "sudo install -m 0755 -d /etc/apt/keyrings",
       "echo 'Adding Docker GPG key...'",
-      "curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg",
+      "sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc",
+      "sudo chmod a+r /etc/apt/keyrings/docker.asc",
       "echo 'Adding Docker apt repo...'",
-      "echo \"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable\" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null",
+      "echo \"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(lsb_release -cs) stable\" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null",
       "echo 'Rebooting...'",
       "sudo reboot"
     ]
@@ -100,8 +117,8 @@ build {
       "sudo apt-get install -y --no-install-recommends docker-ce docker-ce-cli containerd.io docker-compose-plugin",
       "sudo systemctl disable docker"
     ]
-    pause_before = "10s"
-    max_retries  = 5
+    pause_before = "30s"
+    max_retries  = 3
   }
 
   provisioner "shell" {

base-docker/variables.pkrvars.hcl

@@ -1,4 +1,4 @@
 zone                = "northamerica-northeast2-c"
 arch                = "amd64"
-source_image_family = "debian-11"
+source_image_family = "debian-12"
 image_family        = "custom-docker-base"

hashistack/consul_base.pkr.hcl

@@ -45,6 +45,22 @@ source "googlecompute" "consul-base" {
 }
 
 build {
+  hcp_packer_registry {
+    bucket_name = "gcp-gce-images-consul-base"
+    description = "Base Debian image with Consul installed"
+
+    bucket_labels = {
+      "os"             = "Debian",
+      "os-version"     = "Bookworm 12",
+      "consul-version" = var.consul_version,
+    }
+
+    build_labels = {
+      "build-time"   = timestamp()
+      "build-source" = basename(path.cwd)
+    }
+  }
+
   sources = ["sources.googlecompute.consul-base"]
 
   # https://discuss.hashicorp.com/t/how-to-fix-debconf-unable-to-initialize-frontend-dialog-error/39201/2
@@ -74,7 +90,8 @@ build {
       "cd dynmotd && sudo ./install.sh",
       "cd ~ && rm -Rf ./dynmotd/"
     ]
-    pause_before = "10s"
+    pause_before = "30s"
+    max_retries  = 1
   }
 
   provisioner "shell" {

hashistack/consul_server.pkr.hcl

@@ -45,6 +45,22 @@ source "googlecompute" "consul-server" {
 }
 
 build {
+  hcp_packer_registry {
+    bucket_name = "gcp-gce-images-consul-server"
+    description = "Base Consul image with server config"
+
+    bucket_labels = {
+      "os"             = "Debian",
+      "os-version"     = "Bookworm 12",
+      "consul-version" = var.consul_version,
+    }
+
+    build_labels = {
+      "build-time"   = timestamp()
+      "build-source" = basename(path.cwd)
+    }
+  }
+
   sources = ["sources.googlecompute.consul-server"]
 
   provisioner "file" {

hashistack/nomad_client.pkr.hcl

@@ -17,7 +17,6 @@ variable "image_family" {}
 variable "consul_version" {}
 variable "nomad_version" {}
 variable "java_package" {}
-variable "google_fluentd_version" {}
 
 
 locals {
@@ -48,6 +47,24 @@ source "googlecompute" "nomad-client" {
 }
 
 build {
+  hcp_packer_registry {
+    bucket_name = "gcp-gce-images-nomad-client"
+    description = "Base Debian (w/Docker) image with Nomad (client config), Consul, and Java installed"
+
+    bucket_labels = {
+      "os"             = "Debian",
+      "os-version"     = "Bookworm 12",
+      "consul-version" = var.consul_version,
+      "nomad-version"  = var.nomad_version,
+      "java-package"   = var.java_package,
+    }
+
+    build_labels = {
+      "build-time"   = timestamp()
+      "build-source" = basename(path.cwd)
+    }
+  }
+
   sources = ["sources.googlecompute.nomad-client"]
 
   provisioner "shell" {
@@ -200,15 +217,16 @@ build {
     inline = [
       "echo '=============================================='",
       "echo 'INSTALL LOGGING & TETRAGON PRE-REQS'",
+      "echo 'https://cloud.google.com/stackdriver/docs/solutions/agents/ops-agent/installation#optional-tasks'",
       "echo '=============================================='",
-      "curl -L -o /tmp/add-logging-agent-repo.sh \"https://dl.google.com/cloudagents/add-logging-agent-repo.sh\"",
-      "sudo bash /tmp/add-logging-agent-repo.sh --also-install --version=${var.google_fluentd_version}",
+      "curl -L -o /tmp/add-google-cloud-ops-agent-repo.sh \"https://dl.google.com/cloudagents/add-google-cloud-ops-agent-repo.sh\"",
+      "sudo bash /tmp/add-google-cloud-ops-agent-repo.sh --also-install",
       "sudo mkdir -p /var/log/tetragon",
-      "echo 'export no_proxy=169.254.169.254' | sudo tee -a /etc/default/google-fluentd",
-      "sudo systemctl disable google-fluentd.service",
-      "sudo rm /tmp/add-logging-agent-repo.sh"
+      "echo 'DefaultEnvironment=\"NO_PROXY=http://metadata.google.internal\"  # Skip proxy for the local Metadata Server.' | sudo tee -a /etc/systemd/system.conf",
+      "sudo systemctl disable google-cloud-ops-agent.service",
+      "sudo rm /tmp/add-google-cloud-ops-agent-repo.sh"
     ]
-    max_retries = 3
+    max_retries = 1
   }
 
   provisioner "shell" {

hashistack/nomad_server.pkr.hcl

@@ -45,6 +45,22 @@ source "googlecompute" "nomad-server" {
 }
 
 build {
+  hcp_packer_registry {
+    bucket_name = "gcp-gce-images-nomad-server"
+    description = "Base Consul image with Nomad (server config) installed"
+
+    bucket_labels = {
+      "os"            = "Debian",
+      "os-version"    = "Bookworm 12",
+      "nomad-version" = var.nomad_version,
+    }
+
+    build_labels = {
+      "build-time"   = timestamp()
+      "build-source" = basename(path.cwd)
+    }
+  }
+
   sources = ["sources.googlecompute.nomad-server"]
 
   provisioner "shell" {

hashistack/variables.pkrvars.hcl

@@ -1,6 +1,6 @@
 zone = "northamerica-northeast2-c"
 arch = "amd64"
 
-consul_version = "1.19.2"
-nomad_version  = "1.8.4"
-vault_version  = "1.17.6"
+consul_version = "1.20.1"
+nomad_version  = "1.9.3"
+vault_version  = "1.18.2"