We use Packer to create VM images on GCP with the latest required software installed. The images are used to create secure VMs for next steps.
Packer will
- create a VM on Google Cloud Platform (GCP)
- run our scripts to update and install software (e.g., Docker, Prometheus, ContainerSSH) on the VM
- take a snapshot of the VM and store it as an image on GCP
- delete the VM
Two images are created:
ubuntu-with-docker-imagefor Gateway VM and Logger VMsacrificial-vm-imagefor Sacrificial VM
- A GCP account
- Install
gcloud CLIand initalize it withgcloud init - Install Packer
-
Init GCP if you haven't
gcloud auth application-default login
-
Set up default GCP account
# Create service account `deployer` gcloud iam service-accounts create "$SERVICE_ACCOUNT_NAME" \ --description="service account for running github actions" \ --display-name="GitHub Actions" \ --project "$PROJECT_ID" gcloud projects add-iam-policy-binding "$PROJECT_ID" \ --member="serviceAccount:"$SERVICE_ACCOUNT_NAME"@$PROJECT_ID.iam.gserviceaccount.com" \ --role="roles/compute.instanceAdmin.v1" gcloud projects add-iam-policy-binding "$PROJECT_ID" \ --member="serviceAccount:$SERVICE_ACCOUNT_NAME@$PROJECT_ID.iam.gserviceaccount.com" \ --role="roles/iam.serviceAccountUser" gcloud projects add-iam-policy-binding "$PROJECT_ID" \ --member="serviceAccount:$SERVICE_ACCOUNT_NAME@$PROJECT_ID.iam.gserviceaccount.com" \ --role=roles/iap.tunnelResourceAccessor
For alternative login methods, check out Packer - Authentication.
-
Initialize Packer at
./packerpacker init .
Run
./run.shImages should be built to your default GCP project.
-
You may need to enable some GCP services if it is your first time to use GCP. Follow the links in error logs and enable them.
-
Flaky
packer build -force
Solution: rerun the command. There are strange errors sometimes and we don't yet know how to solve it :P -
Red text in log
Answer: It's an expected behavior caused by set -xin our bash scripts!!
See here